Simon Pope, principal security group PM manager, Microsoft Security Response Center (MSRC), chats about the most recent changes in the threat landscape, the acquisition of Adallom, and some of the takeaways from Microsoft for attendees at Black Hat Europe 2015.
Q: Simon, Microsoft just acquired Adallom which you described as an innovator in cloud security and a leader in helping customers protect their critical assets across cloud applications. What benefits can Microsoft customers expect to see from that acquisition?
Simon Pope: With more frequent and advanced cybersecurity attacks continuing to make headlines, customer concerns around security remain top of mind. These concerns pose real challenges for IT which is charged with protecting company data in this rapidly evolving mobile-first, cloud-first world. In this world, identity is a critical control plane for managing and protecting access to applications and data.
Adallom expands on Microsoft's existing identity assets, and delivers a cloud access security broker to give customers visibility and control over application access as well as their critical company data stored across cloud services. As a cloud-delivered, security-as-a-service solution, Adallom will complement existing offerings that Microsoft makes available today as part of Office 365 and the Enterprise Mobility Suite (EMS), including our recent Microsoft Advanced Threat Analytics release.
Q: In your most recent Security Intelligence Report, you talk about the threat landscape evolving in "at least a few important ways," including commercial exploit kits continuing to be popular tools among attackers, and a new feature in IE blocking the use of out-of-date Java. What other important security threats are you seeing now that might show up in the next Security Intelligence Report?
Pope:In terms of the evolving threat landscape, attackers are working harder and faster than ever to try to find security vulnerabilities before they are addressed. The time between the release of a security update and when an exploit for that update (if one is possible) is added to a commercial exploit kit has been compressed dramatically over the years -- what used to take weeks or months now can happen in a matter of days. This is why keeping all the software on your system up-to-date with the latest security updates and running newer software wherever possible makes it much more difficult for the bad guys to be successful.
We're also seeing some return to tactics of years past, where attackers are using the macro-based attacks of old, along with some clever social engineering that entice users to run the macros when the documents are opened. Another trend is the increased attention black hats are directing to finding kernel elevation of privilege zero-days as the robustness and ubiquity of sandboxes are blunting the effectiveness of many of their attacks. The good news is that attackers are being forced to adapt in the face of effective mitigations and product and service hardening.
Q: What will Black Hat Europe 2015 attendees learn from Microsoft this year? Give me some insight into some of the takeaways.
Pope: Attendees will be able to learn more about how we build security into our products and services from the start. Our software development starts with the Secure Development Lifecycle (SDL) which embeds security requirements into every phase of the development process, and is supported in service operations by the security guidelines laid out in the Operational Security Assurance (OSA) process.
Q: Once again, Microsoft is sponsoring the Business Hall Lounge at Black Hat as you did at Black Hat USA 2015. What do you believe are the benefits of that sponsorship?
Pope: Black Hat is attracting some really fantastic talks and a number of new security researchers. At Microsoft, we're committed to innovation and helping to protect our customers, and we want to partner with the European security community more closely and learn from their research. We strongly believe that it is critical for us to collaborate and create a strong security community with our customers and with security researchers worldwide. At the same time, it's important for us to hear about the latest security research, and to meet and share perspectives with the world's leading security experts.
Black Hat's Business Hall Lounge gives us a unique opportunity to reach out and meet many talented security researchers -- and continuing to recruit the best and the brightest of these into Microsoft. We are hiring across the company with the ongoing goal of helping to protect our customers -- a community of users who span the globe and number in the hundreds of millions.
Sponsoring the Lounge also helps us understand the needs of security researchers and our partners in a more informal setting, and so I'd like to take this opportunity to invite Black Hat Europe attendees to join us at the Microsoft Networking Lounge to relax, network, have a drink, and chat with us.
Jovan Golic, action leader for Privacy, Security & Trust, and Janne Järvinen, Future Cloud action line leader – both at EIT Digital – discuss their STD Federated Test Bed Initiative, and what made them decide once again to be a Platinum Sponsor of Black Hat Europe 2015.
Q: Jovan and Janne, last year during Black Hat Europe 2014, we discussed EIT ICT Labs which described itself as one of the first knowledge and innovation communities set up by the European Institute of Innovation and Technology as an initiative of the EU. This year you've become EIT Digital and two Action Lines -- PST and CLD -- participate in Black Hat Europe 2015. What has changed in one year?
Jovan Golic & Janne Järvinen: Well, apart from a more convenient name, we still have the same eight thematic action lines, among which are Privacy, Security & Trust (PST) and Future Cloud (CLD).
Recall that EIT Digital is one of the five Knowledge and Innovation Communities (KICs) set up by the European Institute of Innovation & Technology (EIT). It operates as a network of member partners, both from industry and research and academic institutions, that are determined to utilize the EIT funds together with their own co-funding towards the end of changing the ICT landscape in EU.
The Privacy, Security & Trust action line is about putting into practice innovative privacy, preserving and securing information technologies to protect sensitive data and the privacy of individuals in the Information Age. Its mission is to support users and businesses in protecting their digital assets and transactions with robust and safe products and services that realize data privacy and security. It is thus transversal to other action lines. It promotes business opportunities in this area by fostering a proactive approach deploying trustworthy and transparent innovative technologies, bridging the gaps between available techniques and practice, encouraging the security-by-design and privacy-by-design paradigms, and leveraging the recognized expertise and creativity of European players. Without trustworthy privacy solutions in cyberspace, one cannot hope to achieve real cyber security. Namely, if sensitive data are not protected or controlled by the users, then such data are exposed to cyber attacks and abuses and, hence, there could be no cyber security. PST action line also supports a more traditional, reactive approach to cyber security, based on data monitoring and analytics and attack detection and mitigation, especially in mobile communications, applications, and services.
The Future Cloud action line focuses on advancing trusted cloud and big data innovative solutions in Europe, since many services are based on the cloud, and businesses and critical infrastructures are becoming increasingly dependent on it. This year, CLD action line has launched a Trusted Cloud high-impact initiative aiming at building European trustworthy solutions for storing digital data and contents, so that consumers and businesses in Europe do not have to worry about where and by whom their valuable digital age assets are handled. The outcome will be a continuously expanding ecosystem of players sharing a common goal of including security and privacy as part of the value promise to their customers. The outputs will include technical or business elements, such as trust elements to be integrated in applications or services, trusted data/content platform services, as well as direct services to SMEs and consumers.
Since both action lines deal with innovative business solutions ensuring privacy, security, and trust in cyberspace, and Black Hat Europe 2015 is a major event dedicated to cyber security, no wonder that we decided to collaborate together on leveraging this event in order to promote the activities and results of EIT Digital in this area.
Q: You recently kicked off your SDN Federated Test Bed Initiative from your hub in San Francisco. I know you've been working on preparing it for some time. What are you hoping it will achieve, especially on such initiatives as IoT and smart cities?
Golic & Järvinen: EIT Digital Action Line Future Networking Solutions has Software Defined Networks (SDN) as one of its priorities since SDN can improve utilization and flexibility of the network investments via decoupling network logic and policies from the hardware. SDN are expected to open up disruptive business opportunities which will attract the attention of operators, large equipment manufacturers, and SMEs worldwide. In particular, this relates to smart cities and the Internet of Things (IoT) where the manageability, flexibility, and integration of SDN are crucial to achieve the desired levels of scalability, ubiquitous communications, and wide user acceptance. It is worth noticing that user-friendly generic IoT is another priority of Future Networking Systems action line, whereas smart cities are covered by the Urban Life & Mobility action line.
Through its San Francisco hub, EIT Digital has recently launched an SDN project aiming at creating a Federated Test Bed that can be used by participating companies and third parties to experiment and certify SDN equipment, functions, and services. Deutsche Telekom, Telecom Italia, University of Bologna, and Turin Polytechnic have already committed resources, and agreements are being discussed with several other partners, including AT&T, Ericsson, Huawei, and ON Lab. The Federated Test Bed is planned to be operational at the end of 2015 and will expand in 2016 opening to third parties. EIT Digital will be investing in 2016 to set up a SDN Certification Centre using the Federated Test Bed facilities. Furthermore, EIT Digital has won the EU bid with the SOFTFire project to develop a distributed SDN/NFV test bed in Europe and to connect it to other test beds in the U.S. and Asia.
Q: Tell me about how you will be participating in Black Hat Europe 2015. What can visitors to the conference expect to see and hear from EIT Digital? What will be the takeaways?
Golic & Järvinen: The focus of the CLD action line is to showcase its flagship project -- the Trusted Cloud high-impact initiative. It is an ambitious approach to building European trustworthy solutions in this area, very attractive both for businesses and consumers. We are seeking more partners to gain wide European coverage for creating a trustworthy ecosystem that really matters in fostering new business opportunities around trusted cloud services.
The objective of the PST action line is to present the main innovation and business challenges and solutions addressed by the action line and its innovation projects in 2015, three of which continue from 2014. The continuing projects aim at developing and bringing to market innovative services or products for privacy, antifraud, and antivirus protection on mobile platforms, for Advanced Persistent Threats (APT) protection on mobile and Web platforms based on sophisticated anomaly detection agents, and a platform and services for cross-border federated and privacy-aware ID management in EU targeting both public and private sectors. The new projects include privacy protection via disruptive yet practical fully homomorphic encryption techniques for several use cases including, on one hand, e-health, intrusion detection, and social intelligence, and, on the other hand, development of privacy-aware mobile and Web crowdsourcing platforms.
We would like to find businesses and customers interested in buying our products and services, to attract new partners potentially interested in cooperation with or within EIT Digital in the area of privacy and security, and also to raise the awareness about the problems and solutions in this area of ever-increasing interest.
Q: You are a Platinum Sponsor of the Black Hat Europe 2015 Conference. What made you decide to support the conference again -- and what do you believe you're getting from that support?
Golic & Järvinen: Black Hat Europe is a premium forum for cyber security which attracts an influential audience both from the academic world and industry, and both from public and private sectors. A major objective of EIT Digital is to create a community of start-ups, SMEs, and enterprises that are interested in developing and deploying innovative solutions in the area of data security and privacy, thus fostering economic growth and improving quality of life in Europe and worldwide. Being a Platinum Sponsor of Black Hat Europe is expected to help us reach that objective.
Large-scale adoption of digital devices and services in data-driven economies -- like in e-health and smart cities -- requires users' trust both in the technology and the entities involved in the process. This trust and privacy are seriously threatened by the existing practices and growing cyber attacks which need to be addressed both reactively and proactively in a timely manner.
In 2014, we found out that many Black Hat Europe participants were, in fact, not even aware of the existence of EIT ICT Labs (now EIT Digital), let alone the innovative technologies we are developing and pushing to market in order to significantly influence the trends in the cyber security business and practices. This year we continue our efforts and strengthen them by highlighting and showcasing our activities heading towards the Trusted European Cloud.
Olivier Boireau, CEO and founder of Design SHIFT, talks about the release of his company's unique, secure ORWL desktop computer, what's on the drawing boards at his design house, and his expectations as a first-time Black Hat sponsor.
Q: Olivier, for readers who aren't familiar with Design SHIFT, tell me a bit about your company, starting with what sounds like a unique design philosophy.
Olivier Boireau: We started Design SHIFT as a design house in 2009 and we were lucky to design several amazing products. We have been working together for six years now and expanded with an office in Taiwan to get closer to design manufacturers. This allowed us to develop a significant HW design activity with various technologies providers, silicon vendors, SW partners, and top manufacturers.
Q: Your ORWL desktop computer is unlike any other PC having been designed using banking technologies to protect and encrypt its data ... and the fact that it is an Open Hardware and Open Source computer. Describe the ORWL -- especially some of its fascinating data protection features.
Boireau: Over the last 15 months, Design SHIFT has been working on ORWL, a secure computer/secure access point which combines many of the technologies with which we gained experience in our previous developments. Most computer systems -- regardless of excellent security, strong cryptography, and security conscious configuration -- are vulnerable to physical attacks. As soon as somebody has physical access to your PC, it can no longer be trusted. We are creating ORWL to address this.
Open source/Open HW is mandatory to provide the community the opportunity to review what we are implementing. We think a tamper-proof computer is the first step for digital privacy that is needed in many applications.
Q: Going forward, what is on the Design SHIFT drawing board? What will you be showing at Black Hat Europe?
Boireau: We will show the first proto of our ORWL device and demo the basic features. We will also present the details of the device.
Q: This is your first Black Hat. What made you decide to be a sponsor and what do you hope to get out of both sponsoring and attending the conference?
Boireau: Our main goals are to get the attention of a technical crowd and to get their feedback. We also want to network and get people interested in our work. We want to share our project with more people, and to find new partners and new applications.