UPDATED 16:30 EST / AUGUST 11 2023

SECURITY

At Black Hat, getting past enterprise cybersecurity ‘Oh sh*t!’ moments

The annual enterprise cybersecurity conference Black Hat exploded into Las Vegas this week, giving the Moscone-constrained RSA Conference earlier this year a run for its money.

On the one hand, cybersecurity’s popularity is understandable. Bad actors continue to innovate, and threats continue to proliferate. The cybersecurity needs of organizations continue to multiply as a result.

On the other hand, why haven’t the vendors gotten a handle on cybersecurity by now? After all, they’ve been working on the problem for years. Given the expanding exhibit floor at Black Hat, there appears to be no shortage of cybersecurity vendors ready to address the problem.

After interviewing more than a dozen of the most interesting vendors at the conference, a pattern emerged: The cybersecurity product landscape has become overly fragmented. There are simply too many vendors in too many market categories, as the large analyst firms encourage the vendors to sort themselves into this bucket or that.

This fragmentation and the resulting complexity play into bad actors’ hands. Hackers love to exploit the cracks between security products – and there are plenty of cracks. How should enterprises plug them?

How next-gen cybersecurity vendors are plugging the cracks

You can’t fix the cracks in your cybersecurity posture unless you can see them, so the first step will always be a comprehensive scan to build an inventory of the items in question.

For example, Reco Labs uses AI to identify suspicious human behavior patterns among interactions with software-as-a-service applications. After scanning relevant customer data, Reco then categorizes the results by level of sensitivity.

Reco then delivers an explicit risk profile for all SaaS interactions across the organization. According to Ofer Klein, CEO of Reco, this risk profile gives customers an “oh shit!” moment as they realize just how many human behaviors across their organizations are unnecessarily risky.

Sentra Inc. performs similar scans for its customers, focusing on the data in the organization’s cloud databases, data warehouses, and anywhere else data might reside in the cloud.

As with Reco, Sentra classifies data by sensitivity and gives them the appropriate security context (which data are encrypted, what is the data’s exposure level, who can access which data and the like).

Sentra can even find “shadow data,” data that are hidden from the view and management of the information technology organization.

Phosphorus Cybersecurity can provide the same type of enlightenment for the extended internet of things, or xIoT. The company secures embedded devices from factory equipment controllers to medical devices to cameras.

The first step: Phosphorus scans its customers’ environments to identify and analyze all embedded devices. The result: Customers are surprised by how many devices were entirely off their radar.

Phosphorus identifies and fixes out of date firmware, insecure passwords, expired certificates and other cyberhygiene issues. Many enterprises have no idea how prevalent such issues are across their IT and operational technology estates.

Sometimes the cracks are between the cybersecurity products themselves. Enterprises run dozens of such products, leaving it up to various teams to configure and manage them.

Although modern cybersecurity offerings all tout how they integrate with each other, properly configuring them to work together often falls through the cracks.

Veriti Security Ltd. tackles this cybersecurity configuration problem by identifying the business impact of each misconfiguration in order to prioritize and mitigate them.

In many cases, bad actors intentionally try to hide in the cracks between cybersecurity products, counting on the fact that organizations have siloed teams using separate tools to obfuscate their actions.

Vectra AI Inc. combined AI with its experience in the network detection and response market to uncover patterns of behavior on the network that might take advantage of fragmented detection signals that might confuse analysts or avoid detection altogether. It’s especially effective in hybrid environments, as malware might undergo lateral movement from, say, one cloud to another.

Sometimes the cracks between cybersecurity products are at the user interface, as users interact with a variety of technologies across numerous different devices.

Seraphic Ltd. has identified a common thread across most such interfaces: JavaScript. JavaScript engines have been in browsers since the mid-1990s. Seraphic helps to secure all modern browsers.

JavaScript engines, however, extend past browsers to all manner of modern applications, even when they don’t run explicitly in a browser. Seraphic thus complements tools like endpoint detection and response or EDR and secure access service edge or SASE, giving organizations a way to control and manage JavaScript-related security issues across most user applications.

While other cybersecurity products might focus on one part of the software infrastructure or another, IONIX Inc. covers the gamut of the infrastructure supply chain. For example, a single application might leverage a content delivery network, a DNS server, a load balancer and virtual machines in a cloud.

IONIX scans its customers’ infrastructure to build a comprehensive graph of such dependencies in order to assess security weaknesses across the infrastructure. The platform is thus able to determine the “blast radius” of any vulnerability in order to prioritize and often remediate any issues it finds.

Think horizontally

The common theme across these vendors’ offerings is a horizontal perspective – conducting scans across different applications, infrastructure components, or devices to uncover previously unknown weaknesses.

Not only do these products give customers their “Oh shit!” moments, but they also provide insights into mitigation – not just for individual vulnerabilities, but across the entire cybersecurity landscape in question.

Given the problems with the surplus of cybersecurity products on the market today and the fragmentation that results, organizations would be prudent to take such a horizonal perspective.

Jason Bloomberg is founder and president of Intellyx, which advises business leaders and technology vendors on their digital transformation strategies. He wrote this article for SiliconANGLE. None of the organizations mentioned in this article is an Intellyx customer.

Photo: Black Hat Events/Twitter

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU