This week, RSA is taking place across the country in San Francisco. The event is the largest in the cybersecurity world and is attended by IT managers, MSPs and MSSPs. The conference did have a few large companies pull out as a result of the Coronavirus. Verizon, IBM and AT&T – all major players in the cybersecurity consulting space.
The remaining companies have been putting out a ton of news. These come in two basic flavors – product-related – new versions or new solutions as well as those of the research variety.
One of the more interesting articles came from Keysight – the company announced research which shows 50% of organizations find out their security solutions are not working as expected – after they have been breached.
There has been a ton of funding news around the show – Huntress just got $18 million to sell cybersecurity solutions via MSPs.
Sophos Chief Product Officer Dan Schiappa said that as the industry has met the challenge of mass-market hacking, skilled, hands-on adversaries have taken to using ransomware for highly targeted attacks.
Highly-skilled attackers try to find visibility gaps in an organization’s defenses, Schiappa said, hiding malware and other exploits in channels that are typically unexamined. Small businesses too often fail to realize that they might be the target of highly sophisticated attacks due to their position in a more prominent company’s supply chain, according to Schiappa.
In other news, the initial spike in passwordless tools has neither reduced security risks nor lowered help desk costs since users are still required to enter their password from time to time and are more likely to forget it since they’re using it less often, Jim Ducharme, vice president of identity and fraud and risk intelligence for RSA Security said. Nowadays, if people forget their passwords, a weaker mechanism is used to verify their identity such as entering their mother’s maiden name, Ducharme said.
A more secure enrollment and recovery process would enlist a trust mechanism between two people where, for instance, a person who forgets their token can only re-enroll once they receive an invitation with a QR code from a trusted third party such as a colleague, according to Ducharme. Identity confidence scoring can also protect higher-risk applications by banning unapproved temporary access.
Zero-trust network access will revolutionize cloud migration by reducing or eliminating the network attack surface when a user is connecting to an application in the cloud, according to Al Caravelli, Zscaler’s vice president of worldwide channels and alliances. In the past, Caravelli said companies needed to enter the network and use a VPN in order to securely access the cloud.
But zero-trust network access greatly reduces the likelihood of a credential breach from a contractor since no IPs are ever published and third parties wouldn’t have access to the network or any applications, Caravelli said. By eliminating the attack surface, Caravelli said zero-trust network access puts users ahead of the adversary.
Meanwhile, in product-specific news, updates to the SailPoint Predictive Identity Platform will give customers a simplified way to define and deliver the right access to users no matter how quickly an organization evolves. The new SailPoint Access Modeling service speeds the creation of roles across the business, utilizing artificial intelligence to identify similar groupings of users and access to suggest potential roles, according to the company.
With this new capability, SailPoint said it will dramatically simplify the deployment and day-to-day management of a role-based identity governance program. This ensures that as any type of user joins or moves within the organization, their access rights will evolve with them automatically and without the overhead of traditional approaches to access modeling, according to SailPoint.
Enhancements to CyberArk Endpoint Privilege Manager extend credential theft protection on the endpoint and defend against credential theft on workstations and servers by further reducing attacker dwell time and blocking lateral movement. The new deception feature enables defenders to quickly detect and proactively shut down in-progress attacks, according to CyberArk.
CyberArk helps break the attack chain at the initial point of entry by providing a deliberate and controlled way to track and mislead potential attackers, mitigate the exploitation of privileged credentials, and reduce dwell time.
The best summary of the event so far is likely that the threats are getting more dangerous and targeted while the tools are getting more complex. In addition, the tools which companies purchase, don’t do exactly what they think they are doing.
This reminds us of the importance of hiring a solid partner – a top MSP or MSSP who has real-world cybersecurity experience and happy customers. The threats are getting worse and companies need to realize they are a hacker’s dream and take action before they get infected with ransomware or worse.