Last week in San Francisco, more than 43,000 people headed to the RSA Conference to learn, collaborate and talk about the role cybersecurity plays in today's society — and where it's headed next. Topics varied, but two areas that came up again and again included the need for new approaches to endpoint protection, and how to reduce cost and simplify existing security solutions to help address the lack of security professionals available for employment.
As Austin's cybersecurity industry continues grow, we caught up with three local tech companies to get a pulse on what the industry looks like now and what's to come.
With clients that include Facebook, NASA, Toyota, Twitter and Virginia Tech, Duo Security's solutions make sure only authenticated users and devices get access to an organization's data. Jon Oberheide, Duo's CTO and co-founder, filled us in on how Duo has protected businesses large and small against attackers.
What do you think is the biggest issue in cybersecurity today?
Attackers have realized that going after employees and users who access company data is the easiest way to breach organizations, rather than attacking the organization itself. When an attacker can send a single phishing email to break into any organization, it's clear that defenders are not sufficiently equipped to protect their users.
Who are the key “bad guys”?
It varies between hacktivism, cybercrime, and nation state attacks. While the motives of attackers may greatly differ, the defenses organizations deploy shouldn't. Defenders need to focus on security fundamentals regardless of the adversary they face. It may surprise you to know the National Security Agency (NSA) and a teenager hacktivist use the same techniques to break into organizations.
How do Duo's solutions stop them?
Duo protects organizations by ensuring their users' access is secure. In other words, making sure that the user is who they say they are, that their laptop, cell phone, tablet or other device is safe and up-to-date, and that they can securely access all corporate applications. We provide the basic security hygiene that every organization needs so that their users can be safe and productive.
What differentiates your solution from others?
Ease of use, for both end users and IT administrators. In the past decades, security has been designed for networks, systems, and applications. In the modern day, we must design security for people. Security needs to be easy to be effective.
What's to come in the future of the industry?
Despite the increasing number of breaches in the headlines, security is actually getting better and is being built in to our devices and applications. Strong, usable authentication is available. Consumer devices like iOS are more secure than even governments had a few years ago. These technologies will continue to improve and greatly raise the bar for attackers trying to breach organizations.
NSS Labs mitigates the risk of attack by giving clients visibility into the phases of a cyber attack (the "cyber kill chain") and deploying automated insights when there is an active threat. Founded in 1991, their clients include Intel, Goldman Sachs, Exxon Mobil and Wells Fargo. Amy Pace, NSS's director of product marketing, talked to us about today's key issues and how their platform helps businesses predict breaches before they occur.
What do you think is the biggest issue in cybersecurity today?
Enterprise security teams can barely keep their head above water. They are drowning in data, yet starving for relevant intelligence that’s actually of use to them. These security teams are inundated with data that’s either redundant or irrelevant to their specific environment.
Couple this with being short-staffed and still relying on many manual processes, it’s becoming impossible to sift through and analyze all the threat data coming at them every day. There are far too many false alerts and “white noise” for security teams to effectively prioritize and surface real threats in a timely manner.
Who are the key “bad guys”?
Today’s “bad guys” are well-organized, well-funded criminal organizations. And, while there have been a lot of recent headlines around Russia and state-sponsored attacks against the U.S. government, which are undoubtedly very serious and real threats, the majority of cyber-attacks are purely profit-driven.
The unfortunate reality is that cybercrime has become a very lucrative business. In fact, cybercrime can now be consumed on-demand as a cloud-based service, making it easier than ever for bad actors to carry out a cyber-attack. One can now “rent” an exploit kit or piece of malware from these illicit service providers to launch an attack, such as a ransomware attack, which happens to be the fastest growing segment of cybercrime.
How does your solution stop them?
The CAWS Cyber Threat Protection Platform can show where the attackers will strike so enterprises can stop breaches before they happen. It does this by continuously validating what threats are active on the internet, which specific platforms and applications are being targeted, and whether those threats can bypass the specific security defenses that are in place. The result is preemptive, customer-specific threat intelligence — enabling security teams to effectively prioritize and act with pinpoint precision to stop threats before damage is done.
What differentiates your solution from others?
What sets CAWS apart from any solution on the market is its live-threat capture, harvest and replay architecture, known as BaitNET™, which provides 24/7 real-time analysis of active threats in the wild, detailing the exact way exploits deliver their payload to victims. The key difference is that CAWS is able to mimic the specific customer environment to deliver truly contextual threat intelligence, which is continually validated through our proprietary “replay” technology, resulting in near zero false positives.
What's to come in the future of the industry?
The need for more skilled cybersecurity professionals has become a major problem for organizations. Recent studies have cited over one million security-related jobs remain unfilled, and demand continues to grow. Fortunately, many colleges/universities have taken notice and are now offering cybersecurity-focused courses and degrees, which they have started to actively promote at high-profile security conferences, such as RSA.
However, even with this newly fueled initiative from universities and higher learning institutes to train students to become skilled cyber security warriors, it is likely this shortage will go on for years. This has lead the industry to push development and evolution of threat platforms that can drive more automation and orchestration around threat discovery, analysis, and response to effectively operationalize cybersecurity and reduce the challenges faced by under-staffed, resource-strapped security teams.
Rapid7 is headquartered out of Boston. The cyber security company utilizes broad datasets to determine how secure company systems are and address areas that may be vulnerable. They support companies like Netflix, Macy's, Microsoft and LG. Their Austin-based team specifically works on an open-source platform called Metasploit, which simulates hacker attacks on your network. Lee Weiner, Rapid7's CPO, said communication is one of the toughest challenges faced by the industry.
What do you think is the biggest issue in cybersecurity today?
One of the biggest challenges the industry — at a very broad level — has is the ability to effectively communicate and articulate what is happening, what needs to be done and why. It's a pretty complex technical field and for non-technical people to understand that is pretty difficult actually. If you think a lot about what goes on outside of the technical community, whether it's legal fields or policy, explaining the dynamics of what is happening with cyber security attacks and how to defend them is a really big challenge.
We even see this when we go talk to our customers about how they engage with their board. The board is asking them questions around "help us understand the risks around cybersecurity for the business," and the ability for management oftentimes to explain that to the boards is limited.
Who are the "bad guys"?
The typical categories include cyber criminals — which is the majority of what you see out there. There's nation-state actors that are looking to engage in cyber espionage, and the other one is hactivism, which is using technology to make a point. Inside threats do come up as well, but come up the least out of the categories.
How do Rapid7's solutions stop them?
We provide technology and services to help our customers answer three questions. The first is "Am I vulnerable?" If there are vulnerabilities like configurations that could allow someone to gain access to your network, we identify that for your business, tell you what to do about it, and how to address it. The second is "Am I compromised?" So we can actually detect when an attack is happening and help you investigate. The last question we help answer is "Am I optimized?" We help you to optimize your security and IT practice to improve metrics, how you report on information to other constituents and overall communication.
What differentiates your solution from others?
There are two key things. The first is that we integrate. To do this well, you need to collect a lot of data from an organization. We collect a broad set of data and integrate all of it to give people a unified solution as opposed to point-specific solutions
The second is we provide very approachable, easy to use technology and solutions with a strong focus on the experience that the security engineer operations person will have. This industry has been ridden without a huge focus on user experience, and we invest quite heavily in the way that we build products for users and how we design our technology for users.
What does the future hold for cybersecurity?
The big piece is automation. A lot of what we’ve built has been great around improving the ability to understand and manage risk and improve detection and investigation. But I think we need to get to a place where we can automate the remediation and the actual reduction of the risk that organizations have. It’s a little bit too manual. The cyber security talent gap is very wide. There's not enough cyber security professional to perform all of the tasks that are required, so I think automation is a big part of how we improve that.