Skip to content

Posts tagged ‘Centrify’

Dissecting The Twitter Hack With A Cybersecurity Evangelist

Dissecting The Twitter Hack With A Cybersecurity Evangelist

Bottom Line: Shattering the false sense of security in tech, the recent Twitter hack blended altruism, fame, greed, social engineering via SIM swapping and insider threats to steal $120,000 from victims when the economic and political damage could have been far worse.

Targeting the most influential celebrities on Twitter, hackers orchestrated a social engineering-based attack Wednesday promoting a cryptocurrency scam. Business leaders, celebrities, politicians and billionaires’ accounts were hacked using Twitter’s administrative tools. Personal Twitter accounts hacked include those of Amazon CEO Jeff Bezos, Joe Biden, Tesla CEO Elon Musk, President Barack Obama, Bill Gates, Warren Buffet and others. Apple and Uber’s Twitter accounts were also hacked.

Using SIM swapping, in which threat actors trick, coerce or bribe employees of their victims to gain access to privileged account credentials and administrative tools, hackers were able first to change the email address of each targeted account. Next, two-factor authentication was turned off so when an alert was sent of the account change it went to the hacker’s email address. With the targeted accounts under their control, hackers began promoting their cryptocurrency scam. While not all details of the attack have surfaced Motherboard’s story of how hackers convinced a Twitter employee to help them the hijack accounts makes for fascinating reading.

Dissecting The Hack

Interested in dissecting the hack from a cybersecurity standpoint, I contacted Dr. Torsten George, Cybersecurity Evangelist and industry expert from Centrify. Torsten is also a leading authority on privileged access management and how to thwart breaches involving privileged access credentials.

Louis:  What was your initial impression upon breaking news of the hack and what did you believe would cause such a massive hack of celebrity and leading political figures accounts this past week?

Torsten: When the news broke, the media probably polled other security experts and the first initial reaction was, ‘Oh, that’s a massive attack, most likely a credential-based attack,’ because 80% of today’s data breaches go back to privilege access abuse. They are typically first triggered by phishing attacks, the precursor to many attacks where the attackers tried to capture these credentials and then leverage them to attack their victim’s organizations.

So, the breaking news indicated that most likely, somebody was able to leverage a compromised credential to enter into the Twitter environment and take over accounts. However, more and more information became available, with screenshots being shared of internal Twitter tools. For me, that raised a red flag, because in a typical attack pattern we’re seeing three distinct phases in the cyber-attack lifecycle: the compromise, the exploration phase and the exfiltration of sensitive data, which includes covering up tracks and potentially creating a backdoor for future attacks.

When performing reconnaissance, hackers commonly try to identify regular IT schedules, security measures, network traffic flows and scan the entire IT environment to gain an accurate picture of the network resources, privileged accounts and services. Domain controllers, Active Directory and servers are prime reconnaissance targets to hunt for additional privileged credentials and privileged access.

They wouldn’t necessarily look for administrative tools that could be leveraged for their attack unless they have intimate knowledge that those tools exist in the victim’s environment — be it by having worked for the company in the past or representing an insider threat.

Louis: What’s the anatomy of an insider attack, based on your experience?

Torsten: As was later confirmed by Twitter, it became very apparent that this is a case of insider threats, where you have an insider that has been leveraged for this attack. The most common insider threats can be defined by the intent and motivation of the individuals involved. The 2019 Verizon Insider Threat Report defines five distinct insider threats based on data breach scenarios and they all have excellent, accurate names: the Careless Worker, the Inside (often recruited) Agent, the Disgruntled Employee, the Malicious Insider and the Feckless Third-Party.

Considering the global environment we’re facing right now, with Covid-19 and other related economic hardships, the risk of insider threats is exacerbated, as pending furloughs or pay cuts may tempt employees to exfiltrate data to secure a new job or make up for income losses.

So a privileged administrator might be more open to people that approach them and say, ‘Would you be willing to share with us your access credentials, or would you do something on our behalf to exfiltrate data or to manipulate data?’ That risk has increased dramatically across all industries.

So it turned out the first suspicion was phishing attacks, followed by compromised credentials. It turns out to be an insider threat. Organizations need to be prepared for that.

Louis: What can companies do to reduce the likelihood a malicious insider will hack them?

Torsten: It becomes a little bit trickier when you deal with a malicious insider because they most likely know your environment, they might know your defense mechanisms and they might know the security tools that your likely using. So they can bypass these security controls and try to gain the control of data that they can then profit from.

Organizations have to rethink the way that they’ve structured their defense controls and truly take an approach of an in-depth strategy with a different layer of defenses. The first layer that comes to mind in this particular case is multi-factor authentication (MFA) which is still low-hanging fruit. There are still many organizations out there that are not taking advantage of implementing MFA.

While MFA is highly recommended, it isn’t as effective against insider threats because they have that second factor of authentication and can pass those challenges. Organizations need to go beyond MFA if they want to have a layered security strategy.

Louis: What are some of the ways they can go beyond MFA to avoid being the victim of an insider threat?

Torsten: A very important component of your defense strategy should be the approach of zero standing privileges, which is something Gartner recommends to its clients. That means that I have normal privileges and entitlements to do my job, like answering emails and using the Internet, but that’s probably all I need. If I need more access, I’ll have to elevate my privilege for the time needed to do that particular task but then rescind that privilege once it’s done.

If I have zero standing privileges – even if somebody compromises my credential, even if I’m an insider – I don’t have immediate access to the keys to the kingdoms to do whatever I want.

And before privilege elevation, organizations should require context through a formal request. For example, require the user to submit a ticket through ServiceNow or any other IT Service Management platform to detail what they need to access, for how long and to do what. That way, there is an auditing trail and an approval process. If the threat actor – whether insider or not – doesn’t do this they don’t get privileged access to that target system.

Louis: Besides those perhaps expected controls, what other controls might have helped in this particular scenario?

Torsten: Organizations should also take advantage of modern tools to leverage machine learning technology, so that looks at user behavior and risk factors to also get a hold of these insider attacks. All the other security controls are more tailored towards external preparation at first. Still, once you implement machine learning technology and user behavior analytics that’s where you also can capture insider threats.

Machine learning can look for suspicious activity, such as a target being accessed outside of a typical maintenance window, or is the administrator logging in from a different location or device than usual. It can then trigger an MFA request and also issue a real-time alert, regardless of whether the MFA challenge is successfully resolved.

Furthermore, in the case of Twitter, there are privacy and regulatory concerns that could also be additional triggers for real-time alerts and to shut down this activity automatically. Regulations like the CCPA (California Consumer Privacy Act) and GDPR (General Data Protection Regulation) mean that platforms like Twitter have to be very careful with any access to or manipulation of a customer’s feed. That could – and should have – instantly triggered a real-time alert when an administrator was posting on behalf of a user.

Louis: Do you think this is going to be the start of an entirely new era of hacks where hackers will pay off internal employees for promotional messages?

Torsten: Quite frankly, we have seen an uptick since the start of the Covid-19 pandemic. And I believe now that this Twitter attack has been covered in the press so much, you will have copycats that will try to do the same. Some of them will also target social media platforms, but others that might be a little bit smarter because social media is easily detectable if something goes wrong. An industry like healthcare could be a prime target and there is already news that Russian hackers are attacking healthcare providers and research labs to try to gain access to vaccine research.

Louis: Given how significant this hack is in terms of the progression or the growing sophistication of threats, what are the top three predictions you have for the rest of 2020?

Torsten: Ransomware is an example of a technique that has changed quite significantly in two ways. First, they are no longer only delivered via an email, but also via social media platforms, SMS messages and more. Second, ransomware is no longer only focused on shutting down business operations. The most recent example with EDP Renewables North American, a subsidiary of an European-based electric utilities company, showed that hackers leveraged ransomware to exfiltrate data. Not to lock it down, but to exfiltrate data and then ask for ransom from their victim to not publish the data on the Dark Web.

Second, as I’ve already covered, the current economic hardships of the pandemic will cause more people to jump on the bandwagon and become cybercriminals. And these aren’t the people you see in movies – dark characters in hoodies using sophisticated hacking techniques to breach the government. These are your neighbors, the little boys next door. For them it’s not a big deal to become a cyber-criminal.

Third, as you’d expect, the number of cyber-attacks will increase as a result and they will continue to find new and innovative ways to find the easiest way in. The Twitter incident taught us that there was no technology “breach” required. It was just finding the right person with the right privileges and paying them to do 25 Tweets. That’s an easy payday.

I think this whole crisis that we’re going through will see a major uptick in attacks from the traditional cyber hackers, but also from a whole bunch of newbies and greenhorns that will try out their luck and see if they can make a buck. Either by ransomware attacks, phishing attacks, social engineering or any combination thereof.

5 Mistakes That Threaten Infrastructure Cybersecurity And Resilience

5 Mistakes That Threaten Infrastructure Cybersecurity And Resilience

 

Bottom line: With many IT budgets under scrutiny, cybersecurity teams are expected to do more with less, prioritizing spending that delivers the greatest ROI while avoiding the top five mistakes that threaten their infrastructures.

In a rush to reduce budgets and spending, cybersecurity teams and the CISOs that lead them need to avoid the mistakes that can thwart cybersecurity strategies and impede infrastructure performance. Cutting budgets too deep and too fast can turn into an epic fail from a cybersecurity standpoint. What I’ve found is that CIOs are making decisions based on budget requirements, while CISOs are looking out for the security of the company.

Based on their ongoing interviews with CIOs, Gartner is predicting an 8% decline in worldwide IT spending this year. Cybersecurity projects that don’t deliver a solid ROI are already out of IT budgets. Prioritizing and trimming projects to achieve tighter cost optimization is how CIOs and their teams are reshaping their budgets today. CIOs say the goal is to keep the business running as secure as possible, not attain perfect cybersecurity.

Despite the unsettling, rapid rise of cyber-attacks, including a 667% increase in spear-fishing email attacks related to Covid-19 since February alone, CIOs often trim IT budgets starting with cybersecurity first. The current economic downturn is making it clear that cybersecurity is more of a business strategy than an IT one, as spending gets prioritized by the best-to-worst business case.

Five Mistakes No CISO Wants To Make

One of the hardest parts of a CISO’s job is deciding which projects will continue to be funded and who will be responsible for leading them, so they deliver value. It gets challenging fast when budgets are shrinking and competitors actively recruit the most talented team members. Those factors taken together create the perfect conditions for the five mistakes that threaten the infrastructure cybersecurity and resilience of any business.

The five mistakes no CISO wants to make include the following:

1.   No accountability for the crown jewels for the company. Privileged access credentials continue to be the primary target for cyber-attackers. However, many companies just went through a challenging sprint to make sure all employees have secure remote access to enable Covid-19 work-from-home policies. Research by Centrify reveals that 41% of UK businesses aren’t treating outsourced IT and other third parties likely to have some form of privileged access as an equal security concern.

And while a password vault helps rotate credentials, it still relies on shared passwords and doesn’t provide any accountability to know who is doing what with them. That accountability can be introduced by moving to an identity-centric approach where privileged users log in as themselves and are authenticated using existing identity infrastructures (such as Microsoft Active Directory) to federate access with Centrify’s Privileged Access Service.

CISOs and their teams also continue to discount or underestimate the importance of privileged non-human identities that far outweigh human users as a cybersecurity risk in today’s business world. What’s needed is an enterprise-wide approach enabling machines to protect themselves across any network or infrastructure configuration.

2.   Cybersecurity budgets aren’t revised for current threatscapes. Even though many organizations are still in the midst of extensive digital transformation, their budgets often reflect the threatscape from years ago. This gives hackers the green light to get past antiquated legacy security systems to access and leverage modern infrastructures, such as cloud and DevOps. IT security leaders make this even more challenging by not listening to the front-line cybersecurity teams and security analysts who can see the patterns of breach attempts in data they review every day. In dysfunctional organizations, the analyst teams are ignored and cybersecurity suffers.

3. Conflicts of interest when CISOs report to CIOs and the IT budget wins.  This happens in organizations that get hacked because the cybersecurity teams aren’t getting the tools and support they need to do their jobs. With IT budgets facing the greatest scrutiny they’ve seen in a decade, CISOs need to have their budget to defend. Otherwise, too many cybersecurity projects will be cut without thinking of the business implications of each. The bottom line is CISOs need to report to the CEO and have the autonomy to plan, direct, evaluate and course-correct their strategies with their teams.

4. The mistake of thinking cloud platforms’ Identity and Access Management (IAM) tools can secure an enterprise on their own. Cloud providers offer a baseline level of IAM support that might be able to secure workloads in their clouds adequately but is insufficient to protect a multi-cloud, hybrid enterprise. IT leaders need to consider how they can better protect the complex areas of IAM and Privileged Access Management (PAM) with these significant expansions of the enterprise IT estate.

Native IAM capabilities offered by AWS, Microsoft Azure, Google Cloud and other vendors provide enough functionality to help an organization get up and running to control access in their respective homogeneous cloud environments. However, often they lack the scale to fully address the more challenging, complex areas of IAM and PAM in hybrid or multi-cloud environments. Please see the post, The Truth About Privileged Access Security On AWS and Other Public Clouds, for additional information.

5. Exposing their organizations to a greater risk of breach and privileged access credential abuse by staying with legacy password vaults too long. Given the severity, speed and scale of breach attempts, IT leaders need to re-think their vault strategy and make them more identity-centric. Just as organizations have spent the past 5 – 10 years modernizing their infrastructure, they must also consider how to modernize how they secure access to it. More modern solutions can enforce a least privilege approach based on Zero Trust principles that grant just enough, just-in-time access to reduce risk. Forward-thinking organizations will be more difficult to breach by reorienting PAM from being vault-centric to identity-centric.

Conclusion

Decisions about what stays or goes in cybersecurity budgets this year could easily make or break careers for CISOs and CIOs alike. Consider the five mistakes mentioned here and the leading cause of breaches – privileged access abuse. Prioritizing privileged access management for human and machine identities addresses the most vulnerable threat vector for any business. Taking a more modern approach that is aligned to digital transformation priorities can often allow organizations to leverage their existing solutions to reduce risk and costs at the same time.

 

 

 

Debunking The Myth That Greater Compliance Makes IT More Secure

Debunking The Myth That Greater Compliance Makes IT More Secure

Bottom Line:  Excelling at compliance doesn’t protect any business from being hacked, yet pursuing a continuous risk management strategy helps.

With a few exceptions (such as spearphishing), cyberattacks are, by nature, brutally opportunistic and random. They are driven to disrupt operations at best and steal funds, records, and privileged access credentials at worst. Conversely, the most important compliance event of all, audits, are planned for, often months in advance. Governance, Risk, and Compliance (GRC) teams go to Herculean efforts to meet and exceed audit prep timelines working evenings and weekends.

Wanting to learn more about the relationship between GRC and cybersecurity strategy, I searched for webinars on the topic. I found Improve Your Compliance Posture with Identity-Centric PAM, a recent webinar-on-demand offered by Centrify. The webinar brought up several interesting insights, including shared pains companies experience with compliance and cybersecurity, yet require drastically different approaches to solving them.

Rationalizing Compliance Spending with Cybersecurity

The truth is organizations are attempting to rationalize the high costs of compliance by looking for how GRC spend can also improve cybersecurity. This is a dangerous assumption, as Marriott’s third breach indicates. Marriott is an excellently managed business and sets standards in compliance. Unfortunately, that hasn’t thwarted three breaches they’ve experienced.

Why are organizations assuming GRC spending will improve cybersecurity? It’s because both areas share a common series of pains that require different solutions, according to the webinar. These pains include:

  • Updates to regulations are exponentially increasing today, averaging 200 or more per day from approximately 900 oversight agencies worldwide, leading to a quickly changing, heterogeneous landscape. Dr. Torsten George, Cybersecurity Evangelist at Centrify, said that when he worked in the GRC space, the midsize clients he worked with had to deal with 17 different regulations. Larger organizations that operate on a global basis are dealing with, on average, 70 or more regulations they need to stay in compliance with. Dr. George provided an overview of the compliance landscape, differentiating between the levels compliance requirements every organization needs to abide by, which is shown below:
  • Compliance is, by nature, reactive to a known event (audit), while cybersecurity is also entirely reactive to random events (cyberattacks). GRC teams need to ramp up their staff and equip them with the apps and tools they need at least six months before an audit. For cybersecurity, the threat is random and will most likely be more severe in terms of financial loss. Preparing for each takes entirely different strategies.
  • The lack of continuous risk monitoring by GRC teams and identity management by IT cybersecurity leads to systemic failures in achieving compliance and securing an organization. The webinar makes an excellent point that for compliance to succeed, it needs to be based on continuous risk management, not just checking off the boxes or categories of a given GRC approach. The same holds for cybersecurity. Identity-Centric Privileged Access Management (PAM) provides GRC and IT professionals mutual benefits when it comes to achieving the mission of being and staying compliant, and shows how securing enterprises drive better compliance, not vice versa.
  • Manually updating compliance mapping tables showing the interrelationships of requirements by industry is not scaling – and leaving gaps in GRC coverage. The more regulated a business is, for example manufacturing medical products, the more important it is to automate every aspect of compliance. A great place to start is automating the process of creating mapping tables. Taking a manual approach to creating mapping tables comparing standards often leads to errors and gaps. And in highly regulated industries like medical products manufacturing, the accuracy, speed, and scale of staying compliant can be turned into a competitive advantage, leading to more sales.

How To Resolve The Conflict Between GRC and Cybersecurity Spending

According to the webinar, 80% of today’s data breaches are caused by default, weak, stolen, or otherwise compromised credentials. GRC and cybersecurity strategies’ best efforts need to be put on securing privileged access first. The webinar makes a strong argument for prioritizing privileged access security as the initiative that can unify GRC and cybersecurity strategies.

Key insights from the webinar include the following:

  • Industry standards and government regulations are calling for identity and access management as a requirement, with several specifically naming privilege access controls.
  • Identity-Centric Privileged Access Management (PAM) approaches help meet compliance mandates, while at the same time hardening cybersecurity to the threat surface level.
  • Attaining greater compliance by taking an Identity-Centric PAM approach ensures machines have secured identities as well, and the use of anonymous access accounts is limited to break-glass scenarios only, while organizations should otherwise be leveraging enterprise directory identities for the authentication and authorization process.
  • Improving accountability and segmentation by establishing granular security controls and auditing everything helps bridge the gap between GRC and cybersecurity initiatives.
Debunking The Myth That Greater Compliance Makes IT More Secure

Conclusion

Continuous risk management is key to excelling at compliance, just as securing privileged access credentials is foundational to an effective cybersecurity strategy. Dr. Torsten George ended the webinar saying, “In the long term, I believe that the current situation that we’re dealing with and its associated spike of cyber-attacks will lead to even stricter compliance mandates; especially when it comes to secure remote access by key IT stakeholders and outsourced IT.” The bottom line is that compliance and cybersecurity must share the common goal of protecting their organizations’ privileged access credentials using adaptive approaches and technologies if both are going to succeed.

 

 

Protecting Privileged Identities In A Post-COVID-19 World

Protecting Privileged Identities In A Post-COVID-19 World

Bottom Line: Every organization needs to digitally reinvent their business, starting at the system level to safely sell and serve customers with minimal physical interaction.

The hard reset every business is going through creates a strong sense of urgency to increase the agility, speed, and scale of selling, as well as customer service options that protect the health of employees, customers, and partners. Customer experience needs to be the cornerstone of digital transformation, with the customers’ health and welfare being the highest priority. Businesses need to realize that digitally reinventing themselves is no longer optional. Every customer-facing system is going to need the best infrastructure, security, and stability for any business to survive and grow.

Securing Infrastructure Needs To Come First

COVID-19 was a wake-up call that companies need to operate as multi-channel players, allowing for physical but, more importantly, virtual presence. For instance, in retail, only those that will step up their efforts in building on-line ordering and associated nation-wide logistics networks will survive in the longer-term. If the cloud was considered an option in the past, it now is mandatory. In turn, the need for security has increased.

Starting with infrastructure, hybrid- and multi-cloud environments need to be augmented with additional system support, new apps, and greater security to support the always-on nature of competing in a virtual world. Providing self-service sales and support across any device at any time and keeping all systems synchronized is going to take more real-time integration, better security, more precise pricing, and so much more.

Consumer electronics manufacturers’ biggest challenge is reinventing their infrastructure while selling and serving customers at the same time. Part of their biggest challenge is protecting privileged access credentials that have become fragmented across hybrid- and multi-cloud environments. Everyone I’ve spoken with is balancing the urgent need for new revenue through new channels on the one hand with intensity to secure infrastructure and the most valuable security assets of all, privileged access credentials.

According to a 2019 study by Centrify among 1,000 IT decision-makers, 74% of respondents whose organizations have been breached acknowledged that it involved access to a privileged account. These are typically used by a small set of technical personnel to access the most critical systems in the IT estate, including modern technologies such as cloud, DevOps, microservices, and more. The CIO of a local financial services and insurance company, who is a former student and friend, told me that “it’s often said that privileged access credentials are the keys to the kingdom, and in these turbulent times they’re the keys to keeping any business running.”

CIOs, CISOs, and their teams are focusing on four key areas today while digitally reinventing themselves to provide more flexible options for customers:

  • Secure every new self-service selling and service channel from breaches.
  • Fast-track cloud projects to become 100% virtual and available.
  • Simplify infrastructure management by integrating IT and Operations Management across hybrid and multi-cloud environments.
  • Improve compliance reporting as well as reduce audit costs and associated fines.

Legacy Privileged Access Management (PAM) Can’t Scale For Today’s Threats

Sophisticated social engineering and breach attempts are succeeding in misdirecting human responses to cyber threats, gaining access to valuable privileged access credentials in the process. Legacy PAM systems based on vaulting away shared and root passwords aren’t designed to protect hybrid cloud and multi-cloud environments. These DevOps systems include containers and microservices, APIs, machines, or services. Furthermore, multi-cloud environments create additional challenges because access management tools used for one vendor cannot be used with another.

Switching from in-person to self-service selling and service creates new challenges and an entirely new series of requirements for identity and access management. These requirements include securing a continually-increasing number of workloads that cause the amount of data in the cloud to grow exponentially. There’s also the need to centralize identities for consistent access controls across hybrid and multi-cloud environments – all happening while a business is busy digitally reinventing itself. Compounding all of these challenges is the need to excel at delivering an excellent user experience without sacrificing security in an increasingly self-service, always-on, 24/7 world.

Securing Privileged Access In A Post-COVID-19 World

If you’re looking for a sure sign any business will be around and growing in twelve months, look at how fast they are digitally reinventing themselves at the infrastructure level and protecting privileged access credentials first. Digital-first businesses are taking a more adaptive approach to consistently controlling access to hybrid infrastructure for both on-premises and remote users now.

Centrify and others are making rapid progress in this area, with Centrify’s Identity-Centric PAM taking a “never trust, always verify, enforce least privilege” approach to securing privileged identities. Centrify’s approach to Identity-Centric PAM establishes per-machine trust so it can defend itself from illegitimate users – whether human or machine  – or those without the right entitlements. It then grants least privilege access just-in-time based on verifying who is requesting access, the context of the request, and the risk of the access environment as is illustrated in the graphic below:

Protecting Privileged Identities In A Post-COVID-19 World

Conclusion

Improving customer experiences needs to be at the center of any digital transformation effort. As every business digitally transforms itself to survive and grow in a post-COVID-19 world out of necessity, they must also improve how they secure access to their cloud and on-premises infrastructure. Legacy PAM was designed for a time when all privileged access was constrained to resources inside the network, accessed by humans, using shared/root accounts.

Legacy PAM was not designed for cloud environments, DevOps, containers, or microservices. Furthermore, privileged access requesters are no longer limited to just humans, but also include machines, services, and APIs.

Privileged access requesters need greater agility, adaptability, and speed to support DevOps’ growing roadmap of self-service and increasingly safer apps and platforms. While privileged identities must be protected, DevOps teams need as much agility and speed as possible to innovate at the rapidly changing pace of how customers choose to buy in a post-COVID-19 world.

Machines Protecting Themselves Is The Future Of Cybersecurity

Machines Protecting Themselves Is The Future Of Cybersecurity

Bottom Line: Existing approaches to securing IT infrastructure are proving unreliable as social engineering and breach attempts succeed in misdirecting human responses to cyber threats, accentuating the need for machines to protect themselves.

Any nations’ digital infrastructure and the businesses it supports are its most vital technology resources, as the COVID-19 pandemic makes clear. Cybercriminal and advanced persistent threat (APT) groups are attempting to capitalize on the disruption that COVID-19 is creating to engage in malicious cyber activity. It’s become so severe that the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) issued a joint alert, COVID-19 Exploited by Malicious Cyber Actors earlier this month.

“If you’re in the Department of Defense, your doctrine says land, sea, air, space, cyber. An entirely new domain of warfare, but fundamentally, an entirely new domain of human existence. That’s really disruptive,” said General Michael Hayden during his keynote at the 2017 Institute for Critical Infrastructure Technology (ICIT) Winter Summit. General Hayden’s comments are prescient of the world in 2020.

In the same keynote, he said that it’s essential that cyber-threats and the actors carrying them out be treated as invading armies and cyber-attacks be considered an act of war. “We self-organize and use business models to guide our self-organization,” General Hayden said. “We will have to rely on ourselves and the private sector in a way that we have not relied on ourselves for security.”

General Hayden’s’ comments are a call to action to the private sector to take the initiative and innovate quickly to secure the cyber-domain. Machines protecting themselves is an area noteworthy for its innovative technologies for securing IT infrastructures and the networks that comprise them.

Exploring An Approach to How Machines Protect Themselves

Wanting to learn more about how machines would be able to protect themselves automatically, I spoke with Centrify’s Chief Strategy Officer, David McNeely. He explained that one of the best ways is to have a client that is an integral part of any operating system act as an intermediary that establishes a trusted identity for each client system on a network. The client would then be able to authenticate every login attempt and request for resources by verifying each login through an authoritive security management platform such as Active Directory (AD).

McNeely explained how Centrify’s approach to having machines protect themselves using clients integrated with operating systems. “The client is designed to enable the computer to authenticate users. It must have a trusted relationship with the authoritative identity service in the organization that manages user accounts, this is usually Active Directory. The computer account and trust relationship is what enables strong authentication of user login requests” he said.

He continued, “Self-defending machines address the paradigm shift occurring in cybersecurity today where protection cannot be enforced at the network boundary. In the past, trusted networks were defined by administrators using network protection tools such as VLANs, firewalls and VPNs in order to protect a group of machines on that network. With self-defending machines, it’s possible to implement a true Zero Trust approach more fully where the network cannot be trusted.”

The following is a graphic of how Centrify is approaching machine-to-machine Zero Trust across distributed environments:

Machines Protecting Themselves Is The Future Of Cybersecurity

Centrify’s approach is based on servers protecting themselves by enforcing a policy defined by IT administrators as stored in Active Directory (AD) or Centrify’s Privileged Access Service. Clients then carry out the orders, enforcing centrally managed policies for each of the following scenarios:

  • Define who can login, making sure only authorized personnel are allowed access.
  • Whether clients should initiate the process of enforcing MFA or not, to make sure the login attempt isn’t a bot, fake ID, or incorrect human.
  • Whether audit is required or not of the login session and if so, what conditions define if it should be recorded or not.
  • Which privileges are granted to each user and for how long once they’ve gained access to systems.

Why The NIST 800-207 Standard Matters

The National Institute of Standards and Technology (NIST) has defined Zero Trust architecture as a set of guiding principles that organizations can use to improve their security posture. You can view the publication online here: NIST Zero Trust Special Publication 800-207, Zero Trust Architecture (PDF, 58 pp., no opt-in).

Organizations need to continually evaluate their existing cybersecurity defenses in light of the Tenets of Zero Trust in order to continually improve their security postures. The NIST standard underscores the importance of how security architecture matters. For example, defenses to protect assets need to be as close to the asset as possible, much like in a war. In this new era of cyberwarfare, soldiers will need their own body armor and tools to defend against an adversary. Similarly, it is important to arm each server with appropriate defenses to protect against cyberthreats.

Conclusion

General Hayden’s challenge to private industry to pick up the pace of innovation so the nations’ cyber-domain is secure resonates with every cybersecurity company I’ve spoken with. One of the most noteworthy is Centrify, who has devised an enterprise-ready approach for machines to protect themselves across infrastructure and network configurations. It’s Identity-Centric approach to authenticating every login attempt and request for resources by verifying each login – through Active Directory (AD) or the cloud-based, FedRAMP-authorized Centrify Privileged Access Service – differentiates its approach from other cybersecurity vendors attempting to empower machine self-defense.

 

Why Your Biometrics Are Your Best Password

Why Your Biometrics Are Your Best Password

Bottom Line: Biometrics are proving to be better than passwords because they’re easier to use, provide greater privacy and security, and are gaining standardization across a broad base of mobile, desktop, and server devices that users rely on to access online services.

In keeping with the theme of this year’s RSA Conference of Human Element, vendors offering passwordless authentication were out in force. Centrify, Entrust Datacard, HID Global, Idaptive, ImageWare, MobileIron, Thales, and many others promoted their unique approaches to passwordless authentication, leveraging the FIDO2 standard. FIDO2 is the latest set of specifications from the FIDO Alliance, an industry standards organization that provides interoperability testing and certification for servers, clients, and authenticators that meet FIDO2 specifications.

The Alliance has introduced a new Universal Server certification for servers that interoperate with all FIDO authenticator types (FIDO UAF, WebAuthn, and CTAP). The following graphic explains how the FIDO2 architecture authenticates every account requesting access to resources on a secured system:

Why Your Biometrics Are Your Best Password

The security industry has been trying to kill the password for decades. It has long been viewed as a weakness, primarily because of the human element: people continue to use weak passwords, on multiple accounts, at work, and in their personal lives. 81% of data breaches involve weak, stolen, default, or otherwise compromised credentials, according to a Verizon Data Breach Investigations Report.

Usernames and passwords (“something you know”) was the best factor of authentication available for decades yet didn’t provide enough of a barrier to hackers. Then came two-factor authentication, which added “something you have” as a second factor, such as a smartphone, key card, token, or other tangible item associated with the user.

Today everyone lives in a multi-factor authentication (MFA) world where cybersecurity technologists have added another factor: “something you are.” This is where biometrics come in, and facial recognition, fingerprint scanning, retinal scanning, and other forms of bio-identification have become normal thanks to technologies like Apple’s Touch ID and Face ID. Many people have already been using these technologies for years on their iPhones.

The reality is that these additional factors based on “something you have” or “something you are” are both much stronger than “something you know,” such as a password or PIN. Not only can the latter be easily stolen, guessed, or phished for, but authentication based on biometrics is very hard to fake or duplicate.

In short, by using the two newer factors of authentication, everyone who uses an electronic device daily is moving closer to a passwordless reality. Cybersecurity technologists are going to continue making authentication easier and more secure to improve user experiences and reduce the threat of a breach.

Privileged Admin Passwords Need To Be The First To Go  

Key lessons learned from visiting with the 30 or so vendors who claimed to support passwordless authentication include the following:

  • Centrify was the only vendor who prioritized enforcing FIDO2-based privileged administrator logins. It was also one of the few that specifically mentioned support for Apple’s Touch ID and Face ID, as well as Windows Hello, showing full support for the FIDO2 standard.
  • Windows Hello and Windows Hello for Business are table stakes in passwordless authentication, all vendors claim and can demo this capability.
  • Combining multiple forms of biometrics is proving problematic for the majority of vendors, as evidenced by the inconsistent demos on the show floor. No one could conclusively demo multiple types of biometrics for their solutions on the fly in a demo environment while at RSA. Of the many vendors claiming this capability, Centrify’s approach is the most unique in that privileged user identities are verified, satisfying a valuable pillar of its Identity-Centric PAM approach.
  • All vendors claiming FIDO2 compliance were able to demonstrate Apple’s Touch ID electronic fingerprint recognition, while Apple Face ID facial recognition product demos were hit or miss. If you are evaluating biometrics vendors who claim FIDO2 compliance be sure to stress-test facial recognition, as the demos on the show floor made it clear there’s work to do in this area.
  • Product management teams have been studying the NIST 800-53 high-assurance authentication controls standard and integrating it into their roadmaps. The 170 controls that comprise the NIST 800-53 standard are being adopted quickly across the vendors who claim passwordless authentication as a core strength in their product strategies. Using biometrics eliminates the risk of credential theft techniques and provides better alignment with the NIST 800-53 high-assurance authentication controls standard.
  • Vendors are at varying levels of maturity when it comes to being able to capitalize on the metadata biometrics provides, with a few claiming to have real-time analytics. Every vendor had a different response to how they manage the massive amount of metadata being generated by their biometrics, which all claim also to support analytics. After speaking with the vendors at RSA, analytics used to authenticate rather than just report activity is far more effective. I had a chance to talk to Dr. Torsten George, Cybersecurity Evangelist at Centrify, who said, “Centrify’s support for the FIDO2 standard is a direct result of our ongoing commitment to our customers and their requests for biometric authentication of privileged user identities. Combining our support for the FIDO2 standard with our existing multi-factor authentication and real-time analytics capabilities, we’re able to greatly reduce the risk of security breaches that might exploit weak, default, or stolen privileged credentials.”

Conclusion

RSA’s theme Human Element was prescient from the heavy emphasis on passwordless authentication at this year’s conference. FIDO2 is getting solid support across the cybersecurity vendors who chose to exhibit there, which is great for enterprises, organizations, and small businesses who need to defend themselves. Of the many vendors there, Centrify’s approach stood out based on its unique approach to authenticating privileged user identities for its Identity-Centric PAM platform.

FIDO2 ultimately makes security stronger and less disruptive because it can not only eliminate passwords but also make the user experience more seamless and less likely to be circumvented. Passwordless authentication ensures that login credentials are unique across every website, never stored on a server, and never leave the user’s device. This security model helps eliminate the risks of phishing, as well as all forms of password theft and replay attacks.

We’re closer than ever before to the elusive goal of a passwordless future.

Top 10 Cybersecurity Companies To Watch In 2020

Worldwide spending on information security and risk management systems will reach $131B in 2020, increasing to $174B in 2022 approximately $50B will be dedicated to protecting the endpoint according to Gartner’s latest Information Security and Risk Management forecast. Cloud Security platform and application sales are predicted to grow from $636M in 2020 to $1.63B in 2023, attaining a 36.8% Compound Annual Growth Rate (CAGR) and leading all categories of Information & Security Risk Management systems. Application Security is forecast to grow from $3.4B in 2020 to $4.5B in 2023, attaining a 9.7% CAGR. Security Services is projected to be a $66.9B market this year, increasing from $62B in 2019. AI, Machine Learning And The Race To Improve Cybersecurity The majority of Information Security teams’ cybersecurity analysts are overwhelmed today analyzing security logs, thwarting breach attempts, investigating potential fraud incidents and more. 69% of senior executives believe AI and machine learning are necessary to respond to cyberattacks according to the Capgemini study, Reinventing Cybersecurity with Artificial Intelligence. The following graphic compares the percentage of organizations by industry who are relying on AI to improve their cybersecurity. 80% of telecommunications executives believe their organization would not be able to respond to cyberattacks without AI, with the average being 69% of all enterprises across seven industries. Top 10 Cybersecurity Companies To Watch In 2020 STATISTA The bottom line is all organizations have an urgent need to improve endpoint security and resilience, protect privileged access credentials, reduce fraudulent transactions, and secure every mobile device applying Zero Trust principles. Many are relying on AI and machine learning to determine if login and resource requests are legitimate or not based on past behavioral and system use patterns. Several of the top ten companies to watch take into account a diverse series of indicators to determine if a login attempt, transaction, or system resource request is legitimate or not. They’re able to assign a single score to a specific event and predict if it’s legitimate or not. Kount’s Omniscore is an example of how AI and ML are providing fraud analysts with insights needed to reduce false positives and improve customer buying experiences while thwarting fraud. The following are the top ten cybersecurity companies to watch in 2020: Absolute – Absolute serves as the industry benchmark for endpoint resilience, visibility and control. Embedded in over a half-billion devices, the company enables more than 12,000 customers with self-healing endpoint security, always-connected visibility into their devices, data, users, and applications – whether endpoints are on or off the corporate network – and the ultimate level of control and confidence required for the modern enterprise. To thwart attackers, organizations continue to layer on security controls — Gartner estimates that more than $174B will be spent on security by 2022, and of that approximately $50B will be dedicated protecting the endpoint. Absolute’s Endpoint Security Trends Report finds that in spite of the astronomical investments being made, 100 percent of endpoint controls eventually fail and more than one in three endpoints are unprotected at any given time. All of this has IT and security administrators grappling with increasing complexity and risk levels, while also facing mounting pressure to ensure endpoint controls maintain integrity, availability and functionality at all times, and deliver their intended value. Organizations need complete visibility and real-time insights in order to pinpoint the dark endpoints, identify what’s broken and where gaps exist, as well as respond and take action quickly. Absolute mitigates this universal law of security decay and empowers organizations to build an enterprise security approach that is intelligent, adaptive and self-healing. Rather than perpetuating a false sense of security, Absolute provides a single source of truth and the diamond image of resilience for endpoints. Centrify - Centrify is redefining the legacy approach to Privileged Access Management (PAM) with an Identity-Centric approach based on Zero Trust principles. Centrify’s 15-year history began in Active Directory (AD) bridging, and it was the first vendor to join UNIX and Linux systems with Active Directory, allowing for easy management of privileged identities across a heterogeneous environment. It then extended these capabilities to systems being hosted in IaaS environments like AWS and Microsoft Azure, and offered the industry’s first PAM-as-a-Service, which continues to be the only offering in the market with a true multi-tenant, cloud architecture. Applying its deep expertise in infrastructure allowed Centrify to redefine the legacy approach to PAM and introduce a server’s capability to self-defend against cyber threats across the ever-expanding modern enterprise infrastructure. Centrify Identity-Centric PAM establishes a root of trust for critical enterprise resources, and then grants least privilege access by verifying who is requesting access, the context of the request, and the risk of the access environment. By implementing least privilege access, Centrify minimizes the attack surface, improves audit and compliance visibility, and reduces risk, complexity, and costs for the modern, hybrid enterprise. Over half of the Fortune 100, the world’s largest financial institutions, intelligence agencies, and critical infrastructure companies, all trust Centrify to stop the leading cause of breaches – privileged credential abuse. Research firm Gartner predicts that by 2021, approximately 75% of large enterprises will utilize privileged access management products, up from approximately 50% in 2018 in their Forecast Analysis: Information Security and Risk Management, Worldwide, 4Q18 Update published March 29, 2019 (client access reqd). This is not surprising, considering that according to an estimate by Forrester Research, 80% of today’s breaches are caused by weak, default, stolen, or otherwise compromised privileged credentials. Deep Instinct – Deep Instinct applies artificial intelligence’s deep learning to cybersecurity. Leveraging deep learning’s predictive capabilities, Deep Instinct’s on-device solution protects against zero-day threats and APT attacks with unmatched accuracy. Deep Instinct safeguards the enterprise’s endpoints and/or any mobile devices against any threat, on any infrastructure, whether or not connected to the network or to the Internet. By applying deep learning technology to cybersecurity, enterprises can now gain unmatched protection against unknown and evasive cyber-attacks from any source. Deep Instinct brings a completely new approach to cybersecurity enabling cyber-attacks to be identified and blocked in real-time before any harm can occur. Deep Instinct USA is headquartered in San Francisco, CA and Deep Instinct Israel is headquartered in Tel Aviv, Israel. Infoblox - Infoblox empowers organizations to bring next-level simplicity, security, reliability and automation to traditional networks and digital transformations, such as SD-WAN, hybrid cloud and IoT. Combining next-level simplicity, security, reliability and automation, Infoblox is able to cut manual tasks by 70% and make organizations’ threat analysts 3x more productive. While their history is in DDI devices, they are succeeding in providing DDI and network security services on an as-a-service (-aaS) basis. Their BloxOne DDI application, built on their BloxOne cloud-native platform, helps enable IT, professionals, to manage their networks whether they're based on on-prem, cloud-based, or hybrid architectures. BloxOne Threat Defense application leverages the data provided by DDI to monitor network traffic, proactively identify threats, and quickly inform security systems and network managers of breaches, working with the existing security stack to identify and mitigate security threats quickly, automatically, and more efficiently. The BloxOne platform provides a secure, integrated platform for centralizing the management of identity data and services across the network. A recognized industry leader, Infoblox has a 52% market share in the DDI networking market comprised of 8,000 customers, including 59% of the Fortune 1000 and 58% of the Forbes 2000. Kount – Kount’s award-winning, AI-driven fraud prevention empowers digital businesses, online merchants, and payment service providers around the world to protect against payments fraud, new account creation fraud, and account takeover. With Kount, businesses approve more good orders, uncover new revenue streams, improve customer experience and dramatically improve their bottom line all while minimizing fraud management cost and losses. Through Kount’s global network and proprietary technologies in AI and machine learning, combined with flexible policy management, companies frustrate online criminals and bad actors driving them away from their site, their marketplace, and off their network. Kount’s continuously adaptive platform provides certainty for businesses at every digital interaction. Kount’s advances in both proprietary techniques and patented technology include mobile fraud detection, advanced artificial intelligence, multi-layer device fingerprinting, IP proxy detection and geo-location, transaction and custom scoring, global order linking, business intelligence reporting, comprehensive order management, as well as professional and managed services. Kount protects over 6,500 brands today. Mimecast – Mimecast improves the way companies manage confidential, mission-critical business communication and data. The company's mission is to reduce the risks users face from email, and support in reducing the cost and complexity of protecting users by moving the workload to the cloud. The company develops proprietary cloud architecture to deliver comprehensive email security, service continuity, and archiving in a single subscription service. Its goal is to make it easier for people to protect a business in today’s fast-changing security and risk environment. The company expanded its technology portfolio in 2019 through a pair of acquisitions, buying data migration technology provider Simply Migrate to help customers and prospects move to the cloud more quickly, reliably, and inexpensively. Mimecast also purchased email security startup DMARC Analyzer to reduce the time, effort, and cost associated with stopping domain spoofing attacks. Mimecast acquired Segasec earlier this month, a leading provider of digital threat protection. With the acquisition of Segasec, Mimecast can provide brand exploit protection, using machine learning to identify potential hackers at the earliest stages of an attack. The solution also is engineered to provide a way to actively monitor, manage, block, and take down phishing scams or impersonation attempts on the Web. MobileIron – A long-time leader in mobile management solutions, MobileIron is widely recognized by Chief Information Security Officers, CIOs and senior management teams as the de facto standard for unified endpoint management (UEM), mobile application management (MAM), BYOD security, and zero sign-on (ZSO). The company’s UEM platform is strengthened by MobileIron Threat Defense and MobileIron’s Access solution, which allows for zero sign-on authentication. Forrester observes in their latest Wave on Zero Trust eXtended Ecosystem Platform Providers, Q4 2019 that “MobileIron’s recently released authenticator, which enables passwordless authentication to cloud services, is a must for future-state Zero Trust enterprises and speaks to its innovation in this space.” The Wave also illustrates that MobileIron is the most noteworthy vendor as their approach to Zero Trust begins with the device and scales across mobile infrastructures. MobileIron’s product suite also includes a federated policy engine that enables administrators to control and better command the myriad of devices and endpoints that enterprises rely on today. Forrester sees MobileIron as having excellent integration at the platform level, a key determinant of how effective they will be in providing support to enterprises pursuing Zero Trust Security strategies in the future. One Identity – One Identity is differentiating its Identity Manager identity analytics and risk scoring capabilities with greater integration via its connected system modules. The goal of these modules is to provide customers with more flexibility in defining reports that include application-specific content. Identity Manager also has over 30 direct provisioning connectors included in the base package, with good platform coverage, including strong Microsoft and Office 365 support. Additional premium connectors are charged separately. One Identity also has a separate cloud-architected SaaS solution called One Identity Starling. One of Starling’s greatest benefits is its design that allows for it to be used not only by Identity Manager clients, but also by clients of other IGA solutions as a simplified approach to obtain SaaS-based identity analytics, risk intelligence, and cloud provisioning. One Identity and its approach is trusted by customers worldwide, where more than 7,500 organizations worldwide depend on One Identity solutions to manage more than 125 million identities, enhancing their agility and efficiency while securing access to their systems and data – on-prem, cloud, or hybrid. SECURITI.ai - SECURITI.ai is the leader in AI-Powered PrivacyOps, that helps automate all major functions needed for privacy compliance in one place. It enables enterprises to give rights to people on their data, be responsible custodians of people’s data, comply with global privacy regulations like CCPA and bolster their brands. The AI-Powered PrivacyOps platform is a full-stack solution that operationalizes and simplifies privacy compliance using robotic automation and a natural language interface. These include a Personal Data Graph Builder, Robotic Automation for Data Subject Requests, Secure Data Request Portal, Consent Lifecycle Manager, Third-Party Privacy Assessment, Third-Party Privacy Ratings, Privacy Assessment Automation and Breach Management. SECURITI.ai is also featured in the Consent Management section of Bessemer’s Data Privacy Stack shown below and available in Bessemer Venture Partner’s recent publication How data privacy engineering will prevent future data oil spills (10 pp., PDF, no opt-in). Top 10 Cybersecurity Companies To Watch In 2020 SOURCE: BESSEMER VENTURE PARTNERS, HOW DATA PRIVACY ENGINEERING WILL PREVENT FUTURE DATA OIL SPILLS , SEPTEMBER, 2019. (10 PP., PDF, NO OPT-IN). Transmit Security - The Transmit Security Platform provides a solution for managing identity across applications while maintaining security and usability. As criminal threats evolve, online authentication has become reactive and less effective. Many organizations have taken on multiple point solutions to try to stay ahead, deploying new authenticators, risk engines, and fraud tools. In the process, the customer experience has suffered. And with an increasingly complex environment, many enterprises struggle with the ability to rapidly innovate to provide customers with an omnichannel experience that enables them to stay ahead of emerging threats.

  • Worldwide spending on information security and risk management systems will reach $131B in 2020, increasing to $174B in 2022 approximately $50B will be dedicated to protecting the endpoint according to Gartner’s latest Information Security and Risk Management forecast.
  • Cloud Security platform and application sales are predicted to grow from $636M in 2020 to $1.63B in 2023, attaining a 36.8% Compound Annual Growth Rate (CAGR) and leading all categories of Information & Security Risk Management systems.
  • Application Security is forecast to grow from $3.4B in 2020 to $4.5B in 2023, attaining a 9.7% CAGR.
  • Security Services is projected to be a $66.9B market this year, increasing from $62B in 2019.

AI, Machine Learning And The Race To Improve Cybersecurity  

The majority of Information Security teams’ cybersecurity analysts are overwhelmed today analyzing security logs, thwarting breach attempts, investigating potential fraud incidents and more. 69% of senior executives believe AI and machine learning are necessary to respond to cyberattacks according to the Capgemini study, Reinventing Cybersecurity with Artificial Intelligence. The following graphic compares the percentage of organizations by industry who are relying on AI to improve their cybersecurity. 80% of telecommunications executives believe their organization would not be able to respond to cyberattacks without AI, with the average being 69% of all enterprises across seven industries.

The bottom line is all organizations have an urgent need to improve endpoint security and resilience, protect privileged access credentials, reduce fraudulent transactions, and secure every mobile device applying Zero Trust principles. Many are relying on AI and machine learning to determine if login and resource requests are legitimate or not based on past behavioral and system use patterns. Several of the top ten companies to watch take into account a diverse series of indicators to determine if a login attempt, transaction, or system resource request is legitimate or not. They’re able to assign a single score to a specific event and predict if it’s legitimate or not. Kount’s Omniscore is an example of how AI and ML are providing fraud analysts with insights needed to reduce false positives and improve customer buying experiences while thwarting fraud.

The following are the top ten cybersecurity companies to watch in 2020:

Absolute – Absolute serves as the industry benchmark for endpoint resilience, visibility and control. Embedded in over a half-billion devices, the company enables more than 12,000 customers with self-healing endpoint security, always-connected visibility into their devices, data, users, and applications – whether endpoints are on or off the corporate network – and the ultimate level of control and confidence required for the modern enterprise.

To thwart attackers, organizations continue to layer on security controls — Gartner estimates that more than $174B will be spent on security by 2022, and of that approximately $50B will be dedicated protecting the endpoint. Absolute’s Endpoint Security Trends Report finds that in spite of the astronomical investments being made, 100 percent of endpoint controls eventually fail and more than one in three endpoints are unprotected at any given time. All of this has IT and security administrators grappling with increasing complexity and risk levels, while also facing mounting pressure to ensure endpoint controls maintain integrity, availability and functionality at all times, and deliver their intended value.

Organizations need complete visibility and real-time insights in order to pinpoint the dark endpoints, identify what’s broken and where gaps exist, as well as respond and take action quickly. Absolute mitigates this universal law of security decay and empowers organizations to build an enterprise security approach that is intelligent, adaptive and self-healing. Rather than perpetuating a false sense of security, Absolute provides a single source of truth and the diamond image of resilience for endpoints.

CentrifyCentrify is redefining the legacy approach to Privileged Access Management (PAM) with an Identity-Centric approach based on Zero Trust principles. Centrify’s 15-year history began in Active Directory (AD) bridging, and it was the first vendor to join UNIX and Linux systems with Active Directory, allowing for easy management of privileged identities across a heterogeneous environment. It then extended these capabilities to systems being hosted in IaaS environments like AWS and Microsoft Azure, and offered the industry’s first PAM-as-a-Service, which continues to be the only offering in the market with a true multi-tenant, cloud architecture. Applying its deep expertise in infrastructure allowed Centrify to redefine the legacy approach to PAM and introduce a server’s capability to self-defend against cyber threats across the ever-expanding modern enterprise infrastructure.

Centrify Identity-Centric PAM establishes a root of trust for critical enterprise resources, and then grants least privilege access by verifying who is requesting access, the context of the request, and the risk of the access environment. By implementing least privilege access, Centrify minimizes the attack surface, improves audit and compliance visibility, and reduces risk, complexity, and costs for the modern, hybrid enterprise. Over half of the Fortune 100, the world’s largest financial institutions, intelligence agencies, and critical infrastructure companies, all trust Centrify to stop the leading cause of breaches – privileged credential abuse.

Research firm Gartner predicts that by 2021, approximately 75% of large enterprises will utilize privileged access management products, up from approximately 50% in 2018 in their Forecast Analysis: Information Security and Risk Management, Worldwide, 4Q18 Update published March 29, 2019 (client access reqd). This is not surprising, considering that according to an estimate by Forrester Research, 80% of today’s breaches are caused by weak, default, stolen, or otherwise compromised privileged credentials.

Deep Instinct – Deep Instinct applies artificial intelligence’s deep learning to cybersecurity. Leveraging deep learning’s predictive capabilities, Deep Instinct’s on-device solution protects against zero-day threats and APT attacks with unmatched accuracy. Deep Instinct safeguards the enterprise’s endpoints and/or any mobile devices against any threat, on any infrastructure, whether or not connected to the network or to the Internet. By applying deep learning technology to cybersecurity, enterprises can now gain unmatched protection against unknown and evasive cyber-attacks from any source. Deep Instinct brings a completely new approach to cybersecurity enabling cyber-attacks to be identified and blocked in real-time before any harm can occur. Deep Instinct USA is headquartered in San Francisco, CA and Deep Instinct Israel is headquartered in Tel Aviv, Israel.

Infoblox – Infoblox empowers organizations to bring next-level simplicity, security, reliability and automation to traditional networks and digital transformations, such as SD-WAN, hybrid cloud and IoT. Combining next-level simplicity, security, reliability, and automation, Infoblox can cut manual tasks by 70% and make organizations’ threat analysts 3x more productive.

While their history is in DDI devices, they are succeeding in providing DDI and network security services on an as-a-service (-aaS) basis. Their BloxOne DDI  application, built on their BloxOne cloud-native platform, helps enable IT professionals to manage their networks, whether they’re based on on-prem, cloud-based, or hybrid architectures.  BloxOne Threat Defense  application leverages the data provided by DDI to monitor network traffic, proactively identify threats, and quickly inform security systems and network managers of breaches, working with the existing security stack to identify and mitigate security threats quickly, automatically, and more efficiently. The BloxOne platform provides a secure, integrated platform for centralizing the management of identity data and services across the network. A recognized industry leader, Infoblox has a 52% market share in the DDI networking market comprised of 8,000 customers, including 59% of the Fortune 1000 and 58% of the Forbes 2000.

Kount – Kount’s award-winning, AI-driven fraud prevention empowers digital businesses, online merchants, and payment service providers around the world to protect against payments fraud, new account creation fraud, and account takeover. With Kount, businesses approve more good orders, uncover new revenue streams, improve customer experience, and dramatically improve their bottom line all while minimizing fraud management cost and losses. Through Kount’s global network and proprietary technologies in AI and machine learning, combined with flexible policy management, companies frustrate online criminals and bad actors driving them away from their site, their marketplace, and off their network. Kount’s continuously adaptive platform provides certainty for businesses at every digital interaction. Kount’s advances in both proprietary techniques and patented technology include mobile fraud detection, advanced artificial intelligence, multi-layer device fingerprinting, IP proxy detection and geo-location, transaction and custom scoring, global order linking, business intelligence reporting, comprehensive order management, as well as professional and managed services. Kount protects over 6,500 brands today.

MimecastMimecast improves the way companies manage confidential, mission-critical business communication and data. The company’s mission is to reduce the risks users face from email, and support in reducing the cost and complexity of protecting users by moving the workload to the cloud. The company develops proprietary cloud architecture to deliver comprehensive email security, service continuity, and archiving in a single subscription service. Its goal is to make it easier for people to protect a business in today’s fast-changing security and risk environment. The company expanded its technology portfolio in 2019 through a pair of acquisitions, buying data migration technology provider Simply Migrate to help customers and prospects move to the cloud more quickly, reliably, and inexpensively. Mimecast also purchased email security startup DMARC Analyzer to reduce the time, effort, and cost associated with stopping domain spoofing attacks. Mimecast acquired Segasec earlier this month, a leading provider of digital threat protection. With the acquisition of Segasec, Mimecast can provide brand exploit protection, using machine learning to identify potential hackers at the earliest stages of an attack. The solution also is engineered to provide a way to actively monitor, manage, block, and take down phishing scams or impersonation attempts on the Web.

MobileIron – A long-time leader in mobile management solutions, MobileIron is widely recognized by Chief Information Security Officers, CIOs and senior management teams as the de facto standard for unified endpoint management (UEM), mobile application management (MAM), BYOD security, and zero sign-on (ZSO). The company’s UEM platform is strengthened by MobileIron Threat Defense and MobileIron’s Access solution, which allows for zero sign-on authentication. Forrester observes in their latest Wave on Zero Trust eXtended Ecosystem Platform Providers, Q4 2019 that “MobileIron’s recently released authenticator, which enables passwordless authentication to cloud services, is a must for future-state Zero Trust enterprises and speaks to its innovation in this space.” The Wave also illustrates that MobileIron is the most noteworthy vendor as their approach to Zero Trust begins with the device and scales across mobile infrastructures. MobileIron’s product suite also includes a federated policy engine that enables administrators to control and better command the myriad of devices and endpoints that enterprises rely on today. Forrester sees MobileIron as having excellent integration at the platform level, a key determinant of how effective they will be in providing support to enterprises pursuing Zero Trust Security strategies in the future.

One Identity – One Identity is differentiating its Identity Manager identity analytics and risk scoring capabilities with greater integration via its connected system modules. The goal of these modules is to provide customers with more flexibility in defining reports that include application-specific content. Identity Manager also has over 30 direct provisioning connectors included in the base package, with good platform coverage, including strong Microsoft and Office 365 support. Additional premium connectors are charged separately. One Identity also has a separate cloud-architected SaaS solution called One Identity Starling. One of Starling’s greatest benefits is its design that allows for it to be used not only by Identity Manager clients, but also by clients of other IGA solutions as a simplified approach to obtain SaaS-based identity analytics, risk intelligence, and cloud provisioning. One Identity and its approach is trusted by customers worldwide, where more than 7,500 organizations worldwide depend on One Identity solutions to manage more than 125 million identities, enhancing their agility and efficiency while securing access to their systems and data – on-prem, cloud, or hybrid.

SECURITI.ai – SECURITI.ai is the leader in AI-Powered PrivacyOps, that helps automate all major functions needed for privacy compliance in one place. It enables enterprises to give rights to people on their data, be responsible custodians of people’s data, comply with global privacy regulations like CCPA, and bolster their brands.

The AI-Powered PrivacyOps platform is a full-stack solution that operationalizes and simplifies privacy compliance using robotic automation and a natural language interface. These include a Personal Data Graph Builder, Robotic Automation for Data Subject Requests, Secure Data Request Portal, Consent Lifecycle Manager, Third-Party Privacy Assessment, Third-Party Privacy Ratings, Privacy Assessment Automation and Breach Management. SECURITI.ai is also featured in the Consent Management section of Bessemer’s Data Privacy Stack shown below and available in Bessemer Venture Partner’s recent publication How data privacy engineering will prevent future data oil spills (10 pp., PDF, no opt-in).

Worldwide spending on information security and risk management systems will reach $131B in 2020, increasing to $174B in 2022 approximately $50B will be dedicated to protecting the endpoint according to Gartner’s latest Information Security and Risk Management forecast. Cloud Security platform and application sales are predicted to grow from $636M in 2020 to $1.63B in 2023, attaining a 36.8% Compound Annual Growth Rate (CAGR) and leading all categories of Information & Security Risk Management systems. Application Security is forecast to grow from $3.4B in 2020 to $4.5B in 2023, attaining a 9.7% CAGR. Security Services is projected to be a $66.9B market this year, increasing from $62B in 2019. AI, Machine Learning And The Race To Improve Cybersecurity The majority of Information Security teams’ cybersecurity analysts are overwhelmed today analyzing security logs, thwarting breach attempts, investigating potential fraud incidents and more. 69% of senior executives believe AI and machine learning are necessary to respond to cyberattacks according to the Capgemini study, Reinventing Cybersecurity with Artificial Intelligence. The following graphic compares the percentage of organizations by industry who are relying on AI to improve their cybersecurity. 80% of telecommunications executives believe their organization would not be able to respond to cyberattacks without AI, with the average being 69% of all enterprises across seven industries. Top 10 Cybersecurity Companies To Watch In 2020 STATISTA The bottom line is all organizations have an urgent need to improve endpoint security and resilience, protect privileged access credentials, reduce fraudulent transactions, and secure every mobile device applying Zero Trust principles. Many are relying on AI and machine learning to determine if login and resource requests are legitimate or not based on past behavioral and system use patterns. Several of the top ten companies to watch take into account a diverse series of indicators to determine if a login attempt, transaction, or system resource request is legitimate or not. They’re able to assign a single score to a specific event and predict if it’s legitimate or not. Kount’s Omniscore is an example of how AI and ML are providing fraud analysts with insights needed to reduce false positives and improve customer buying experiences while thwarting fraud. The following are the top ten cybersecurity companies to watch in 2020: Absolute – Absolute serves as the industry benchmark for endpoint resilience, visibility and control. Embedded in over a half-billion devices, the company enables more than 12,000 customers with self-healing endpoint security, always-connected visibility into their devices, data, users, and applications – whether endpoints are on or off the corporate network – and the ultimate level of control and confidence required for the modern enterprise. To thwart attackers, organizations continue to layer on security controls — Gartner estimates that more than $174B will be spent on security by 2022, and of that approximately $50B will be dedicated protecting the endpoint. Absolute’s Endpoint Security Trends Report finds that in spite of the astronomical investments being made, 100 percent of endpoint controls eventually fail and more than one in three endpoints are unprotected at any given time. All of this has IT and security administrators grappling with increasing complexity and risk levels, while also facing mounting pressure to ensure endpoint controls maintain integrity, availability and functionality at all times, and deliver their intended value. Organizations need complete visibility and real-time insights in order to pinpoint the dark endpoints, identify what’s broken and where gaps exist, as well as respond and take action quickly. Absolute mitigates this universal law of security decay and empowers organizations to build an enterprise security approach that is intelligent, adaptive and self-healing. Rather than perpetuating a false sense of security, Absolute provides a single source of truth and the diamond image of resilience for endpoints. Centrify - Centrify is redefining the legacy approach to Privileged Access Management (PAM) with an Identity-Centric approach based on Zero Trust principles. Centrify’s 15-year history began in Active Directory (AD) bridging, and it was the first vendor to join UNIX and Linux systems with Active Directory, allowing for easy management of privileged identities across a heterogeneous environment. It then extended these capabilities to systems being hosted in IaaS environments like AWS and Microsoft Azure, and offered the industry’s first PAM-as-a-Service, which continues to be the only offering in the market with a true multi-tenant, cloud architecture. Applying its deep expertise in infrastructure allowed Centrify to redefine the legacy approach to PAM and introduce a server’s capability to self-defend against cyber threats across the ever-expanding modern enterprise infrastructure. Centrify Identity-Centric PAM establishes a root of trust for critical enterprise resources, and then grants least privilege access by verifying who is requesting access, the context of the request, and the risk of the access environment. By implementing least privilege access, Centrify minimizes the attack surface, improves audit and compliance visibility, and reduces risk, complexity, and costs for the modern, hybrid enterprise. Over half of the Fortune 100, the world’s largest financial institutions, intelligence agencies, and critical infrastructure companies, all trust Centrify to stop the leading cause of breaches – privileged credential abuse. Research firm Gartner predicts that by 2021, approximately 75% of large enterprises will utilize privileged access management products, up from approximately 50% in 2018 in their Forecast Analysis: Information Security and Risk Management, Worldwide, 4Q18 Update published March 29, 2019 (client access reqd). This is not surprising, considering that according to an estimate by Forrester Research, 80% of today’s breaches are caused by weak, default, stolen, or otherwise compromised privileged credentials. Deep Instinct – Deep Instinct applies artificial intelligence’s deep learning to cybersecurity. Leveraging deep learning’s predictive capabilities, Deep Instinct’s on-device solution protects against zero-day threats and APT attacks with unmatched accuracy. Deep Instinct safeguards the enterprise’s endpoints and/or any mobile devices against any threat, on any infrastructure, whether or not connected to the network or to the Internet. By applying deep learning technology to cybersecurity, enterprises can now gain unmatched protection against unknown and evasive cyber-attacks from any source. Deep Instinct brings a completely new approach to cybersecurity enabling cyber-attacks to be identified and blocked in real-time before any harm can occur. Deep Instinct USA is headquartered in San Francisco, CA and Deep Instinct Israel is headquartered in Tel Aviv, Israel. Infoblox - Infoblox empowers organizations to bring next-level simplicity, security, reliability and automation to traditional networks and digital transformations, such as SD-WAN, hybrid cloud and IoT. Combining next-level simplicity, security, reliability and automation, Infoblox is able to cut manual tasks by 70% and make organizations’ threat analysts 3x more productive. While their history is in DDI devices, they are succeeding in providing DDI and network security services on an as-a-service (-aaS) basis. Their BloxOne DDI application, built on their BloxOne cloud-native platform, helps enable IT, professionals, to manage their networks whether they're based on on-prem, cloud-based, or hybrid architectures. BloxOne Threat Defense application leverages the data provided by DDI to monitor network traffic, proactively identify threats, and quickly inform security systems and network managers of breaches, working with the existing security stack to identify and mitigate security threats quickly, automatically, and more efficiently. The BloxOne platform provides a secure, integrated platform for centralizing the management of identity data and services across the network. A recognized industry leader, Infoblox has a 52% market share in the DDI networking market comprised of 8,000 customers, including 59% of the Fortune 1000 and 58% of the Forbes 2000. Kount – Kount’s award-winning, AI-driven fraud prevention empowers digital businesses, online merchants, and payment service providers around the world to protect against payments fraud, new account creation fraud, and account takeover. With Kount, businesses approve more good orders, uncover new revenue streams, improve customer experience and dramatically improve their bottom line all while minimizing fraud management cost and losses. Through Kount’s global network and proprietary technologies in AI and machine learning, combined with flexible policy management, companies frustrate online criminals and bad actors driving them away from their site, their marketplace, and off their network. Kount’s continuously adaptive platform provides certainty for businesses at every digital interaction. Kount’s advances in both proprietary techniques and patented technology include mobile fraud detection, advanced artificial intelligence, multi-layer device fingerprinting, IP proxy detection and geo-location, transaction and custom scoring, global order linking, business intelligence reporting, comprehensive order management, as well as professional and managed services. Kount protects over 6,500 brands today. Mimecast – Mimecast improves the way companies manage confidential, mission-critical business communication and data. The company's mission is to reduce the risks users face from email, and support in reducing the cost and complexity of protecting users by moving the workload to the cloud. The company develops proprietary cloud architecture to deliver comprehensive email security, service continuity, and archiving in a single subscription service. Its goal is to make it easier for people to protect a business in today’s fast-changing security and risk environment. The company expanded its technology portfolio in 2019 through a pair of acquisitions, buying data migration technology provider Simply Migrate to help customers and prospects move to the cloud more quickly, reliably, and inexpensively. Mimecast also purchased email security startup DMARC Analyzer to reduce the time, effort, and cost associated with stopping domain spoofing attacks. Mimecast acquired Segasec earlier this month, a leading provider of digital threat protection. With the acquisition of Segasec, Mimecast can provide brand exploit protection, using machine learning to identify potential hackers at the earliest stages of an attack. The solution also is engineered to provide a way to actively monitor, manage, block, and take down phishing scams or impersonation attempts on the Web. MobileIron – A long-time leader in mobile management solutions, MobileIron is widely recognized by Chief Information Security Officers, CIOs and senior management teams as the de facto standard for unified endpoint management (UEM), mobile application management (MAM), BYOD security, and zero sign-on (ZSO). The company’s UEM platform is strengthened by MobileIron Threat Defense and MobileIron’s Access solution, which allows for zero sign-on authentication. Forrester observes in their latest Wave on Zero Trust eXtended Ecosystem Platform Providers, Q4 2019 that “MobileIron’s recently released authenticator, which enables passwordless authentication to cloud services, is a must for future-state Zero Trust enterprises and speaks to its innovation in this space.” The Wave also illustrates that MobileIron is the most noteworthy vendor as their approach to Zero Trust begins with the device and scales across mobile infrastructures. MobileIron’s product suite also includes a federated policy engine that enables administrators to control and better command the myriad of devices and endpoints that enterprises rely on today. Forrester sees MobileIron as having excellent integration at the platform level, a key determinant of how effective they will be in providing support to enterprises pursuing Zero Trust Security strategies in the future. One Identity – One Identity is differentiating its Identity Manager identity analytics and risk scoring capabilities with greater integration via its connected system modules. The goal of these modules is to provide customers with more flexibility in defining reports that include application-specific content. Identity Manager also has over 30 direct provisioning connectors included in the base package, with good platform coverage, including strong Microsoft and Office 365 support. Additional premium connectors are charged separately. One Identity also has a separate cloud-architected SaaS solution called One Identity Starling. One of Starling’s greatest benefits is its design that allows for it to be used not only by Identity Manager clients, but also by clients of other IGA solutions as a simplified approach to obtain SaaS-based identity analytics, risk intelligence, and cloud provisioning. One Identity and its approach is trusted by customers worldwide, where more than 7,500 organizations worldwide depend on One Identity solutions to manage more than 125 million identities, enhancing their agility and efficiency while securing access to their systems and data – on-prem, cloud, or hybrid. SECURITI.ai - SECURITI.ai is the leader in AI-Powered PrivacyOps, that helps automate all major functions needed for privacy compliance in one place. It enables enterprises to give rights to people on their data, be responsible custodians of people’s data, comply with global privacy regulations like CCPA and bolster their brands. The AI-Powered PrivacyOps platform is a full-stack solution that operationalizes and simplifies privacy compliance using robotic automation and a natural language interface. These include a Personal Data Graph Builder, Robotic Automation for Data Subject Requests, Secure Data Request Portal, Consent Lifecycle Manager, Third-Party Privacy Assessment, Third-Party Privacy Ratings, Privacy Assessment Automation and Breach Management. SECURITI.ai is also featured in the Consent Management section of Bessemer’s Data Privacy Stack shown below and available in Bessemer Venture Partner’s recent publication How data privacy engineering will prevent future data oil spills (10 pp., PDF, no opt-in). Top 10 Cybersecurity Companies To Watch In 2020 SOURCE: BESSEMER VENTURE PARTNERS, HOW DATA PRIVACY ENGINEERING WILL PREVENT FUTURE DATA OIL SPILLS , SEPTEMBER, 2019. (10 PP., PDF, NO OPT-IN). Transmit Security - The Transmit Security Platform provides a solution for managing identity across applications while maintaining security and usability. As criminal threats evolve, online authentication has become reactive and less effective. Many organizations have taken on multiple point solutions to try to stay ahead, deploying new authenticators, risk engines, and fraud tools. In the process, the customer experience has suffered. And with an increasingly complex environment, many enterprises struggle with the ability to rapidly innovate to provide customers with an omnichannel experience that enables them to stay ahead of emerging threats.

Transmit Security – The Transmit Security Platform provides a solution for managing identity across applications while maintaining security and usability. As criminal threats evolve, online authentication has become reactive and less effective. Many organizations have taken on multiple point solutions to try to stay ahead, deploying new authenticators, risk engines, and fraud tools. In the process, the customer experience has suffered. And with an increasingly complex environment, many enterprises struggle with the ability to rapidly innovate to provide customers with an omnichannel experience that enables them to stay ahead of emerging threats.

Centrify’s Tim Steinkopf On How To Think Like A Cybersecurity CEO

Centrify’s Tim Steinkopf On How To Think Like A Cybersecurity CEO

Tim Steinkopf is CEO at Centrify, where he leads the management, strategic direction, and execution of the company’s vision. Tim initially joined Centrify as Chief Financial Officer in October 2011 and took over as CEO in January 2019. Before Centrify, he held CFO positions at Secure Computing Corporation (acquired by McAfee), SumTotal Systems, Purfresh, and Silicon Entertainment. Tim has also held executive and management positions with Watt/Peterson and Ernst & Young.

Under Tim’s leadership, Centrify is only one of five cybersecurity companies with six or more years on Inc.’s annual list of America’s 5000 fastest-growing private companies. Centrify’s many honors include being awarded Gartner Peer Insights Customer’s Choice 2019 award earlier this year.

Tim is also a member of the Forbes Tech Council, and his latest article, Five Skills Necessary To Transition From CFO to CEO, shares how the lessons he learned from serving as a CFO for over two decades prepared him for the role of CEO. He says the one clear key attribute of CFOs is the ability to apply a metrics-driven approach to all facets of a business. The ability to orchestrate initiatives, programs, and strategies across the many departments of a company and have them all contribute to the metrics that define organizational success is vital and provides CFOs invaluable training in their progression to leading a company.

I had the opportunity to sit down with Tim recently for an executive Q&A to learn how Centrify is separating itself from the pack in crowded cybersecurity space, under his leadership and in partnership with private equity investor Thoma Bravo:

Louis:            Centrify is only one of five cybersecurity companies with six or more years on Inc.’s annual list of America’s 5000 fastest-growing private companies. What are the most effective growth strategies that also deliver strong profitability today that keep Centrify growing?

Tim:                I’m going to break this into two pieces because I think there’s a difference between growth versus profitability.

On the growth side, you can only attain the Inc. 5000 ranking by looking at a cumulative period of time. So, it isn’t that we’ve just grown for six years, it’s that we’ve had the ability to sustain growth over a rolling four-year period. To maintain placement on that list, we’ve had to excel at the details of how we serve our customers. It is quite an accomplishment and congratulations to all the current and former Centrify employees who were involved in that.

The real driver is our history of innovation. Centrify has always been an innovator, and we’ve always paid attention to our market, our drivers, and what our customers are saying. We’re trying to be a step or two ahead of our customers. If you’re able to do that, and you’re able to continue to innovate, then you can drive additional adoption of your solution set, and continue to drive growth.

Profitability does go hand in hand, but it’s slightly different because now you’re talking about effective, efficient growth. As CFO, I always had an eye on ROI and how to put capital, resources, and additional headcount to use, such that we could drive growth. Then you often ask yourself if you are driving it as efficiently as possible. And that’s where making the right kind of bets in technology for running and growing the business make a difference. It’s also about deploying into the correct markets so that you can land and then sustain growth.

Louis:            In a previous interview, you mentioned the need for balanced metrics and change management strategies. Would you like to comment on those aspects of being a CEO?

Tim:                It all comes down to the role of the CEO, leading a company to accomplish its goals. CEOs report to the board of directors, who ultimately set the goals for any company. And when you’re a CEO, you want to do everything possible to get to those goals. Knowing how the different parts of the company run and knowing where and how to allocate resources and change management all contributes to achieving the company’s goals.

Louis:            How has Thoma Bravo, after becoming the majority investor in Centrify, helped your company pursue new partner, product, and service initiatives?

Tim:               TB is known for placing winning bests, and investing in Centrify is a real feather in our cap. It’s seen by partners, prospects, and customers as a vote of confidence. We’ve been in business for over 15 years, are perennially in the Gartner Magic Quadrant, a leader in the Forrester Wave, and a leader in the channel as recognized by Computer Reseller news. We’ve got our own pedigree, and that’s great. Then you add on the fact that TB is a majority investor, and our reputation is even stronger.

Regarding product and service initiatives, TB spends a lot of time and effort on each investment, and they have a great track record, specifically in InfoSec and cybersecurity. They came in and said, “Hey, our investment thesis is to take Centrify and split it into two companies, where each will have a better ability to focus and compete, and that will drive more efficient resource allocation, and growth opportunities.” Centrify current iteration formed as a result of the investment thesis being implemented, and we’re excelling in our chosen market.

Louis:            Gartner Peer Insights awarded Centrify with the 2019 Customer’s Choice recognition recently. What do you attribute your customers’ success to, and their willingness to share their stories online on forums include Gartner’s Peer Insights and others? They’re so critical to sale cycles right now.

Tim:                Customer references are so important, and this is where we have to give credit to the greater Centrify organization. We have a customer-centric attitude, and that is why our customers are willing to speak up, which gives us the opportunity to compete and win awards, including Customer’s Choice 2019 and others.

Behind the scenes, it includes building and delivering a solid solution set combined with services. Once our solution is installed, we work quickly and in close collaboration with our customers to make sure it’s working and meeting their requirements. We view every customer relationship as a partnership, and how we implement our identity-centric PAM solutions for them is essential to a successful journey for them. We measure our success by our customers’ results, and if they are achieving their goals.

Louis:            Privileged Access Management (PAM) shows potential in 2020 as a growth market. What are Centrify’s plans to capitalize on this market momentum?

Tim:                That’s absolutely the market we’re in and serving customers with solutions for today. Going back 10 to 15 years, legacy approaches to PAM were thought of only in terms of password vaulting. We’ve strived to stay in step with our customers, as they’ve shown us that deploying a vault-only approach to PAM is not enough. They need to move beyond the vault and move to an identity-centric approach.

When organizations deploy a vault-only solution, they’re enabling login with shared admin or root accounts, and so that is a generic approach that is not identity-centric. Centrify’s solution helps organizations to centralize authentication and have their employees request access to specific resources with specific privilege elevation rights while also tracking all activity for audits, compliance, forensics, and regulatory purposes. Our customers place a high value on all of these aspects of our solution as it provides non-repudiation across their environments and better protects resources against cyberthreats.

The real potential for growth are the drivers moving PAM beyond the vault. It’s becoming more identity-centric, with a least privilege access approach. That message is resonating across the industry, and people get it. The biggest driver is the fact that 80% of the breaches are occurring because privileged credentials are getting compromised. Since they’re not identity-centric, too much privilege exists, which means the attack surface is greater, and it continues to get breached.

Louis:            What are the most challenging aspects of being CEO of a fast-growing cyber security company today?

Tim:                The most challenging aspects of being a CEO are the most exciting. One of the most energizing is competing in a very dynamic market. That’s what motivates me and why I’ve been in tech a long time.

Advances in technology drive the market, and it motivates companies, customers, and investors to take advantage of those advances and drive their business forward. At Centrify, our core focus is to capitalize on technology gains to help our customers achieve their goals by bringing new products to market. These include cloud, Infrastructure-as-a-Service (IaaS), machine learning, and other key strategic technologies. We’re always interested in utilizing new technologies, as the bad actors are also doing their own development of new ways to compromise our customers and their systems. They are looking for the weakest link.

We are completely committed to what we’re doing to stay ahead of those bad actors. Since technology continues to evolve and change, it makes the industry/market very dynamic.

Louis:            When you visit with Centrify customers, what’s the most interesting feedback you’re hearing from them?

Tim:                Our customer is normally the infrastructure and/or security people and teams. Who we primarily interact with is determined by the structure of a given customer’s organization. The people deploying, running, and supporting the networks and IT environments, who are responsible for those areas, are who we primarily work with.

The one common theme we hear from them is that they’re just trying to keep up. They look to us for help doing that, specifically how they can make privileged access management more efficient and effective across their organizations. Our customers look to Centrify so they can capitalize on our decades of expertise and complete commitment to providing privileged access management solutions that scale with their business.

They all know that it only takes one compromised, privileged credential to ruin their day, affecting millions of customers and costing hundreds of thousands (or millions) of dollars. One of our challenges in helping our customers is to help them face the challenge of educating upwards in their organizations as to the importance of having the proper tools for cybersecurity.

Louis:            When you get invited into a prospect’s bake-off to compare PAM vendors, why does Centrify win? And how do you proceed into a Proof of Concept following winning a bake-off?

Tim:                The number one reason we win is because we have a strong vision around identity-centric privileged access management. In addition, many organizations are undergoing digital transformations, and the majority of organizations have a hybrid IT and cloud environment. This includes on-premises, hybrid cloud and multi-cloud environments, and ephemeral environments. The ability to manage all of those different aspects with a central approach to identity is much more efficient and effective in the long run.

We see customers looking to make this their ongoing infrastructure deployment strategy, which will set them up for the future. That, and having a more encompassing solution set that addresses their greatest security risks are how we are differentiating today.

Louis:            Your customer base appears to have a robust multi-cloud strategy, combining AWS, Microsoft Azure, and Google Cloud Platform. What’s a major challenge many are facing when migrating to cloud, and what does the future look like in terms of securing their identity and privileged access?

Tim:                Multi-cloud didn’t really shape our strategy because we are based on a central repository for identity. Implicit in that approach is having everybody log in as themselves while providing them the freedom to do their jobs. And when it comes to least privileged access, we focus on allowing just enough access to every member to get their work done, while tracking every login to ensure compliance.

We’ve always supported that vision with an architecture that would span on-premises and cloud systems because nobody is going to completely do multi-cloud overnight. It’s a journey that begins by recognizing the business need for a hybrid IT environment that includes multi-cloud integration and platforms.

Our architecture is based on a cloud-based privileged access service that connects to wherever our customer’s identity store is. Through the use of cloud connectors, we can provide centralized identity and privileged access into your workloads running within a Virtual Private Cloud (VPC). We find most customers have multiple VPCs and their architected to be generic, which reflects the fact our customers end up with more than one infrastructure as a service platform provider. We’re able to handle that and provide privileged access management across all those environments.

It’s the strength of our privileged access service and our cloud connectors give our customers the option of selecting a thin client that deploys on their workloads within different VPCs, and then comes back to the service and communicates with various connected identity stores. It’s designed to be a very efficient architecture, and it plays well in ephemeral, quickly-changing elastic environments to support the requirements and scale needs of the business. Our architecture flexes and provides identity and privileged access management across their unique cloud and on-premise system configurations.

 

10 Predictions How AI Will Improve Cybersecurity In 2020

10 Predictions How AI Will Improve Cybersecurity In 2020

Capgemini predicts 63% of organizations are planning to deploy AI in 2020 to improve cybersecurity, with the most popular application being network security.

Cybersecurity is at an inflection point entering 2020. Advances in AI and machine learning are accelerating its technological progress. Real-time data and analytics are making it possible to build stronger business cases, driving higher adoption. Cybersecurity spending has rarely been linked to increasing revenues or reducing costs, but that’s about to change in 2020.

What Leading Cybersecurity Experts Are Predicting For 2020

Interested in what the leading cybersecurity experts are thinking will happen in 2020, I contacted five of them. Experts I spoke with include Nicko van Someren, Ph.D. and Chief Technology Officer at Absolute Software; Dr. Torsten George, Cybersecurity Evangelist at Centrify; Craig Sanderson, Vice President of Security Products at Infoblox; Josh Johnston, Director of AI, Kount; and Brian Foster, Senior Vice President Product Management at MobileIron. Each of them brings a knowledgeable, insightful, and unique perspective to how AI and machine learning will improve cybersecurity in 2020. The following are their ten predictions:

  1. AI and machine learning will continue to enable asset management improvements that also deliver exponential gains in IT security by providing greater endpoint resiliency in 2020. Nicko van Someren, Ph.D. and Chief Technology Officer at Absolute Software, observes that “Keeping machines up to date is an IT management job, but it’s a security outcome. Knowing what devices should be on my network is an IT management problem, but it has a security outcome. And knowing what’s going on and what processes are running and what’s consuming network bandwidth is an IT management problem, but it’s a security outcome. I don’t see these as distinct activities so much as seeing them as multiple facets of the same problem space, accelerating in 2020 as more enterprises choose greater resiliency to secure endpoints.”
  2. AI tools will continue to improve at drawing on data sets of wildly different types, allowing the “bigger picture” to be put together from, say, static configuration data, historic local logs, global threat landscapes, and contemporaneous event streams.  Nicko van Someren, Ph.D., and CTO at Absolute Software also predict that“Enterprise executives will be concentrating their budgets and time on detecting cyber threats using AI above predicting and responding. As enterprises mature in their use and adoption of AI as part of their cybersecurity efforts, prediction and response will correspondingly increase.”
  3. Threat actors will increase the use of AI to analyze defense mechanisms and simulate behavioral patterns to bypass security controls, leveraging analytics to and machine learning to hack into organizations. Dr. Torsten George, Cybersecurity Evangelist at Centrify, predicts that “threat actors, many of them state-sponsored, will increase their use and sophistication of AI algorithms to analyze organizations’’ defense mechanisms and tailor attacks to specific weak areas. He also sees the threat of bad actors being able to plug into the data streams of organizations and use the data to further orchestrate sophisticated attacks.”
  4. Given the severe shortage of experienced security operations resources and the sheer volume of data that most organizations are trying to work through, we are likely to see organizations seeking out AI/ML capabilities to automate their security operations processes. Craig Sanderson, Vice President of Security Products at Infoblox also predicts that “while AI and machine learning will increasingly be used to detect new threats it still leaves organizations with the task of understanding the scope, severity, and veracity of that threat to inform an effective response. As security operations becomes a big data problem it necessitates big data solutions.”
  5. There’s going to be a greater need for adversarial machine learning to combat supply chain corruption in 2020. Sean Tierney, Director of Threat Intelligence at Infoblox, predicts that “the need for adversarial machine learning to combat supply chain corruption is going to increase in 2020. Sean predicts that the big problem with remote coworking spaces is determining who has access to what data. As a result, AI will become more prevalent in traditional business processes and be used to identify if a supply chain has been corrupted.”
  6. Artificial intelligence will become more prevalent in account takeover—both the proliferation and prevention of it. Josh Johnston, Director of AI at Kount, predicts that “the average consumer will realize that passwords are not providing enough account protection and that every account they have is vulnerable. Captcha won’t be reliable either, because while it can tell if someone is a bot, it can’t confirm that the person attempting to log in is the account holder. AI can recognize a returning user. AI will be key in protecting the entire customer journey, from account creation to account takeover, to a payment transaction. And, AI will allow businesses to establish a relationship with their account holders that are protected by more than just a password.”
  7. Consumers will take greater control of their data sharing and privacy in 2020. Brian Foster, Senior Vice President Product Management at MobileIron, observes that over the past few years, we’ve witnessed some of the biggest privacy and data breaches. As a result of the backlash, tech giants such as Apple, Google, Facebook and Amazon beefed up their privacy controls to gain back trust from customers. Now, the tables have turned in favor of consumers and companies will have to put privacy first to stay in business. Moving forward, consumers will own their data, which means they will be able to selectively share it with third parties, but most importantly, they will get their data back after sharing, unlike in years past.
  8. As cybersecurity threats evolve, we’ll fight AI with AI. Brian Foster, Senior Vice President Product Management at MobileIron, notes that the most successful cyberattacks are executed by highly professional criminal networks that leverage AI and ML to exploit vulnerabilities such as user behavior or security gaps to gain access to valuable business systems and data. All of this makes it extremely hard for IT security organizations to keep up — much less stay ahead of these threats. While an attacker only needs to find one open door in an enterprise’s security, the enterprise must race to lock all of the doors. AI conducts this at a pace and thoroughness human ability can no longer compete with, and businesses will finally take notice in 2020.
  9. AI and machine learning will thwart compromised hardware finding its way into organizations’ supply chains. Rising demand for electronic components will expand the market for counterfeit components and cloned products, increasing the threat of compromised hardware finding its way into organizations’ supply chains. The vectors for hardware supply-chain attacks are expanding as market demand for more and cheaper chips, and components drive a booming business for hardware counterfeiters and cloners. This expansion is likely to create greater opportunities for compromise by both nation-state and cybercriminal threat actors. Source: 2020 Cybersecurity Threats Trends Outlook; Booz, Allen, Hamilton, 2019.
  10. Capgemini predicts 63% of organizations are planning to deploy AI in 2020 to improve cybersecurity, with the most popular application being network security. Capgemini found that nearly one in five organizations were using AI to improve cybersecurity before 2019. In addition to network security, data security, endpoint security, and identity and access management are the highest priority use cases for improving cybersecurity with AI in enterprises today. Source: Capgemini, Reinventing Cybersecurity with Artificial Intelligence: The new frontier in digital security.
10 Predictions How AI Will Improve Cybersecurity In 2020

Source: Capgemini, Reinventing Cybersecurity with Artificial Intelligence: The new frontier in digital security.

How To Excel At Secured Cloud Migrations With A Shared Responsibility Model

How To Excel At Secured Cloud Migrations With A Shared Responsibility Model

  • 60% of security and IT professionals state that security is the leading challenge with cloud migrations, despite not being clear about who is responsible for securing cloud environments.
  • 71% understand that controlling privileged access to cloud service administrative accounts is a critical concern, yet only 53% cite secure access to cloud workloads as a key objective of their cloud Privileged Access Management (PAM) strategies.

These and many other fascinating insights are from the recent Centrify survey, Reducing Risk in Cloud Migrations: Controlling Privileged Access to Hybrid and Multi-Cloud Environments, downloadable here. The survey is based on a survey of over 700 respondents from the United States, Canada, and the UK from over 50 vertical markets, with technology (21%), finance (14%), education (10%), government (10%) and healthcare (9%) being the top five. For additional details on the methodology, please see page 14 of the study.

What makes this study noteworthy is how it provides a candid, honest assessment of how enterprises can make cloud migrations more secure by a better understanding of who is responsible for securing privileged access to cloud administrative accounts and workloads.

Key insights from the study include the following:

  • Improved speed of IT services delivery (65%) and lowered total cost of ownership (54%) are the two top factors driving cloud migrations today. Additional factors include greater flexibility in responding to market changes (40%), outsourcing IT functions that don’t create competitive differentiation (22%), and increased competitiveness (17%). Reducing time-to-market for new systems and applications is one of the primary catalysts driving cloud migrations today, making it imperative for every organization to build security policies and systems into their cloud initiatives.

How To Excel At Secured Cloud Migrations With A Shared Responsibility Model

 

  • Security is the greatest challenge to cloud migration by a wide margin. 60% of organizations define security as the most significant challenge they face with cloud migrations today. One in three sees the cost of migration (35%) and lack of expertise (30%) being the second and third greatest impediments to cloud migration project succeeding. Organizations are facing constant financial and time constraints to achieve cloud migrations on schedule to support time-to-market initiatives. No organization can afford the lost time and expense of an attempted or successful breach impeding cloud migration progress.

How To Excel At Secured Cloud Migrations With A Shared Responsibility Model

  • 71% of organizations are implementing privileged access controls to manage their cloud services. However, as the privilege becomes more task-, role-, or access-specific, there is a diminishing interest of securing these levels of privileged access as a goal, evidenced by only 53% of organizations securing access to the workloads and containers they have moved to the cloud. The following graphic reflects the results.

How To Excel At Secured Cloud Migrations With A Shared Responsibility Model

 

  • An alarmingly high 60% of organizations incorrectly view the cloud provider as being responsible for securing privileged access to cloud workloads. It’s shocking how many customers of AWS and other public cloud providers are falling for the myth that cloud service providers can completely protect their customized, highly individualized cloud instances. The native Identity and Access Management (IAM) capabilities offered by AWS, Microsoft Azure, Google Cloud, and others provide enough functionality to help an organization get up and running to control access in their respective homogeneous cloud environments. Often they lack the scale to adequately address the more challenging, complex areas of IAM and Privileged Access Management (PAM) in hybrid or multi-cloud environments, however. For an expanded discussion of the Shared Responsibility Model, please see The Truth About Privileged Access Security On AWS and Other Public Clouds. The following is a graphic from the survey and Amazon Web Services’ interpretation of the Shared Responsibility Model.

How To Excel At Secured Cloud Migrations With A Shared Responsibility Model

 

  • Implementing a common security model in the cloud, on-premises, and in hybrid environments is the most proven approach to making cloud migrations more secure. Migrating cloud instances securely needs to start with Multi-Factor Authentication (MFA), deploying a common privileged access security model equivalent to on-premises and cloud systems, and utilizing enterprise directory accounts for privileged access. These three initial steps set the foundation for implementing least privilege access. It’s been a major challenge for organizations to do this, particularly in cloud environments, as 68% are not eliminating local privilege accounts in favor of federated access controls and are still using root accounts outside of “break glass” scenarios. Even more concerning, 57% are not implementing least privilege access to limit lateral movement and enforce just-enough, just-in-time-access.

How To Excel At Secured Cloud Migrations With A Shared Responsibility Model

  • When it comes to securing access to cloud environments, organizations don’t have to re-invent the wheel. Best practices from securing on-premises data centers and workloads can often be successful in securing privileged access in cloud and hybrid environments as well.

Conclusion

The study provides four key takeaways for anyone working to make cloud migrations more secure. First, all organizations need to understand that privileged access to cloud environments is your responsibility, not your cloud providers’. Second, adopt a modern approach to Privileged Access Management that enforces least privilege, prioritizing “just enough, just-in-time” access. Third, employ a common security model across on-premises, cloud, and hybrid environments. Fourth and most important, modernize your security approach by considering how cloud-based PAM systems can help to make cloud migrations more secure.

%d bloggers like this: