We’re excited to announce Trend Reports by DZone beginning with Application Security! Everyone involved in building applications — from developers to CTOs — should think about security ramifications. This Trend Report will explore what developers feel are the most prominent threats, where corporate priorities lie, and how secure coding practices are being implemented. Keep an eye on your inbox and our homepage on July 22nd to learn more.
To understand the current and future state of the cybersecurity landscape we spoke to, and received written responses from, 50 security professionals. We asked them, “What are some use cases you’d like to highlight?”
Here’s what they told us about use cases in different industries. Industry use cases were covered in a previous article.
- Sensitive data systems that aren’t properly protected today include: 1) Homegrown and proprietary systems, 2) Production Servers, 3) Critical IT infrastructure: Hypervisors, DCs, IaaS, network devices, 4) Financial systems: SWIFT, PCI-DSS CDE environments, 5) Healthcare systems: EMR/HER, PACS, Medical equipment, 6) Databases and file shares, 7) SCADA, IIoT and IoT devices, 8) And many more.
- The norm for most enterprises is using a VPN and a direct link. This has been around for 20 years, but implementing it effectively can cost a bundle. We create highly available solutions to protect the data. We move the VPN stack and make it cheaper. It’s a more cost-effective and secure solution. Moving the stack closer reduces the cost. VPN routers can be expensive. We do not require hardware devices; we make it a software stack. Scale up or out in software stack. Turn your commodity server in your own router, closer to your environment and data.
- In Europe, around GDPR, we’ve helped our client with a data catalog to delete 70 percent of their documents because they’re obsolete. This reduces risk exposure tremendously. We’re a society of information hoarders. Most companies have been storing information for years. We collect information and never clean it up. To clean up hoarding, you need to throw things out, store things securely, and identify high-value and high-risk data and documents to create order out of chaos.
- The largest use case is, of course, the impact of the European Commission (EC) Directive 2016/679 General Data Protection Regulation (GDPR), which has forced a detailed look at the state of security for data.
- We did catch both malicious and unwilling insiders.
People are not always malicious. Just careless or ignorant of the policies.
In many cases, we were able to detect a breach that was undetected for a while, prove the origin of the breach, and identify the damage that was done. A significant number of people doesn’t mean it’s bad, but it does not practice good security hygiene. Technology helps to keep the enterprise healthy by identifying problems and the user. Detect violations and correct as soon as possible. You cannot detect an abnormality if you do not have policies in place. One customer asked to detect exfiltration cases in their network. We asked, “what is allowed, what can employees do with data?” There were zero restrictions with regards to email, downloads and cloud usage. You need basic security policies and procedures for users to monitor and prevent malicious activities.
- Some of the most important use cases that CISO/CSOs are focused on are multi-cloud security, API-security, DevSecOps, SecOps automation, and EDR.
- The classic and most common is using adaptable pipeline functionality to drop new scanning technology into the DevOps pipeline. This used to take a year. However, processes have been modified to accommodate new tools. When a client has a software pipeline, it shouldn’t take more than a few hours to add a stage to scan containers. You need to know what you have in production. Software pipeline automaton should give you insight into this. Dealing with hundreds or thousands of dependencies, you need to know what you have and what you are running. You have to know your bill of materials so you can tell if you are vulnerable.
- We’re seeing organizations rapidly deploying (or hoping to deploy) new applications that give their customers better features within customer-facing applications, portals, and API-based services. These need to be secured for any business-critical, financial, or compliance-driven use case, and that’s where we help.
- We help clients across the board. We try to get them to implement vulnerability management programs. It’s the only way for them to protect themselves. The security landscape is evolving quickly. We work with them to run scans weekly or monthly and have the ability to scan during regular business hours (Daylight Scanning Time) so it doesn’t slow down business and you can identify and remediate issues quickly. In a perfect world, you will run scans on a weekly basis.
- We are a product company for cyber threat platform. Use cases are derived for what we do. We drive intelligence to trust and verify to pivot against emerging threats. Do you understand your brand? Are you having the right level of monitoring to prevent the threats? How quickly can you extract the information and make it actionable to defend against imminent attacks?
- We constantly hear “the perimeter is dead.” But this DOES NOT MEAN that companies should contemplate deploying systems that were designed to be INSIDE a perimeter WITHOUT a perimeter. Modern, secure systems that are designed to be secure in a perimeter-less environment, for example, Apple’s iOS, are deployed as a service, with automated updates and massive investment in security-by-design, vulnerability discovery, disclosure, and remediation. If a system’s vendor doesn’t provide a service to maintain an always-up-to-date system, then don’t put it on the internet; place it inside a perimeter. While awareness is growing, we continue to see businesses ignore the security associated with embedded/headless/IoT devices and systems.
- 1) IoT cameras have been compromised (e.g. the Nest baby monitor kidnapping threat, other Nest hacks). The malware moves laterally through the network and compromises the home computer. We prevent that from happening. 2) We also enable parental controls — to be able to keep kids safe from security vulnerabilities from internet access and inappropriate content. As well as connected home management, allowing users to manage their connected home devices and optimize Wi-Fi performance.
- Some customers have a fragmented application security testing program. Internally developed applications are managed in different repositories than business applications managed in other asset inventories. Consistent risk management practices are needed to bring all of the applications together and identifying SLAs making sure they are all enforced across the application stack. We’ve helped customers implement holistic, comprehensive application measure across the software stack from risk analysis to remediation. We set up rule-based ticket creation mechanisms to create tickets consistently based on rules and policies and pushing out them out to external ITSM systems like ServiceNow or JIRA to do the lifecycle management. Comprehensive risk-management from end-to-end – identification, prioritization, remediation, reporting.
Here’s who shared their insights:
- Josh Mayfield, Director of Security Strategy, Absolute
- Jim Souders, CEO, and Anne Baker, V.P. of Marketing, Adaptiva
- Steven Aiello, security and compliance solutions principal, AHEAD
- Gadi Naor, CTO and Co-founder, Alcide
- Omer Benedict, Senior Director of Product Management, Aqua Security
- Tom Maher, CTO, Asavie
- Gaurav Banga, CEO and Founder, Balbix
- Nitzan Miron, V.P. Product Management, Application Security Services, Barracuda
- Cam Roberson, Director of the Reseller Channel, Beachhead Solutions
- Anurag Kahol, CTO, Bitglass
- Syed Abdur, Director of Product Management and Design, Brinqa
- Laura Lee, Executive Vice President of Rapid Prototyping, Circadence
- Andrew Lev, CEO, Cliff Duffey, Founder and President, Bethany Allee, Vice President Marketing, Cybera
- Brian Kelly, Head of Conjur Engineering, CyberArk
- Doug Dooley, COO, Data Theorem
- Jason Mical, Cyber Security Evangelist, Devo Technology
- OJ Ngo, CTO, DH2i
- Tom DeSot, EVP CIO, Digital Defense, Inc.
- Chris DeRamus, Co-founder and CTO, DivvyCloud
- Alan Weintraub, Office of the CTO, DocAuthority
- Tom Conklin, CISO, Druva
- Anders Wallgren, CTO, Electric Cloud
- Satish Abburi, founder, Elysium Analytics
- Sean Wessman, Americas Cyber Markets, Sectors and Business Development Leader, EY
- Ambuj Kumar, Co-founder and CEO, Fortanix
- Josh Stella, co-founder and CTO, Fugue
- Kathy Wang, Senior Director of Security, GitLab
- Amith Nair, VP Product Marketing, HashiCorp
- Mike Puglia, Chief Customer Marketing Officer, Kaseya
- Nathan Turajski, Director of Product Marketing, Micro Focus
- Gary Duan, Chief Technology Officer, NeuVector
- Gary Watson, CTO and Founder, Nexsan
- Stephen Blum, CTO and Co-founder, PubNub
- Chuck Yoo, President, Resecurity
- Roey Eliyahu, CEO and Co-founder, Chris Westphal, Head of Product Marketing, Salt Security
- Sivan Rauscher, CEO and Co-founder, SAM Seamless Networks
- Igor Baikalov, Chief Scientist, Securonix
- Oege de Moor, CEO and Co-founder, Semmle
- Dana Tamir, VP Market Strategy, Silverfort
- Logan Kipp, Technical Architect, SiteLock
- Albert Zenkoff, Security Architect, Software AG
- Tim Brown, V.P. Security Architecture, SolarWinds
- Todd Feinman, Co-founder and Chief Strategy Officer, Spirion
- Tim Buntel, VP of Application Security Products, Threat Stack
- Andrew Useckas, Founder and CTO, ThreatX, Inc.
- Joseph Feiman, Chief Strategy Officer, WhiteHat Security
- Vincent Lussenberg, Director of DevOps Strategy, XebiaLabs
- Robert Hawk, Operations Security Lead, xMatters