Enteprise Security - Security Conference Attendees Attempt to Keep Up With Increasing Threats
Security perimeter protection is insufficient. Statistics are being quoted from left and right at the Black Hat Conference in Las Vegas. In one workshop, a theoretical deployment of two in-line firewalls and two in-line IPS, by top name security vendors, still had detection failure rates as high as 45%. The lesson is that no piece of hardware or software will ever stop all attacks. Ultimately, whether a customer chooses Check Point Software Technologies Ltd., Palo Alto Networks Inc., Fortinet Inc., Cisco Systems Inc., Sourcefire Inc. or even has a deployment with multiple firewall and IPS vendors, companies continue to be vulnerable.
Multi-vendor approach to security preferred. Large companies often prefer a multi-vendor approach to security. A multi-vendor in-line strategy helps to provide a second level of defense against threats that make it through the first level. Some customers see value in diversifying their security so that the products can cover each other's weaknesses. Additionally, different departments and business units are often in different silos, and each one may have a different security solution.
Vulnerability identification and remediation take priority. A top concern for many of the attendees was identifying the vulnerabilities in their companies' networks and products. One security manager in the healthcare industry said, "Vulnerabilities in the system, zero-day exploits and the OWASP [Open Web Application Security Project] top 10 are my biggest concerns." A Canadian security professional said, "Vulnerability testing is a top priority. We use Rapid7 [Inc.] for vulnerability assessments." A security professional in the banking industry also cited Rapid7 as a leader in the vulnerability space. He said, "Rapid7 is the only one who deals with cybersecurity. They are the only ones. No one else does what they do. If someone doesn't have Rapid 7, then they either do open source, or they have built their own."
A security manager from a pharmaceutical company said liking a product isn't enough to warrant buying it. Companies have invested so much in their security architecture that they are looking for solutions that cover the gaps and fit within the architecture already in place. This source said he would love to have Rapid7 over Qualys Inc., but they aren't going to throw out what is already in place. "Our company chose Qualys over Rapid7 because Rapid7 was a small company when we went to deploy and the CEO didn't want us to work with a small company at that time. Most of the time we build what we want; products on the market cover a lot of risks, but there are a lot of areas not covered. We try to use open source when we can."
Malware threats continue to grow. Security sources see the number and sophistication of threats continuing to evolve. One briefing highlighted companies within the underground market selling malicious code with a nine-month SLA for $249. A security professional from a consumer products company said, "There is always a way to evade tools, and there is a cat-and-mouse situation with the criminals always moving ahead of the security staff trying to protect against them. At first, hackers were just trying to crack code for fun, then it became malicious, and now there is financial incentive."
Multiple vendors competing against FireEye. Many new companies exhibiting at Black Hat are trying to get attention in the anti-malware space, likening themselves to FireEye Inc., Bromium Inc. and Invincea Inc. were mentioned as vendors to watch in the addressing the anti-malware market. Bromium, whose product is nine months young, sets up virtual sessions for each task and sees itself as complementary to FireEye rather than competitive. Invincea also addresses malware security threats from the endpoint, putting targeted applications in "secure virtual containers" at the endpoint.
Ahnlabs Inc., a Korean company most known for security software, including anti-virus, and network firewalls, entered the U.S. market about nine months ago, pushing its Malware Defense System. Seculert, an Israeli company, offers a 100% cloud-based anti-malware product. Addressing the "94% of malware that comes through the Web," start-up company Spikes Inc. showcased its secure web browser poised to compete against Citrix Systems Inc.
Regulation and compliance are important. Security professionals are motivated by government and industry regulation and compliance due to hefty fines. Companies do internal audits and also perform third-party audits to ensure compliance. However, despite efforts at following best practices, security professionals cite a gap between how top management wants to address security concerns and the desires of the security teams. A security professional from a pharmaceutical company said, "C-levels don't understand the security issues. Then they bring in big consulting firms so they look like they've covered their bases in case they are attacked. Yet we don't have the tools and strategies we need."
Customers love Splunk. Security professionals use Splunk Inc. for data aggregation and searching for anomalies. One Splunk customer said, "We get a lot of data, but we need to understand and find weaknesses for solutions if someone gets in the system." Another Splunk customer said, "Splunk is a good aggregator of data, whereas we use LogRhythm Inc. for just log management."
For more of OTR Global's ongoing coverage of the cybersecurity market, see recent comments from General Michael Hayden at OTR's Viewpoint Dinner hosted by Bill Richards.
Image courtesy of Black Hat USA 2013
