SiliconANGLE article by Jason Bloomberg
The annual enterprise cybersecurity conference Black Hat exploded into Las Vegas this week, giving the Moscone-constrained RSA Conference earlier this year a run for its money.
On the one hand, cybersecurity’s popularity is understandable. Bad actors continue to innovate, and threats continue to proliferate. The cybersecurity needs of organizations continue to multiply as a result.
On the other hand, why haven’t the vendors gotten a handle on cybersecurity by now? After all, they’ve been working on the problem for years. Given the expanding exhibit floor at Black Hat, there appears to be no shortage of cybersecurity vendors ready to address the problem.
After interviewing more than a dozen of the most interesting vendors at the conference, a pattern emerged: The cybersecurity product landscape has become overly fragmented. There are simply too many vendors in too many market categories, as the large analyst firms encourage the vendors to sort themselves into this bucket or that.
This fragmentation and the resulting complexity play into bad actors’ hands. Hackers love to exploit the cracks between security products – and there are plenty of cracks. How should enterprises plug them?
How next-gen cybersecurity vendors are plugging the cracks
You can’t fix the cracks in your cybersecurity posture unless you can see them, so the first step will always be a comprehensive scan to build an inventory of the items in question.
For example, Reco Labs uses AI to identify suspicious human behavior patterns among interactions with software-as-a-service applications. After scanning relevant customer data, Reco then categorizes the results by level of sensitivity.
Reco then delivers an explicit risk profile for all SaaS interactions across the organization. According to Ofer Klein, CEO of Reco, this risk profile gives customers an “oh shit!” moment as they realize just how many human behaviors across their organizations are unnecessarily risky.
Sentra Inc. performs similar scans for its customers, focusing on the data in the organization’s cloud databases, data warehouses, and anywhere else data might reside in the cloud.
As with Reco, Sentra classifies data by sensitivity and gives them the appropriate security context (which data are encrypted, what is the data’s exposure level, who can access which data and the like).
Sentra can even find “shadow data,” data that are hidden from the view and management of the information technology organization.
Phosphorus Cybersecurity can provide the same type of enlightenment for the extended internet of things, or xIoT. The company secures embedded devices from factory equipment controllers to medical devices to cameras.
The first step: Phosphorus scans its customers’ environments to identify and analyze all embedded devices. The result: Customers are surprised by how many devices were entirely off their radar.
Phosphorus identifies and fixes out of date firmware, insecure passwords, expired certificates and other cyberhygiene issues. Many enterprises have no idea how prevalent such issues are across their IT and operational technology estates.