What is your product and what does it do?

Lessons I learned trying to make the most of vendor briefingsI’ve always been a sort of ‘cut-to-the-chase’ kind of guy. I’m self-taught when it comes to security and technology. Over the years, I’ve learned how to skim through a book, article or website to extract the important information. Sometimes I’m just trying to figure out how to do something, or I’m looking for an answer to a specific question.Just tell me what time it is, I don’t need to know how atomic time clock frequency standards work.Conversely, I also have an appreciation for context and a good story — as long as you eventually get to the point.Anatomy of a Vendor BriefingHere’s how the average vendor briefing usually goes.The WebEx Tax (5min)Waiting for everyone to join, restarting WebEx or some other screen-sharing app because it’s misbehaving. Chit-chat about weather and where everyone is physically based, or happens to be at the moment. I quickly communicate that attempts to talk sports are wasted on me — I just don’t follow them anymore.Introductions (5min)These are important — I want to understand who I’m talking to. I want to know whether or not I can ask technical questions. I want to understand the backgrounds of who is on the phone.About the company (5min)How...
Read more

What’s the dominant professional network in your country?

LinkedIn isn’t always the dominant social network for professionals… but what takes its place in those locations?PurposeTypically, I don’t start off an essay by stating it’s purpose, but since it’s primary purpose is to ask a question, I want to make that clear up front. This essay is part of a fact-finding mission. I’m hoping to get some feedback from internationally-aware readers on how professionals network with each other in countries where LinkedIn isn’t the dominant network. It might not even be online — in countries where the Internet isn’t yet as pervasive or reliable, local coffee shops may still be the primary location where business networking occurs — I don’t know. That’s the question I’m posing with this essay:If LinkedIn isn’t the dominant professional network in your country, culture or region… what is?Please, if you have information that can help, leave it in the comments. If there’s enough data, I’ll put together a followup article to this one with my results.Background on LinkedInThere are good reasons behind why Microsoft paid $26.2 billion USD for LinkedIn in 2016, and the company’s revenue model isn’t one of them. Mind you, $26.2 billion makes this the third largest tech acquisition to date, behind only the recent Dell/EMC...
Read more

Medigate takes a surgical approach to protecting medical devices from cyberattacks

A Savage Security Market ReportGraphic courtesy MedigateOne of the primary challenges with IoT Security is how specific the threats are. While classes of devices have common vulnerabilities and attack surface, most are completely different. It’s unlikely we’ll ever see a single product designed to protect both cars and hospitals, for example. For that reason, Medigate has chosen to focus primarily on addressing hospitals and medical device security.This isn’t just an issue with IoT or specific verticals either. All enterprises, businesses and networks are different and, as such, each product purchased to secure them must be customized to some extent. Studies on shelfware by Osterman Research and 451 Research suggest that the time and effort necessary to implement and manage a solution are linked to the likelihood it will fail and become shelfware. By focusing specifically on medical devices and hospital networks, Medigate aims to streamline the customization process.CompanyMedigate comes out of stealth today, with an impressive $5.35m in seed funding, lead by YL Ventures with additional funding from Blumberg Capital (not to be confused with Bloomberg Beta). Medigate is based in Tel Aviv and is led by co-founders Jonathan Langer (CEO), Itay Kirshenbaum (VP R&D) and Pini Pinhasov (VP...
Read more

Bad Rabbit, Good Practice

We’ve been getting our heads around this latest malware — third in a series that have several things in common:Worm component using SMB to spreadRansomware payloads (or at least, posing as ransomware)Leveraging NSA-sourced exploits that were patched earlier this year, via MS17–010.You would think we’d be immune to the same attacks by now, but it’s still:Time consuming to harden networks and Active DirectoryTime consuming to harden WindowsHard to patchSo, yes, there are still systems that will fall prey to these attacks, and as long as there are, we’ll keep seeing the same attack vectors. Still, we found some interesting insights to share.Kyle’s TakeI think it would be a good idea to just remind users that any software installations and upgrades will always come from company staff, and users should not seek out their own software upgrades or installations without consulting with IT first. The reason being is the infection vector (fake Adobe Flash Player upgrade that’s actually a malware dropper) can be avoided altogether by coordinating all software upgrades and installs via IT. However, if not coordinated by IT, then perhaps give them a heads up about phony software that tries to trick users into installing malware, and you can use Adobe Flash as an example.As it appears...
Read more

My scariest moment in security

Written for Tripwire’s “scariest moment in security” Halloween seriesI’ve had many “oh crap, I’m totally getting fired for this” moments in security (I never did get fired). The scariest single moment, however, was probably during a red team assessment overseas.We were in the Middle East during The Arab Spring. In fact, the engagement was actually a result of some Arab Spring-related events. There were three of us, and assessing physical security was one of my tasks. We were onsite at a large industrial complex that also had several office buildings. I was using social engineering, picking locks and other techniques to break into areas that should have been secure.I had made my way into a closet in one of the office buildings. The closet contained about a dozen file cabinets, with single-pin locks that were trivial to pick. I have video of one of my kids picking a similar lock at the age of five. I was going through the contents of these file cabinets and taking pictures when I heard someone outside the door. I turned off the light and did my best file cabinet impression behind the door.As the door opened, I stayed behind it, on the side of...
Read more

Violet: Threatcare’s virtual assistant for security tasks

A Savage Security Market ReportCybersecurity AI gets a little less artificial…Threatcare is a startup that first caught Savage Security’s attention a few years ago. We were not only taken with the concept of attack simulation, but also with founder Marcus Carey’s vision for a security product that’s as easy to use as it is effective. The average security product typically wouldn’t win any awards for user interface (UI) or user experience (UX) design, but that’s starting to change in this industry.Fast forward to today and Threatcare is releasing the third iteration of its product, which is still almost entirely SaaS and web-based. This latest incarnation is not just a UI/UX facelift, however. The big new feature unveiled today has a name: Violet.https://medium.com/media/cbf85ea4c9838118226ecb490183bb5f/hrefCompany DataThreatcare was founded by Marcus Carey in 2014, employs ten and is headquartered in Austin, Texas. Carey went through Mach37’s cybersecurity accelerator program as part of the Fall 2014 group of ‘cohort’ companies. The product launched the following summer and later rebranded as Threatcare. As Threatcare, the company also went through the Techstars Austin accelerator program in early 2017. The product strategy has consistently been a subscription-based SaaS approach.One of several advisers is ex-Tenable founder,...
Read more

Equifax breached, no eyebrows raised

Yet another breach from yet another organization that could and should have done better.UPDATE: Equifax executives caught dumping stockI generally try to stay away from media and other sources that might influence my writing when putting together a story, choosing to focus on just the related facts. It turns out I missed an interesting side story here that further casts Equifax in a negative light.Jump down to the timeline section in this article — it’s right after the embedded video. Take a good look at the gaps between events — especially when Equifax became aware of the intrusion. Then come back here.These three senior executives claim that a week ago, on August 1st and August 2nd, they weren’t aware of the breach. Plausible? Let’s look at their roles.John Gamble, CFOJoseph Loughran, president of U.S. information solutionsRodolfo Ploder, president of workforce solutionsAre you thinking what I’m thinking? Yeah, the latter two execs have the kinds of titles we give to employees we can’t fire, but want to keep from causing trouble. Aside from that, John Gamble sticks out like a sore thumb here.Gamble, Loughran and Ploder. Three men who are likely practicing their “shocked and surprised” faces in a mirror right now.I spent...
Read more

Startup Axonius steps in to help enterprises (re)tackle the basics

A Savage Security Market ReportThe security industry is full of solutions to prevent advanced and sophisticated attacks, but somehow we still lack the basic ability to perform effective asset discovery and identification. Of all the controls we consider to be ‘the basics’ of information security, asset management is considered the first and most critical. This is why Savage Security is interested in what Axonius will be up to in the near future.Company DataAxonius is an Israeli security startup focusing on the problem of asset discovery and management. YL Ventures led a $4 million seed round for Axonius, with Vertex Ventures and Emerge participating.Identifying the ProblemAxonius will focus, in particular, on the influx of IoT devices in the enterprise. Yoav Leitersdorf, managing partner at YL Ventures, has described this influx as a “Cambrian-like explosion”. Yoav’s description isn’t far off the mark, though the problem is even more problematic than just new devices. The average organization still struggles with existing devices. The Bring Your Own Device (BYOD) trend that emerged in the late-2000s is still an unsolved problem for a significant percentage of organizations today.During the Cambrian period, nearly every major animal phylum we have today emerged in a relatively...
Read more

Words have meanings

Once again, accusations and hyperbole touch on important issues… and ultimately serve as a distractionOur language is increasingly devalued in the security industry by constant attempts to create new terms and embellish in the name of differentiating a constant influx of new brands and productsTL;DRWhat’s going on? A security services firm called DirectDefense published a report, penned by the firm’s CEO, Jim Broome. This report accuses Carbon Black products of leaking customer data.What’s the issue? Carbon Black’s Cb Response product can be configured to automatically upload samples to VirusTotal. Sometimes these samples contain customer-sensitive data.What’s the accusation? DirectDefense asserts that, with the Share binaries with VirusTotal option enabled, Cb Response is “the world’s largest pay-for-play data exfiltration botnet”.What’s the evidence? DirectDefense found that they can isolate samples uploaded to VirusTotal using Cb Response’s API key, leading them to attribute customer leaks to Carbon Black.Conclusion: Is this bullshit? Short version? Yes.As you might imagine, there’s a whole lot more to it. This post isn’t intended as a rebuttal, but as an analysis of the real issue at hand here that customers need to be educated on (hint: it isn’t Cb Response).What should we do about it? There’s no TL;DR for this — you’ll have...
Read more
Page 1 of 212