Beruflich Dokumente
Kultur Dokumente
Dear Readers,
With this open issue of the magazine we would like to invite you
to read a collection of our best interviews so far. Weve chosen
twenty from those we did since June 2015 and gave them a new
look.
Hopefully you will find some time during your summer vacations
to go and take a look - all those perspectives are fascinating,
with some a lot has changed. To show you that, we invited our
interviewees again to tell us what was new.
We would like to thank all companies and their representatives
for sharing their experiences with us and our audience. We hope
that we can continue the conversation for years to come!
THE TEAM
Editor-in-Chief
Joanna Kretowicz
joanna.kretowicz@eforensicsmag.com
Editors:
Marta Sienicka
sienicka.marta@hakin9.com
Marta Strzelec
marta.strzelec@eforensicsmag.com
Marta Ziemianowicz
marta.ziemianowicz@eforensicamag.com
Senior Consultant/Publisher:
Pawe Marciniak
CEO:
Joanna Kretowicz
joanna.kretowicz@eforensicsmag.com
Marketing Director:
Joanna Kretowicz
joanna.kretowicz@eforensicsmag.com
DTP
Marta Strzelec
marta.strzelec@eforensicsmag.com
Cover Design
Hiep Nguyen Duc
Publisher
Hakin9 Media Sp. z o.o.
02-676 Warszawa
ul. Postpu 17D
Phone: 1 917 338 3631
www.eforensicsmag.com
All trademarks, trade names, or logos mentioned or used are the property of their respective owners.
The techniques described in our articles may only be used in private, local networks. The editors hold no responsibility for misuse of the
presented techniques or consequent data loss.
ii
iii
TABLE OF CONTENTS
5
92
Barricade
CAT
13
99
Access Data
Stealth Worker
21
105
ReSec
MinerEye
30
112
Hades
Protecode
39
119
Lucy
TopSpin
45
126
QuadMetrics
Secbro
52
140
WiActs
Lenzner Group
60
150
Cynja
72
157
Logical Ops
Hexigent Forensics
78
169
Panopticon Labs
IronScales
BARRICADE
David Coallier
Founder
Published: June 12th 2015
INCREDIBLY EXCITING
TIME FOR THE SECURITY
INDUSTRY
Barricade works so well thanks to artificial intelli-
groups of actors.
each model.
that fit in your idea or integrating them together? Have you ever had a situation when two
learning models were just not compatible?
We have incompatible data models all the time
and thats where domain expertise comes in as
well as weights. We run a lot of different predictive
models for a single decision.
obtrusive manner.
transition.
faces.
the internet.
the sense that you had to be an expert to run, manage, monitor and fix servers. Products came along
and provided the IT industry with an alternative,
something much more accessible and approachable. I believe security to be in a similar situation
incumbents as well.
with?
interesting opinions. Many small and medium businesses dont seem to think they are at risk if they
dont process payments. Another common misunderstanding is the too-small-to-be-hacked. To us
within organisations.
We dont like that and are really working on making a difference in the industry by allowing businesses to understand that security is serious, but if
try!
What would be a perfect security system: a simple or a complex one? Barricade is one of the
think about?
11
About Barricade:
Our Mission is to democratize security through simplicity. From the companies who are creating the next generation of web and mobile experiences, to anyone putting a website together for the first time, Barricade is the security platform to protect what's valuable to you.
WWW
12
ACCESSDATA
Abdeslam Afras
Vice President of International Markets
Published: July 21st 2015
new directions?
Our view is that mobile devices will be the dominant topic of conversation in the coming years. People are really moving away from traditional computers and toward mobile devices; as they do that, the
law enforcement has to rely on mutual legal assistance or other forms of international cooperation.
In the past, there have been various forms of support, but the trend within the European Union is towards applying mutual assistance more freely. I
eration in investigations.
the idea that users are open to the idea of doing fo-
a matter of time before this bleeds over into forensics and takes hold. On the investigations side, the
rity?
Our view is that, given the increasing pace and complexity of data security threats, corporations abso-
17
that its an ongoing battle, with new digital assets being created every day and new attacks being developed daily as well. Since the sophistication of assaults and complexity of IT environments have risen
rapidly, this challenge cuts across operations, risk
management, legal and technology functions. Companies should make this a broad initiative, while partnering with a leader such as AccessData for incident
response management.
Do you have any thoughts, experiences or advice
that you would like to share with our readers?
Sure, one thing your readers should keep an eye on
in the coming years is that the digital forensics industry is going to grow significantly as we enter a new
age of computing shaped by the Internet of Things
(IoT). As the IoT introduce more devices, more data
and a variety of evidence types into our world, we
must identify new approaches in order to gain access
to this rich source of potential evidence. All of the
new connected applications will be pieces of evidence and will make the industry much bigger and
even more valuable in the next few years, pushing us
to a whole new level. Many existing challenges are
exacerbated by the cloud, jurisdictional issues and
international coordination, but the current environment also brings unique opportunities for new investigative approaches, which I am looking forward to
monitoring.
Thank you for speaking with us.
18
SPECIAL EDITION
FOLLOW-UP
rate leadership. As far as product innovation, last October we announced the simultaneous launches of Summation 6.0 and FTK 6.0, improving interoperability between the
industrys only integrated forensics and e-discovery software platform. The new versions
of the flagship products have been well received by customers, business partners and industry observers. AccessData has significant momentum in the international forensics software marketplace right now.
How has the field changed?
In terms of the field of forensics product sales, I would say the sales professionals in our
industry are unique and its no longer good enough to be a usual business-to-business
sales person. In our industry in 2016, everyone in the field needs to be an expert, but also
a trusted partner. We take that commitment seriously and have been working even harder
to establish trust, credibility and value with each one of our customers. We feel its our
responsibility to not only understand the products and the software requirements, but to
deeply understand every customers unique needs so that we can effectively collaborate
with them to solve complex problems. In this new era in our industry, we want to function
as a partner who is there to set up every customer for success.
How did your view on forensics change?
One thing I have observed as a change is that forensics has become a requirement in virtually every single organization. The number of cases and the sizes of individual cases has
increased dramatically. We are expecting cases in the range of 1PB very soon. Mobile forensics has a much higher priority importance than ever before. There are still not enough
experts in the industry to support the demand, but we can see a lot of people are studying forensics in universities all over the world and the number of new professionals coming into our business should be viewed as good news for all of us who want to see the industry continue to grow.
19
AccessData Group has pioneered digital forensics and litigation support for more than twenty years. Over that time,
the company has grown to provide both stand-alone and enterprise-class solutions that can synergistically work together to enable both criminal and civil E-Discovery of any kind, including digital investigations, computer forensics,
legal review, compliance, auditing and information assurance. More than 130,000 customers in law enforcement, government agencies, corporations and law firms around the world rely on AccessData software solutions, and its premier
digital investigations products and services.
WWW
20
RESEC
Dotan Bar Noy
Co-founder and CEO
Published: August 10th 2015
tors:
why do so many large corporations fail to defend themselves against cyber threats and what
do they need to change in their strategies, if
anything?
Organizations, especially in recent years, are very
focused on trying to improve all aspects of their
cyber defenses. Their perception of defense has
broadened and they are combining active preven-
The actual security level offered by the underlying technology. Does it actually solve a real problem or is it just a cool, well marketed solution.
Ease of use and flexibility. What is the level of
impact on the end users? Does the solution require ongoing daily maintenance in order to operate? How simple is it to modify its policy?
22
tion now?
mechanisms?
lightly.
vative environment?
Israeli companies?
f e re n t l y n o w ? H a s a n y t h i n g c h a n g e d ?
attack vectors when performing penetration testing on U.S. organization would be to leave a USB
DOK near (or at) the office. Social experiments
found that in most cases these devices were soon
after used by employees on the organizations computers (often with the good intention of returning
the data to its owner).
different?
damages.
arm & Reconstruct (CDR) makes prevention a simple and deterministic (!) process. Our motto Dont
search for threats. Prevent them. is exactly the
change we are offering to the perception of prevention. Our solutions ensure that the organizations data is completely free from known and unknown malware, APT, Zero-day threats, without
changing the way users do their job or creating a
lot of additional work for the IT department.
25
Regulation and administration are very susceptible to the snowball effect and their growth can
get out of control rather quickly. Are you wor-
in unnecessary complications?
dents?
Keep you system up-to-date and monitor published vulnerabilities patches. Make sure your users
are using up-to date tools and applications.
26
Do you believe businesses should work towards better communicating with each other about threats?
Nobody likes to talk about how their breach occurred and what exactly failed, but an alliance between enterprises could make the environment a
safer place.
I think that mutual sharing of security information will
benefit all parties on the long run. However, it is difficult to motivate this process between competitors as
this often stands in contrast to the short term goals
of that business. To summarize, I think this is a very
interesting, yet complex, topic and would love to further discuss this on a different occasion.
Do you have any thoughts or advice you would
like to share with our readers?
Yes, we see many small vendors, like ourselves, struggling to offer interesting and useful solution to organizations. The cyber battle will not be won anytime soon, but the part of learning about new challenges and looking for solutions is the fun part. I
think it is vital for the IT/security departments to enjoy the search and make it a major part of the routine. We at Re-Sec see it as our mission to allow organization to be prepared for the rapidly changing
threat-landscape that they are facing today and will
be facing moving forward.
Thank you for talking with us!
27
SPECIAL EDITION
FOLLOW-UP
well. A couple of months ago, we also launched ReSecure Cloud Mail, an extension of our product suite that secures popular cloud-based webmail services including Microsoft Office 365, Gmail and others. This new offering
provides our global customers with additional coverage for users of these platforms and complements our existing threat prevention capabilities on enterprise email, web, FTP, endpoints and digital vaults. This is another way we address the SMB and assist them in preventing cyber threats without integrating
complex solutions.
How has the field changed?
The field is always changing with new threats from one side and new technologies trying to battle them on the other. Our concern is that organizations will
be left behind if theyre unable to quickly adopt the new technologies. It
seems enterprises end up behind the technology curve due to a shortage of
professional employee and budget concerns as well as the lengthy deployment time of many solutions and complex internal processes.
How did your point of view on forensics change?
Forensics play a crucial role in identifying and defeating advanced threats that
are becoming more common nowadays. Since it is such a unique and rare
tradecraft, it is important to use it when and where needed. Using forensics experts to examine every file which is slightly suspicious and ended up in the
sandbox would be to waste this valueable resource. Its much better to process all files using CDR first, and then use forensics on the rare files that are
flagged and quarantined.
28
WWW
29
HADES
Robert Cross
Founder
Published: 27th August 2015
CYBER SECURITY IS
EVERYONES PROBLEM
You run a company that produces security soft-
DES.
and services.
Software is only one layer of many when considering a holistic cyber security strategy. Like the rest
of the world Im a victim of overstimulation from
social and traditional media and the hourly stories
of companies being compromised or hacked. At
the same time you hear about companies launching new security products to thwart hackers but
the hits just keep coming. This was a profound moment of realization that the rate of technology invention in the cyber domain is not keeping pace
with the rate of human (hacker) innovation. The
question we asked ourselves, Is it possible the
ica and didnt feel their backgrounds or credentials would land them the dream job, instead have
to play office politics under the typical big company bureaucracy. In some sense this crowd likes
being off the corporate grid and able to play by
different rules or no rules. Their skepticism lies with
corporate America not being okay with fostering a
no rules environment where this crowd can legitimize their talents, nurture and grow their skill sets,
be professionally respected, socially accepted and
earn a great living and get paid their worth. By far,
the majority prefer going to the bank rather than
trick alone?
on both ends. Essentially, both parties have an opportunity to commercially engage in a protected
and safe environment to put their best up against
each other where anything goes or engagements
can be designed to achieve specific results. The
initial reaction from C-Suite executives was more
I believe crowd sourcing is an incredible way to increase the participation and leverage the global
workforce in an unprecedented way. Everyone has
their 9 to 5 job but crowd sourcing provides another way to contribute expertise to others outside
32
tion be necessary?
33
and share the bounty. Will they tilt up virtual businesses and carve out a niche. It truly will be a window into an underground world that someone will
write a book about someday and provide insight
into behavioral dynamics in such communities or
subcultures. Very fascinating!
Regarding bullying, we will have some basic
rules of engagement while within the HADES environment to maintain a professional decorum. We
will reserve the right to suspend accounts based
ronment.
organize it?
result of software.
35
Where can we find a healthy a compromise between being paranoid about cybersecurity and
ignoring it, as everyday users and as enterprizes? Does a compromise like that even exist?
There are several companies sponsoring bug
bounty programs opened up to a crowd sourcing
model. As one example, Google every year holds
with the keepers of their data and that these companies spare no expense to keep it out of harms
way. I believe both generations are equally at risk
for social engineering attacks.
37
About Hades:
HADES is a start up technology company colliding CYBER | CLOUD | CROWD SOURCING | SOCIAL to disrupt the current Cyber Security marketplace.
HADES seeks to harness the power of Hacker innovation enabling a collaborative and anonymous engagement with corporations seeking to
change their cyber security posture from the Hail Mary Pass to Pro-Active!
WWW
38
LUCY
O l i v e r M n c h o w
Founder
Published: September 8th 2015
BUILD SECURITY
AWARENESS IN ORDER TO
PROTECT YOUR COMPANY
Tell us a little about your company you offer
an unusual service.
own workforce?
to hire external contractors to answer those questions. But with LUCY, companies can simulate their
own customized phishing attacks to identify where
they are at risk. LUCY comes with many e-learning
modules giving the employers the tools to bridge
the gaps.
40
We understand that
trust is essential to
(http://www.geocities.ws/rayvaneng/w0297_06.ht
with patience and step by step. Within the next 23 years we aim at expanding our market share
thanks to a very competitive pricing approach.
Combined with our unique experience not only in
What challenges do you see your company facing in the nearest future?
When you launch a new product, you always face
many challenges. One of our advantage over the
others turns out to be also our biggest challenge
so far: our price. Since our fees are 10 or 100 times
pany.
of security?
WWW
44
QUADMETRICS
Wesley Huffstutter
Published: September 10th 2015
NOTE:
QuadMetrics was acquired by FICO this year, after this
interview took place.
INNOVATION IN
CYBERSECURITY IS
IMPORTANT
Where did the idea for QuadMetrics come
from?
The idea came from years of research at the University of Michigan. Co-founders Mingyan Liu and
46
solutions.]
plaining?
ment indicators. Active threats are things like botnet activity where we see SPAM emanating from
your network. Latent threats are things that could
cause problems in the future or could be used to
cause harm to others; think of open recursive DNS
resolvers, or NTP for DDOS attacks. The last is mismanagement indicators. Simple examples of this
are TELNET enabled servers, infrastructure leakage, like printers available to the outside, selfsigned SSL certificates, and so on. We also have
some more proprietary measures that track the human element in cybersecurity, which by the way, is
most indicative of risk when used with a large and
diverse dataset. We take all this data, and combine
it with our incident data, and are able to do machine learning and make accurate predictions.
cybersecurity. You asked if companies being evaluated will like it and I would say that depends on
your security posture. Those with strong security
postures or those with a lower chance of breach
are going to feel rewarded for their hard work.
The others will protest, but I honestly believe that
it is important to have this risk priced into their
share price. I think the carrot here is lower cyber
48
price.
teams.
50
About FICO:
FICO acquired QuadMetrics in 2016, and continues QuadMetrics support for a holistic, dynamic, and proactive approach tomanagement and
quantificationof the cybersecurity risks faced by enterprise networks.
FICO is a global analytics software company, which is now applying its technology, as well as the collective experience of the QuadMetrics team,
to tackle one of the most challenging problems in Cybersecurity themeasurement of cyber riskwith the goal of creatingactionable metrics
that are immediately useful for mitigating enterprise cybersecurity weaknesses, and ones that arepredictivein nature.
WWW
51
WIACTS
Yaser Masoudnia and Bam Azizi
Published: September 18th 2015
NOTE:
Password?
53
tity management?
ness?
get successfully authenticated, they will gain access to their launch pad, where they can access all
their apps.They dont need to enter another username or password.
How long does that process take?
Yaser: Login process with WiActs NoPassword
takes as long as entering a long password. But remember, once the user is authenticated and gains
access to their launchpad, all of their accounts and
54
Yaser: Both. First, no matter how safe and complicated is your password, it is still vulnerable to different type of attacks including social engineering
and especially phishing. Over 75% of attacks
happen based on stolen credentials. Secondly, users unsafe practices, such as setting up weak passwords, makes companies accounts more vulnerable to attacks. Since we eliminate passwords and
the role of users in setting and entering
conventional credential, NoPassword
makes the authentication process immune to
cyber-attacks.
u s e r e xperience
Does NoPass-
and secu-
word when
rity.
working with
various applications eliminate passwords altogether? Has the companys Twitter account still
got a password somewhere?
Lets keep
in mind that in todays market an IT admin of a
company not only needs to purchase an identity
management system and single sign-on solution
56
using NoPassword.
What are the biggest challenges you see standing before your company? How about before
the whole cybersecurity field?
Yaser: The facts that biggest challenges is that companies and people dont take the threat of cyber
security seriously. They dont think it can happen
to them, only to others.
of lost or stolen phones, because we use our smartphones so much these days that we usually realize
in a matter of minutes if our phone is not with us.
As soon as the user contacts us with the news of
misplaced or stolen phone, we will disconnect
their phone from our system.
Bam: Sharing too much information with thirdparty. As we work with various companies, a wide
range of sensitive information is shared with them.
When we share information, we lose control over
that information and our privacy. Hackers increasingly target these third-party providers and conse-
57
both from external attacks and internal mismanagement of devices. The reality is that employees will
bring their devices including smartphones to work
even if it is against the guideline. Therefore, the best
solution is to use provisioning and deprovisioning to
manage the use of personal devices for work purposes. In our case, we use employees smartphones
to our advantage.
Do you have any advice or thoughts you would
like to share with our readers?
Yaser: Take cyber security attacks seriously, it can
happen to anyone. Dont use easy to remember simple passwords: absolutely no pet name, name of significant other, street address and similar things.
Dont use sticky notes and spreadsheets to remember passwords. Dont overshare on social media.
Dont use similar passwords for all accounts.
Thank you for talking with us!
58
About WiActs:
Its a Sunnyvale base startup, has developed an Identity Management and Single Sign-On solution for enterprises based on multi-factor authentication system. WiActs platform called NoPassword authenticates users using biometrics and other hidden features on users smartphones. WiActs NoPassword gives users the luxury of secure login on all their accounts but without the need for passwords. In this world where weak password management is the main reason behind data breaches, substituting passwords with more secure authentication solutions takes cyber security to the next level. Moreover, WiActs identity management system allows the IT admin to securely provision and deprovision users and control
their access of their accounts.
The company was founded by Yaser Masoudnia, PhD., CEO of WiActs, and Bam Azizi, CTO of WiActs. The company is well received among a
wide range of companies from small tech companies to large financial institutions and healthcare providers. We asked Yaser Masoudnia and Bam
Azizi to tell us more about their solution.
WWW
59
CYNJA
Heather Dahl
Co-founder
Published: October 14th 2015
There was nothing cool, nothing awesomenothing that truly captured this dynamic virtual world.
So I had no choice, I had to write this book myself.
yeah!
61
called CynjaSpace!
and a whole pantheon of new monsters and villains. If youre creative with your storytelling, youll
quickly see our work world is as thrilling as any ad62
in the next large breach but they are very, very con-
line dangers.
drive our digital lives; but thats the view of the cyber world that kids need to experience. Just like
daily life, its not a fairytale; its a place where there
are real consequences.
fare then we are the ones who must fill this void.
65
screen!
And so I write about practicing journalism and cybersecurity for The National Press Foundation. I
write because as our newsrooms continually transition into the digital era so to do our responsibilities as journalists. We must not only write stories
for multi-platform organizations, we must also practice safety as reporters spanning both the real and
virtual worlds.
nalists is nave.
In the past year, Ive had one too many conversations with journalists who dont actively consider
digital safety to be a serious part of their job. Its
more of a nice-to-have rather than a requirement of our work. Ive met reporters who brag
about disabling their antivirus program, seen photographs of sources in a manner that exposes the
persons sensitive data in the background, learned
to speak.
age reports.
goal?
work
pert storylines. Behind the scenes its providing parental activity controls, protections and guidance
on digital parenting.
In the real world, we ease kids into adulthood. But
in the digital world, they are thrown full-force into
the wild. As parents, teachers, and organizational
leaders we struggle to be proper digital guardians
and role models. With CynjaSpace, you get a safe
67
didnt.
68
jeopardy.
know online?
Did you get declined for government benefits because the benefit is getting paid into another account using your childs identification?
If your wallet was stolenwere you carrying information about your children inside?
If the answer is yes to any of these questions, its
time to act! Or if youre a child, tell your parents!
magicians hand produces marvelous results. However, as cyber professionals we know the Internet is
no illusion. A technical understanding of their digi-
69
eration.
About Heather:
Heather C. Dahl writes about the magic in technology. Shes a journalist who has covered politics and foreign affairs on the ground and now she
researches battles in cyberspace. Heathers an Oregonian living in Washington, DC. Heather earned a B.A. from Willamette University, a Masters
in Journalism from Columbia University, and an MBA from The Johns Hopkins University.
About Cynja:
The Cynja is a multi-platform media company focused on making kids awesome in cyberspace through their fun comic series about technology
and cybersecurity.
WWW
71
LOGICAL OPS
Paul Hoffmann
Director of Certification Programs
Published: October 16th 2015
these days?
solution?
CyberSec First Responder (CFR) fits into a gap between existing certifications. There are so many aspects of cybersecurity that you cant cover all of
them in one certification. And many of the certifications on the market today are specific to particular
technologies. But, not everyone uses the same
technology. CFR is a stepping stone and generalist
certification. It is meant to prepare a broader number of people to detect and respond to cyber
threats in any environment.
Follow-up: How did that project go?
opportunities?
profile?
74
other than the cyber security specialists. CFR is designed to give all IT workers an understanding of cyber security so that they can be prepared to recognize problems more readily. We are hoping that CFR
can bring that average detection time down significantly.
I dont believe in feel good medals and being rewarded for showing up. But that said, is it cold to
think that there is nothing that we cant do? I think
human nature is to excel. Channeling that nature to
excel personally requires an honest inventory of your-
75
http://logicaloperations.com/subject-matter-experts-
needed/
76
WWW
77
10
PANOPTICON LABS
Matthew Cook
Co-founder
Published: October 22nd 2015
from?
79
globe.
80
81
specializes in that).
ing industry?
not only where the money is, but theyre also a lot
game account security tools like email confirmation, device reputation and geolocation, or secret
questions are so vulnerable to defeat; the sad truth
is that cyber criminals have had years to learn how
83
rity?
the fight against fraudsters, one of the requirements that was universally listed was zero impact
on their games infrastructure. Given how complex
a very large client/server game application is, and
how sensitive it can be to anything that introduces
lag into that environment this is perfectly understandable and reasonable. Luckily (for Panopticon
Labs, anyway) that requirement doesnt have to be
a hindrance, and in fact is core to the way we monitor and model gameplay behavior. In our opinion
the best tools operate alongside game servers and
clients, not as an operational component of either.
Architecting our solutions in this way guarantees
that at no point will a tool like Watchtower ever
negatively affect the players experience, as well as
assures that our tools cannot be reverse engineered (since theyre essentially invisible to the
end users). I know from building tools for years to
detect fraud in large financial services and electronic transaction platforms that anything a bad
guy can see is something they eventually will defeat its not a question of if but when, so any
game operator investigating potential anti-fraud or
risk management tools should always keep that in
mind.
Who is the main target of such attacks and why?
Any game thats making money for its creators is a
target, unfortunately. Worse, were finding that the
more players (and money) the game attracts, the
84
more attractive it becomes to bad actors. Its a vicious cycle: the developer and the publisher invest
months of work and lots of money to build their
game, market it, get it on Steam or in the app store,
and then just as they start to see some success
BAM! here comes the fraudsters. At their core, these
sorts of bad guys are opportunistic: all they want is
to make a quick buck for themselves at everyone
elses expense its just a business for them. Unless
the publisher is very vigilant and aggressive in getting them out, they can easily drive the good players
away and kill the game before it has a chance to
earn back its development budget, let alone turn a
profit.
What kind of attacks gamers usually have to face?
Attacks aimed directly at gamers are similar to attack
aimed at online banking customers. Just like online
banking, online game accounts can contain valuable
resources that have real-world value to other players
(virtual currency used to purchase things in-game,
rare items, weapons, armor, or high-level characters
that took weeks or months of effort to build up). To
make things worse, were finding that the damage
done to the player usually goes beyond the game;
lots of times the same malware that the bad guys
use to steal a players game ID and password also
ends up compromising their other online accounts,
too, like email, Paypal, online credit card and banking information, and potentially any other private information stored on the device.
You have 3 different solutions: Watchman Searchlight, Dragnet and Watchtower. What is the difference and who is every each of them for?
and about how fraud and risk threats that target the
why I still play games and why I think that, even with
I used to play many games. I dont do this anymore as I tend to lose track of time. Its not good
to spend 6 hours per day gaming before your fi-
SPECIAL EDITION
FOLLOW-UP
Since we last spoke, for example, several new online games were released that enjoyed immediate and major critical and commercial success, titles like Blizzards Overwatch (released on May 24 for PC, Xbox One, and Playstation 4) and, just last week,
Niantics/Nintendos Pokemon GO for mobile. In both cases, major cheating, hacking, and in-game fraud issues were reported by scores of unhappy players in just the
first week of the games operation. In addition, in April, we worked with online threat
researchers at Kaspersky Lab to help signal-boost their findings about a whole new
class of advanced malware built to enable account takeover of player accounts for
the online game distribution platform Steam, called Steam Stealer. These are the
most public examples of very large games or services that have come under concerted attack by bad guys out to enrich themselves at the game publishers and the
players expense, of course, but there are many others, more each and every day, so
clearly this problem seems to only be getting worse, not better.
Thats why were working harder than ever to educate game development, IT security, publishing, and even online game monetization and finance teams about the
very real risks that fraudsters, hackers, and cheaters pose to their businesses and to
the long-term health and stability of their games. As players ourselves, everyone at
Panopticon Labs knows that theres nothing more fun than losing yourself for hours
in a masterfully-crafted virtual world, but as security professionals and businesspeople, we also understand that it takes money to keep the game servers running, to
pay artists and writers to continuously create the ongoing content that players expect, and to hire the programmers, modelers, composers, tech support reps, community managers, accountants, admins, and other staff that make those artistic visions a (virtual) reality. Bottom line: hackers kill virtual worlds, which has a very realworld impact on the gamers who love them, as well as on the livelihoods of the people who make a living making them for us. I and everyone who works at Panopticon
89
Labs has a personal story they can cite where a game we loved playing, a game we invested weeks, if not months, of our lives playing and that we probably spent hundreds
of dollars supporting, was cut down in its prime by the unwanted actions of a relatively
few bad apples.
But the publishers and developers weve worked with have their own stories; about un-
SPECIAL EDITION
FOLLOW-UP
expectedly losing jobs they loved, working on games they hoped would endure for
years, after just a few brief months due to a sudden loss of revenue and irrevocable
player attrition due to these same bad actors activities. Its time for online game publisher and operators to learn that they dont have to accept this as just another cost of
doing business.
90
About Matthew:
Matthew Cook got his first taste of video games at age 8 while visiting his fathers office at a CIA family open house in Washington, DC, shooting
down pixelated space aliens on a government mainframe. He attended art school at the School of the Art Institute of Chicago, where he learned
to program his first PC. After spending 15 years designing and building online cybersecurity and risk management tools for companies such as
CheckFree, Fiserv, Yodlee, and Guardian Analytics, he co-founded Panopticon Laboratories, where he focuses on Product and Business Development. He blogs about video games and security at: http://www.panopticonlabs.com/founders-blog
And yes, he still plays games every day.
WWW
91
11
CYBER ADVANCED
TECHNOLOGY
Bruce Khavar
CEO
Published: November 4th 2015
THE UNHACKABLE
CLOUD
What is your product?
Our current product is a fresh take on cyber security; however, we will expand to the cyber operations and cyber content delivery in 2016. In cyber
security we have two families of devices Anubis
and Ammit. The Anubis Family is designed for
enterprise-level cyber security support and the Ammit Family focuses on protecting the end-point
and Edge-of-the-Cloud domains such as smart
buildings, Smart homes, handheld devices, and so
on.
product?
issues. Protection within cyber security is a complete and comprehensive security; this, through
the endpoint devices and the supportive services.
This service will be subscription-based or through
another arrangement which will be providedby major players.
product?
cret Sauce.
How does information transit the boundary between your environment and other environ-
ments?
94
present-day demands of the internet. We now require interoperation of all elements of the internet.
One aspect is the Internet of Things, but the truth
of the Cyber World reaches way beyond IOT as a
new sense of cyber existence rather than connecting devices in IOT.
You claim the Cyber World is the unhackable
cloud - are you not worried that saying this will
only attract people who take challenges way
too seriously?
The whole project seems to be a major recontruction of the concepts already in use - is that
right? If yes, how did it start? Did it emerge
from frustration with current problems and endless issues?
As they say, Rome was not built in one day. We are
not claiming that this is our project. Instead we
have recognized there is a natural evolution happening, and we are the pioneers offering a real
world solution for the previously unsolvable prob-
This movement has to be as unobtrusive as possible while showing respect for an all legacy world
that includes devices, protocols, APIs, and others.
Through years of experience in factory automation,
CAT has created an almost perfect integration technology and environment that paves the way for
global integration of todays legacy world and future innovations. CATs system-oriented approach
allows for seemingly obsolete devices and technologies to extend their lifespan and continue to
be useful. Therefore, many goals are being accomplished simultaneously: economic factors, preserva-
OT-OCN stands for Operation TechnologyOperation Centric Network. This is an encapsulation of what is going on in todays cyber-centric
businesses; therefore, there is no need for a formal
adaptation. A strong and highly needed feature of
OT-OCN, like security for instance, will act as a
beachhead for the rest of the important cyber solu-
movement.
services, your clients will still most likely use application that are vulnerable?
How did the testing process look? The simulation had to be big to ensure a level of safety
and remain sustainable, did it pose any challenges?
alistic assessments.
not come easily. There is a need for global understanding, which includes access to education and
tools from the devices, to end-users, corporate entities, and governments; for a new internet, we
How about the IoT protection - I assume the devices would also have to be a part of the closed
network? Do you predict that it will take a lot of
97
98
12
STEALTHWORKER
Ken Baylor
CEO
Published: November 23rd 2015
Worker do?
will change?
Fargo for the last 15 years. While I have met exceptional security people over that time, there have
always been fewer talented individuals than were
needed.
100
everyones time.
very hard to fill. They are also expensive. Many CISOs have to compromise. They hire four or five
candidates, all of which are expensive compared
to IT candidates, and then find their budget is
blown and recruiting must stop. So many CISOs
their departments?
company.
101
critical path.
102
103
About Ken:
Dr. Ken Baylor is the founder and CEO of Stealth Worker. For the last 10 years he has served as CISO at multiple tech and financial institutions.
He is recognized as a leader in Data Protection, Bank Security, Agile Information Security and Regulatory Compliance. His recent speaking engagements include RSA, Blackhat, and FS-ISAC. Dr. Baylor is a Certified Information Systems Security Professional (CISSP) and a Certified Information Systems Manager (CISM).
WWW
104
13
MINEREYE
Yaniv Avidan
CEO
Published: December 3rd 2015
In the past few months I see a shift in the importance of defence, awareness, it is growing rapidly
the responsibility on data protection and identification and the actual cyber-attacks are divided between two separate departments. The first is handled by the business and risk control units, and the
second is handled by the Chief Information Security Officer (CISO). This fact worries me, you may
think of it as defending your castle by deploying a
sponsibilities.
troops?
Israeli companies?
tion systems to act. MinerEye has shifted paradigms and concepts in classic machine learning by
enforcing technology fusion as pattern recognition
and computer vision. The technology gives a new
definition to the word learning when a machine
can infer correlation between two pieces of data,
108
What was your inspiration? Is there is any philosophy that drives the company?
ers.
109
would be a much more convenient automated cybersecurity and compliance that run in the background of businesses enabling it rather than limiting it.
Everything related to device connectivity and analyzing the environment, business agility and data
availability. I can foresee the next wave of attacks
110
About Yaniv:
A veteran in data analytics and cyber security domains with over 15 years of hands-on experience. Formerly leading a global cybersecurity program in Intel corralling resources across different teams and organizations spread across multiple geos. Before Intel, Yaniv led several programs
with the Israeli DoD working closely with Lockheed Martin and Cubic defense systems. Yaniv holds a B.Sc. in information systems engineering
from Ben-Gurion University and is a LTC. (res.) in the IDF.
MinerEye is a graduate of Microsoft Accelerator TLV Batch #5:
http://www.geektime.com/2015/01/27/watch-the-waze-for-cancer-patients-and-10-other-startups-at-microsofts-israeli-accelerator/
WWW
111
14
PROTECODE
Mahshad Koohgoli
CEO
Published: December 30th 2015
BUILD SECURITY
AWARENESS IN ORDER TO
PROTECT YOUR COMPANY
Could you please tell our readers a little about
yourself?
track of this?
Today, resourceful software developers use a combination of previously created code, commercial
software, open source software, code from outsourced contractors, and their own creative content to
produce the desired software functionality. Use of
open source software has become widespread in
almost every technology segment and all organizations. Therefore, the sensitivity to understand the
pedigree of all code components, code ownership, and the need for compliance with open
source software licenses, and the necessity of un-
have to obey?
components. Our automated analysis tools can accurately process thousands of files per hour.
114
Are those just simple omissions and honest mistakes, or do they emerge from the lack of professionalism or expertise?
tabase.
Is there awareness about legal issues surrounding code reuse? How often do you find yourself
explaining to developers that just because the
code is open-source it does not mean they can
use it without addressing those issues?
ket.
of complex projects, as long as its use is understood and managed. We have seen an increasing
awareness of the legal obligations associated with
use of open source software. I would say that while
most developers would admit knowledge of copyright issues of any code, in practice, the due diligence associated with the copyright and the permission to use a code (conveyed in a license) is not
there.
Apart from using your services, what can companies do to ensure their code is properly managed?
Over the years, we have compiled a number of
best practices that organizations can adopt to better manage their code base. Organizations that follow our series of simple steps will have better success in managing their code. To organizations, we
highlight the components of what is called an
checks, and balances in place that larger companies have established when it comes to dealing
with open source software or 3rd party code. It is
often not an intentional mistake, but rather a resourcing or awareness issue. The lack of internal
start-ups?
We have audited over a thousand software portfolios, some as small as 2,500 files, and a few as
large as 300,000 files, and we have found licensing
and security impairments, to various degrees, in all
it is not communicated well within the organization. Many organizations lack the standard practice
of including an author tag and stamping their copyrights on their software files, leading to additional
effort and delays in establishing code ownership.
We found that this practice is ignored mainly by
smaller companies (up to 50% in a small portfolio),
while larger organizations have a more rigorous
process in place for standardizing copyrighted
header information.
117
WWW
118
15
TOPSPIN SECURITY
Doron Kolton
CEO
Published: February 4th 2016
getting into the organization. At TopSpin, we believe that a unified approach, which combines different security engines that work in parallel to identify the attackers activity within the organization, is
the way to go. Such a combination allows defense
professionals to aggregate and correlate information gathered by multiple engines, and gain an accurate incident report. The reports that our DE-
120
DECOYnet takes several activities in order to engage the attackers and draw their attention. It
starts by automatically (and persistently) setting as-
minimal configuration and provide accurate, digestible and actionable information thats essential
for their analysis.
stop it?
121
pening?
Well, users need to work and they cant be expected to understand the complexity of cybersecurity. Certainly, employees and managers need to
be educated and they need to be aware of the
industry in Israel and to the IDF activities which provide a sort of greenhouse where a lot of young
talent is grown. These extremely smart engineers
are not only good at developing technology, they
122
nicipality, energy, water, etc.). We have to remember that the attackers will always go first after the
easy targets so not investing in protection is a
certain way to get hacked.
123
124
About Doron:
Doron Kolton, founder and CEO of TopSpin, has 30 years of managerial experience developing advanced software and data security solutions.
Prior to founding TopSpin Security in 2013, Doron was in charge of web application firewall (WAF) development as VP of Engineering of Breach
Security, a position he continued to hold after the company was acquired by Trustwave. Prior to that, Doron held a number of senior management positions including VP of R&D at Gilian Technologies, Head of the Software Department at Motorola Semiconductors (Israel) and Software
Development Manager at Radway.
WWW
125
16
SECBRO
Przemek Shem Radzikowski
Founder
Published: February 24th 2016
IF WERE GOING TO BE
SERIOUS ABOUT SECURITY, WE
NEED TO ADDRESS INTERNAL
THREATS
Hello Przemek, how have you been doing? You
self?
tion of products.
127
come in; a trusted third party capable of conducting detailed vetting and independent research.
One of our last engagements was the evaluation of
a cloud-based virtual hardware security module
(vHSM) implementation. We formulated the attack
vectors, refined the approach and built a proof of
concept (POC) to support our assertions. Then we
set out to break it, or tried very hard to break it.
These types of exhaustive penetration tests provide the necessary validation and give rise to corresponding countermeasures. Obviously, all this happens within a controlled and sanctioned environ-
solutions.
Some of our clients are developing their own products and services both hardware and software.
Here we participate in security architecture and design phases to develop and incorporate security
and assess the effectiveness of existing countermeasures. I do admit that unleashing a barrage of
attacks and applying our trade craft with full consent from the target is a huge perk of the job.
128
rency.
ing.
learning.
wish for.
I believe youre referring to the attribution problem. The first thing people demand after a breach
or an attack is to know who is responsible and on
the internet that isnt always possible. In traditional
warfare, where soldiers are deployed on the
ground, its easy to tell who is responsible by the
uniforms they wear, the language they speak and
the equipment they use. On the other hand, the
internet wasnt designed with these types of cues
in mind and it is still very difficult to track down the
quired to get to the bottom of an attack. It is foolish to think that there is truth in statements naming
an attacker immediately after the incident.
130
operation.
attacker.
131
Anything is possible, I guess. Perhaps one day someone will invent an easier, or better, way to publish
our thoughts. I dont see anything changing in the
immediate future. Its still hard to go past the written
word. Video blogs and podcasts have their place,
simplicity of that.
132
tem.
After my initial introduction to Africa, I joined Microsoft Consulting Services as a Senior Regional Architect & Security Specialist. Over the next 8 years, my
project operations expanded and stretched across
some 40 countries. In many cases, I was exclusively
responsible for architecting end-to-end systems for
entire nations. It wasnt easy, but Im very proud to
have been involved on those projects. I learned a
lot, experienced a lot and saw much of the conti-
portunity to capitalize on a small but lucrative market. One particular year, the majority of West Australian capsicum-producing farms (bell peppers, for the
non-Australians) were devastated by floods. Having
a few hectares of land at our disposal, my brother
and I teamed up to grow capsicums. I provided the
initial investment and took care of sales and marketing, while my brother oversaw day-to-day operations.
You also have been awarded many times And selected to represent the Young Vegetable and Potato
Growers of Western Australia on a tour to New Zea-
no less?
And so, in a field that demands focused concentration, Ive found that its just as important to find outlets external to the confines of ones day-to-day ac-
ten as possible.
135
Attracting and retaining top talent can be a challenge, particularly in a highly volatile economic set-
the globe.
cies have attracted a large ecosystem focused entirely on furthering R&D activities. There are financial
benefits as well as access to government-sponsored
resources. Of course, that was back in 2007. Things
have shifted quite a bit in recent years. Switzerland is
still a great place to do business but there are other
regional hubs opening up with similar, and sometimes better incentives. Ireland is a good example of
a country transforming itself not only through its investment in ICT, but also through R&D per capita
136
Follow-up: Would you say the talent gap has gotten wider? Have you observed any changes?
altogether different.
pected, but this only makes finding the right candidates that much more tedious.
Whatever happened to the master and the apprentice way of passing down important skills? Appren-
why.
Many will argue that its cheaper to hire from the out-
137
much easier to pay an insurance premium and deploy a device at the perimeter and say, There, now
were secure. Thats part of the problem. The industry still sees technology as the preferred panacea for
all security problems.
been stolen.
with this?
rity.
138
About Przemek:
Przemek (Shem) Radzikowski is the Chief Security Researcher and Founder at Secbro Labs GmbH. For over two decades, he has worked on key
assignments with government, military, telecommunication, finance and multinationals where he was responsible for the technical excellence,
delivery and governance of highly complex Security, Cloud and Data Center projects worth in excess of $65 million. In addition to holding numerous security credentials, such as CISSP and CISSP-ISSAP, he has received an MSc in Information Systems Security, MA in Journalism, BEng in Electronic Systems and is in the process of completing his PhD in Cybersecurity.
WWW
139
17
LENZNER GROUP
Tracy Lenzner
Founder and CEO
Published: March 2nd 2016
RECRUITERS NEED TO
BE COMPETENT IN THIS
SPACE
Hello Tracy, how are you? Could you tell our
Founder and CEO of LenznerGroup, a global provider of executive search services, exclusive to the
Security, Technology Risk and Digital Innovation
arenas. As a trusted advisor, I bring over a decade
of specialization in digital risk, by placing leaders
responsible for securing highly regulated organizations and enterprise technologies worldwide.
tion risk capabilities. During this time, LenznerGroup successfully recruited CSO/CISOs, global
leaders and practitioners in Cybersecurity, Digital
Investigations and Forensics. Today, our search
practice has grown to include Enterprise Security,
Information Security and Compliance, Technology
Risk Management, Digital Investigation and Forensics, Privacy and Policy, Cyber Defense and Threat
141
adoption of cloud-based
development of new
a u t o m a t e d f o re n s i c s
Where would an aspiring digital forensics practitioner, or someone looking to switch positions,
go looking for job offers? Is there an ideal space
to do that?
tify and recruit the right skill set. Finally, the global
aerospace, law enforcement, law firms, professional services, healthcare, education, transportation and logistics. In 2014, law enforcement held
142
sics.
of information from digital evidence, and interpretation of digital evidence to gain insight into key
aspects of an offense. As a result, digital forensics
requires right and left-brain thinking, by combing
Do you think there are misconceptions - or perhaps differences of opinion - about what qualifications forensic examiners should have?
information.
What is the status of forensics in private companies? Does it have a place within IT departments, or within corporate security? Isnt that
division outdated a little bit?
other roles and disciplines, such as incident response, investigation, threat intelligence, digital
forensics and cybersecurity, to name a few. As a result, it may be difficult for organizations to effectively recruit and retain talent in this competitive
cated efforts to recruit and retain talent. In addition, flexible hours, as well as remote roles, are particularly attractive to forensics professionals. Students and individuals interested in entering digital
forensics, and/or who have computer experience,
such as coding, computing, analysis, engineering,
ally, soft skills, including project and team management, stakeholder engagement, business acumen,
flexibility, and strong written and verbal communication skills, are critical for individuals seeking leadership roles, relevancy and advancement.
digital forensics?
said schools did not offer the skills that are needed
145
artificial intelligence, behavioral sciences, international privacy, and Internet of Things, etc. The 21st
Resources include:
others.
organizations that provide programs for young students to adults that promote networking, education,
mentoring, resource sharing, internships, research
and career opportunities:
https://niccs.us-cert.gov/home/women-minorities
DF Women - Bridging the gap between genders in
Information Security, is a relevant blog for women in
digital forensics and related fields. Its authors, who
are currently earning BSc (Hons) in digital forensics,
discuss their backgrounds and provide articles and
abstracts on Computer Crime, Network Security, Social Engineering, Criminology and Computer Forensics: Women in Digital Forensics blog:
https://dfwomen.wordpress.com
Thank you for talking with us!
148
About Tracy:
Tracy Lenzner is founder and principal of LenznerGroup, an executive search consultancy, exclusive to the Security, Technology Risk, and Digital
Innovation arenas. For over a decade, Tracy is recognized for successfully placing tier I executives, responsible for securing global organizations
and enterprise infrastructures, including mobile, Cloud and IoT. She brings a proven record partnering with a broad range of stakeholders, helping to harness cyber talent across the complex landscape of risk, security, and digital domains. Tracy brings over 18 years of expertise in executive search, business development and consulting, deep industry knowledge, and an elite network of global influencers spanning business, government, defense, academia, and investment community.
WWW
149
18
public speaking.
should be watching?
what he was saying and up to, but we started writing gradually. Initially, writing was tough with researching but then you get hold of it. Then we
called schools in our towns, offering free workshops and managed to get a few. With time, we
got five more people joining us doing different
things. Today we are a team of seven.
152
areas.
this problem?
We have cyber security enthusiasts at the organisational level as well as individuals working vigor-
reader.
hobby?
bit difficult but when you really want to do something, I guess you keep it rolling and constant motivation and support from the team does help.
154
155
About Rachiyta:
AWARDS AND HONORS
Awarded Cyber Blogger of the Year at International Conference on Cyber Crime Control by Mumbai Police, IIT Bombay, Asian School of
Cyber laws and Maharashtra Government (2015)
Appointed Cyber Cell Ambassador of Saharanpur by Senior Superintendent of Police Saharanpur, Mr. Nitin Tiwari (2015)
Awarded Mahila Shiksha Suraksha Award (Womens Education and Safety Award) at district and state level by UP Government and Hindustan, a national newspaper for professional achievements in cyber safety (2015)
Winner, Social Media for Empowerment Awards in Online Safety category across South Asia. (2016)EDUCATION
WWW
156
19
HEXIGENT
FORENSICS
Jason Green
Co-founder
Published: April 22nd 2016
readers?
fying?
A great question. Everyday a new cyber security
incident or challenge is being reported in the media, and the solutions being brought to market to
address those are also cropping up at nearly the
same frequency. Security companies are diversifying their service portfolios to meet their client demands and its becoming a real challenge for clients to know who to call, for what, and when.
When conversations do occur, it can be tough to
158
asked them how they felt about it, and one com-
I think there are two views here. Firstly, true cybersecurity professionals acknowledge and accept
that the security and threat landscape is changing.
Every. Single. Day. It is a herculean task to try and
stay abreast of trends, solutions, technologies,
threats and risks. While the foundation of how we,
as an industry, deal with security is fundamentally
the same (we have something we want to protectlets put something relevant in place to keep
it safe), the top layer (how we actually do that)
evolves continually. That evolution forces a continual adaptation in awareness. Its a never ending cycle, and one that is moving at breakneck speed.
site.
and their staff and then scrutinized to determine who would likely be the best target, or what chain of people would be needed to be involved in transferring a
payment. This is done by cross referencing data from private and professional
sources including social media, personal phone records, business aspects, bank
records and whatever can be found out on a system level. Ideally, all companies
and individuals need to be continually updated on how best to manage their digital lives and what they need to be on the lookout for, but this obviously takes time
and effort and as quickly as they are informed of the current challenges, the bad
guys come up with a new approach.
Hexigent is a Canadian company. Are there any differences in the cybersecurity field between Canada and the United States that you see?
Much like other sciences, the methods and approaches taken in the digital forensic space are universally accepted and, for the most part, everyone is using similar
tools and looking at data or digital artifacts which exist on the same platforms and
are manipulated using the same applications. That being said, the way in which
the forensic community work with the private and public sector varies country to
160
organizations. Here in Canada, thats not really accepted at a cultural level yet. Policing agencies
here have massive (and ever growing) technology
crime backlogs, and their typical solution is just to
hire and train more sworn officers to focus on digital forensics, something which takes a lot of time
and resources. The US space is very similar to ours,
however, the public way in which the FBI v Apple
matter was played out has gone some way to raising public awareness around protecting data. US
citizens are now placing more focus on securing
their information in light of potential privacy con-
have similar effects around the globe, its most noticeable stateside, given that both parties involved
were US based entities and media coverage was
immense.
Was Hexigent hit by the talent pool shortage
that plagues the digital forensics field?
these elements.
What do you think is the biggest difference between digital forensics in private sector and public sector?
Many members of law enforcement do not deal
with clients per se and often have more time to
conduct investigation than those in the private industry. The term leave no stone unturned can
often not be achieved during civil cases as the
scope of the investigations are often very focused.
Most law enforcement investigations are worked
on until it is determined there is enough evidence
to proceed to trial. For the most part, there are not
strict time limits attached to criminal cases.
What do you think would be more challenging switching from law enforcement to a private
company or the other way round?
163
bars.
this year?
164
edge base.
From an industry side, its as mentioned in the previous question. The diversification of skills required to
be a true cybersecurity professional is slowing down
the growth of resources. Its resulting in some highly
capable veterans, but also meaning that folks entering the field typically have to focus on one area to
start with. The demand is also driving salaries up dramatically and so being able to build a truly competent team in a business, or hire a consulting firm, can
be a massive investment for businesses.
Follow-up: How has your perspective changed?
Im broadly going to stick with the same previous answers as we continue to believe these are still the
greatest fundamental threats. Additionally, were see-
gets as the threat actors recognize that power disruption, for example, can have both immediate and
long term effects. On a more positive note, though,
our industry recognizes this, which is resulting in businesses and government organizations developing
165
threat.
Follow-up: Seeing that answer, are your predictions coming true in any way?
Threat actors are likely looking at these and considering whats possible. For example, they may to start
to focus more on greater impact activities such as
know that when function is the primary driver, security is usually a distant second. We havent seen ram-
SPECIAL EDITION
FOLLOW-UP
response capability of clients post incident. Were really lucky to have some
great clients who were pushing us to help them in this space, and so were in the
process of formalizing the offering as a service to everyone. Basically, were evolving to meet client needs.
How has the field changed?
Its broadly the same, however, experienced resources are becoming hard to
find. Were hearing this from everyone. Corporate clients are seeing the value of
the type of services our industry provides, and are heavily investing in building
internal capability to deal with the cyber issue. Of course, as a shortage of qualified staff appears, the value of those in the market goes up. This is driving salary
levels up rapidly, which in turn may result in the cost of providing services to increase. Hexigent was designed with efficiency front of mind, and so we have no
plans to increase our rates, however, we know others in our industry that already
have. In the long term, this may result in a knock-on effect whereby clients having to increase the cost of their own products and services. When we consider
the overall increase in cyber security investment, it may well transpire that the security efforts of some private organizations may be a major contributing factor in
the determination of pricing for their own products and services. Thats not
something weve really seen before as security and digital forensics have traditionally been back room services overseen by IT/technology teams.
How has your point of view on forensics changed?
Outside of my earlier comments, Ive been looking closely at the delivery side of
our business. Where we (and others Im sure) mainly used a handful of commercial tools as our primary go to products for most of our work, were now spend-
167
ing considerable time with open source tools and technologies that will allow
us to build specific solutions to address our clients needs. Were seeing great
value for our clients as were creating efficient workflows for specific types of
forensic examinations. Its not something that was really focused in the past,
but the growth of storage media sizes, and the ever complex cyber security
challenges have resulted in a different approach being needed. Were very excited about the research and development were doing, and the feedback from
our clients has been great! Were seeing great benefits of open source and
commercial solution, working in unison, to be the way forward for all aspects of
what we do as an industry.
About Jason:
Jason Green is a Partner at Hexigent Consulting, a digital investigation and forensic services company based out of the Greater Toronto Area, He
is an experienced security professional with a proven record in the delivery of strategic security services and has operated internationally in the
information/cyber security field for over 25 yearrs. He works with clients to assist with tackle digital investigative matters, develop and execute
strategic plans, identify and address security and technology issues, and respond to incidents, with a view to reducing risks and optimizing efficiencies. His experience includes digital forensics and investigation, governance, risk and compliance, operational security, penetration testing,
physical security, social engineering, and controls design and review.
WWW
168
20
IRONSCALES
Eyal Benishti
CEO
Published: May 21st 2016
tacks. They can automatically trigger mitigation action by using our proprietary report as a phishing
ing security analysts more time to analyze suspicious emails at peace, knowing that our system is
making sure these emails are quarantined for future deletion or release. This is exactly where
crowd wisdom works best.
We have heard a lot about intelligent solutions
or self-learning platforms. Is it something like
171
Ironscales team:
Back right: Yaniv Elbaz
Back left: Ortal Raz
Front, right to left:
Eyal Benishti
Itay Blogorodsky
Amit Bar-On
Sharon Tourjeman
that? Is the program able to learn all of the threats on time since new
ones are appearing every second?
Yes, we are working on extended self-learning capabilities to fight these
ever-emerging threats and be able to respond automatically and extremely
fast. The combination of self-learning and human intelligence was recently
proven to be the most efficient way to fight cyber threats.
You are another cyber security company from Israel. How do you feel
about it? Isnt it getting to crowded up there?
Definitely quite a lot of cyber solutions are coming from Israel. The invaluable knowledge and expertise coming from elite cyber security units, like
8200, is creating the right eco-system for innovation in this particular field.
Cyber security is a big problem with many angles, which requires many creative solutions.
You started as a software developer. What pushed you towards cyber security?
172
fense solutions.
Sun Tzu, the author of The Art of War, which I am a
big fan of, once said
emy.
at the moment?
173
nies.
brains!
own good.
We have many plans and ideas on how to tackle current and trending threats. Some of them are already
under development, and some are still on the future
roadmap. If we have learned one thing about being
a cyber defense company, its that you cant plan too
far. You must be super agile and be able to pivot all
the time and execute quickly to stay ahead and
come to market with relevant solutions.
Great that you have mentioned current and trending threats. What, according to you, is the biggest
current threat? What can we expect in the nearest
future?
Ransomware is definitely here to stay. The amounts
asked for will rise for sure. This is, and will stay, the
first choice for many cyber criminals looking to
monetize.
Do you have any piece of advice for our readers?
Always stay on top of the recent threats. Make sure
you cover as much as you can and have plans in
place for disaster recovery.
Make sure your employees are aware of the limits of
the technology in place and that non-AI technology
174
About Eyal:
Eyal Benishti CEO/Founder
Eyal has more than 10 years experience in software R&D for both enterprise and startup companies. Prior to establishing IronScales, he served
as Security Researcher & Malware Analyst at Radware, where he filed two patents in the information security domain. He also served as Technical
Lead at Imperva, working on the Web Application Firewall product and other security solutions. A passionate cyber researcher from a young age,
he holds a degree in Computer Science and Mathematics from Bar-Ilan University in Israel.
WWW
175