By Leonid Belkind, co-founder and CTO, Luminate
Published on April 23, 2018
After numerous logistic teams had taken apart the breathtaking booths of the various security vendors and the dust had settled on the exhibition floors and in the lecture halls of Moscone Center in San Francisco, it was time for me to sit back and contemplate what I had seen during this event.
Being at the heart of the Enterprise IT Security industry for over a decade and a half has given me a sense of perspective when I try to digest it all, I have also witnessed the evolution of the industry throughout this significant period.
Walking along the colorful (and, quite often, somewhat noisy) booths of security vendors, large and small alike, one couldn’t miss the significant change that has swept through the industry. The security appliances, in their large and colorful cases, featuring a wide variety of network sockets, led lights and power/storage configurations are nowhere to be found. Long gone are the days when beautiful booths featured appliances as their centerpiece, emphasizing how unique they were, based on the latest and greatest Intel (or AMD) architecture, featuring a certain (uniquely large) amount of network interfaces, or, if nothing else worked, offering an extremely fast storage module. This time, I could only find a handful of booths where appliances were presented at all (2 such booths to be exact) and even there they were pushed aside by the new software service offerings of the vendors.
In fact, the revolution is larger than just taking away appliances. RSA has proved beyond any reasonable doubt that the industry is in the process of removing the network, as a primary plane for corporate IT security governance, and using much higher-level principles, such as the identity, device and application-layer.
The above principles were very prominent both in the booths of the incumbents, as well as in those belonging to the new entrants.
On a device stage, the battle between the Next Generation Endpoint Security solutions stole a lot of attention. A field that was completely “out of fashion” only 3-4 years ago has regained prominence with new and ambitious players giving traditional antivirus vendors a “run for their money” with new and attractive offerings. While the security solutions for mobile devices are mostly converging into larger offerings, with some small exceptions, the security for Windows, Linux and Mac OS X devices seems to have grown into a larger market segment than ever before.
Identity and Access services market is also blossoming. Significant players in the field of Identity Management, Multi-Factor Authentication and even Privileged Access have drawn huge crowds to their booths, promising enterprise security professionals deliverance from the shackles of network-based trust models. What is even more noteworthy is that most of these solutions are being offered in Software-as-a-Service mode, rather than in self-installable software packages.
An additional field worthy of attention is that of events analytics and intelligence. Notions, such as SIEM and Events Processing, belong to the past, while notions of Behavioral Analytics and Machine Learning have matured, and, instead of offering their users “cutting edge technology”, they have evolved into useful solutions targeting actionable insights (and even automated responses to such insights) as their value-proposition.
How much does the cloud affect current IT Security solutions? Well, it was enough to see that more and more security vendors are now proudly displaying certificates showing their level of technological partnership with Amazon Web Services in order to understand that the impact is already vast and is growing even further.
The new IT security perimeter is defined in very clear and simple terms:
● It’s all about identity, devices and applications, and no longer about
IP based rules and network topologies
● All events must be on the application layer and need to understand the context of
the “operation” that is being performed
● Everything needs to be cloud-ready, preferably cloud-native
● Everything must be “smart”, i.e. containing advanced analytics and decision-making
Walking the exhibition floors of the security industry’s largest showcase I couldn’t help being excited about the number of possibilities that this new frontier defines. Working in this industry has always been exciting for me, but the pace with which the industry reinvents itself and provides larger and larger stage for innovation has been accelerating and has reached new heights this year.
Cannot wait to see what comes next…
By Adi Bar-Lev, VP Marketing, Luminate
Published on April 9, 2018
RSA Conference, which will be held from April 16-20 in the Moscone Center, San Francisco, is one of the biggest information security events on the calendar. And this year, Luminate Security will be there, as part of the Israel Cyber Alliance. We are
looking forward to meeting with security experts that are ready to divulge some
industry know-how, and to sharing some of our own experiences.
The Cloud security market - expected to be worth $12.7 billion by 2022 - is now facing an opportunity to solve a once-in-a-generation security problem and unleash digital transformation. New solutions to security challenges posed by Cloud computing are flooding the market and this is where Luminate comes in, with our integrated, API-driven security platform. We have taken the BeyondCorp philosophy as a starting point - shifting from network based to application based security to minimize the network attack surface. This mode of operation allows only point-to-point, ad-hoc user access to specific corporate resources (wherever they are hosted), while the corporate network never gets exposed.
RSA 2018 will deliver solutions and ideas at the cutting edge of Cloud security. We’ve listed some of the sessions not to miss for best insights in various aspects of enterprise Cloud security:
The Impact of Multi and Hybrid Clouds to Cybersecurity Priorities, April 19, 3pm-3:45pm, Moscone South Esplanade 157
Doug Cahill, Senior Analyst, Enterprise Strategy Group
Doug tweets: “Very excited to be presenting at @RSAConference this year on how hybrid and multi-clouds are impacting #CyberSecurity priorities, processes, and technology decisions! #cloudsecurity”
Doug Cahill’s session focuses on automating security controls for hybrid cloud environments, a challenge faced by many organizations in 2018. And that is exactly what we are here to solve: Luminate’s unique approach operates on the application level, granting and securing access to applications hosted on-premises, or on the Cloud - both private and public.
(ISC)2 CCSP® Cloud Security Professional Two Day Crash Course, April 15, 9am-5pm and April 16, 9am-5pm,
Instructor: Kevin Jackson, CEO/Founder, GovCloud Network
This two-day course is designed to get you ready for the security certification exam, Certified Cloud Security Professional (CCSP). The course focuses on all security-related matters of Cloud computing and operations, including architecture and design of Cloud platforms. This is a great opportunity to learn about how to build cloud-native security approach in your organization. We at Luminate believe that new challenges require new approaches and completely agree that cloud security is a profession that should be studied.
CSA Summit: Cloud 2018: Enterprise Grade Security, April 16, 9am-4pm
Welcome address: Jim Reavis, CEO Cloud Security Alliance
The Cloud Security Alliance Summit runs seminars at RSA 2018. This seminar includes sessions on “Cloud Migration 2.0: Security for IaaS” and “Cloudy Weather Ahead for Digital Transformation”. Many of our colleagues will be discussing their approach to cloud security challenges and share their experience and best practices. We greatly value working with the Cloud Security Alliance, contributing to the most important IT revolution in decades.
DevOps Connect: DevSecOps, April 16, 9am-5pm
Welcome address: Mark Miller, Alan Shimel
This day-long session is dedicated to the crucial point where DevOps meets Security. The session looks at the journey of integrating modern software and infrastructure delivery pipelines with security controls. We believe that Software-Defined access should be an intrinsic part of any infrastructure/configuration of automation policy, and this session shows the way to achieve this. Mark Miller and Alan Shimel will be giving the welcome address. You won’t get much more experienced in DevOps than with this team!
The Future of Security for SecOps and NetOps (Gigamon), April 17, 11:40am-12pm
Simon Gibson, Former CISO Bloomberg now Fellow Security Architect, Gigamon
This session will cover the importance of simplifying security architectures to improve flexibility and overall management. At Luminate Security we know this is achievable without the need for an expensive network overhaul. We are excited to hear Simon Gibson’s suggestion for handling this challenge.
How Cloud, Mobility and Shifting App Architectures Will Transform Security, April 17, 1pm-1:45pm
Thomas Corn Senior Vice President and General Manager, Security Products, VMware
Thomas tweets: “Machine Learning has huge implications for #Cyber.”
Thomas drives VMWare’s security strategy, and we agree that mobility and Cloud are enabling robust security models. It is no longer a question of “if” the security will be transformed, but “how.” This session will look at the new tools and technologies available to support this transformation.
Confessions of a Cloud Security Convert, April 17, 3:30pm-4:15pm
Michael Farnum, Solution Architect Manager, Set Solutions
Michael is a well-rounded security professional currently working as a Solution Architect Manager. This session focuses on his personal journey from network security to the Cloud including Michael’s ‘Cloud conversion.’ Coming from the VPN world and now evangelizing the software-defined perimeter and Zero Trust architecture with our cloud-based security platform, we are always thrilled to hear about the experiences of our industry colleagues.
Can SOC Overcome the Complexity of Cloud? April 18, 1:45pm-2:30pm
Wayne Anderson, Enterprise Security Architect, McAfee
Wayne Anderson applies a multidisciplinary approach to security. He will facilitate this session looking at a classical approach to managing security events across the enterprise network with how it can be mapped to the Cloud. We expect this session to address burning questions like: Are we looking to build smarter systems to reduce the amounts of events that require handling? Can we democratize some of the events?; How will SOC operations enter the cloud age?
Google on BeyondCorp: Empowering Employees with Security for the Cloud Era, April 20, 10:15am-11am
Jennifer Lin, Director, Security, Google Cloud
With Google’s Jennifer Lin, this session is particularly exciting for us because of Lin’s expertise in Cloud automation and the security and privacy challenges of Cloud computing. Google’s work with the Zero Trust Networks concept and their BeyondCorp project has also been an inspiration for us, and we are eager to hear about the experience Google gained in converting their corporate network. At Luminate we provide Security-as-a-Service approach for organizations that would like to benefit from BeyondCorp-like values without revolutionizing their current network first.
If you make it over to RSA 2018, come on over and see Luminate Security at RSA Booth #735, South Hall, to see first-hand how we provide secure access to your corporate resources on any datacenter and from any device; or request a meeting.
By Leonid Belkind, co-founder and CTO, Luminate
Published on March 8, 2018
Visibility is an essential ingredient in security. Whether it's examining "forensic" evidence and audit trails after the fact or limiting access in real-time, any security system needs visibility to understand what is going on within the applications and networks that it is trying to defend. Defending without visibility is like shooting in the dark. As we will see in this post, a few recent developments have made it possible to increase visibility, improving the system's ability to defend against unauthorized access.
In the days of the original Firewall, enterprise software was based on a multitude of communication protocols between clients and servers. Standards were very limited, requiring each software vendor to develop its own protocol. With no standard protocol, the only way to ensure security was to inspect the traffic at OSI Layer 3 or 4. And this is exactly what the Network Firewall did. Network security at that time was focused on ports and protocols, and it relied on the ability to inspect network traffic typically at the perimeter of the enterprise network. Firewalls provided visibility into the connections (hosts, ports, IP addresses, etc.) and were used to manage (grant or revoke) access to network resources. Without protocol standardization this was the best visibility that could be attained by a security system. However, this was obviously very limited.
To illustrate the visibility limitation, let's compare the traditional Firewall with a physical security system. In this case we have an indication that a "black van" is at the gate asking for permission to enter. The security system grants access and that’s it, the next time the system is invoked is when the "black van" exits the facility. The system has no knowledge of what the van and its passengers did within the facility, just that it entered and exited.
This limitation has given rise to the NGFW (Next Generation Firewalls). These firewalls try to create visibility (and access control) beyond the connections, ports and IP address. They inspect the network communications and try to understand which application/action is taking place inside the network using deep packet inspection and, where applicable, SSL Interception. Although more effective than the traditional Firewall, this method is still very much focused on networking properties of the communications, and not on the content itself.
Things have changed. In modern applications almost all communications between components of the enterprise software are based on a single protocol - HTTP/HTTPS. Most of the IT operations are also based on the same standard – SSH. In addition, cloud computing and mobile applications have contributed to the crumbling walls of the network perimeter. Essentially, there is no point in just knowing that the "black van" has entered or exited the gate, we want to know exactly who was inside the van and what they did inside the facility. In our case, we want "application level visibility".
By assuming use of standard protocols, application proxy solution can monitor and manage activities at the application level. So instead of "User John Doe has accessed Application X from his Macbook". You get – "User John Doe has access Application X, looked at Folders Y, Z, W inside the application, read the file labeled “Project S – Description” in folder W, then updated the file labeled “Project S – Deliveries and Milestones”. The same principle is not limited only to users accessing application servers, but also to machine-to-machine communication via standard APIs.
This visibility, at the application level, offers the ability to defend against both external and internal threats. In the future, with the wider adoption of HTTP/2 and gRPC protocols, application visibility will become a real possibility for more and more communication scenarios. Flexible application proxy solutions that supports both protocols widely used today and the ones that will serve as a foundation for applications in the upcoming years, provide a very solid foundation for a next generation of enterprise security platforms. These platforms will have the ability to know exactly what the users are doing on the application level, what data they are accessing, which actions they are performing etc. Without such visibility it is impossible to build meaningful security check points, and there is no ability to identify normal and abnormal behaviors.
By Leonid Belkind, co-founder and CTO, Luminate
Published on February 1, 2018
As some of you have heard, on January 29th, Cisco has disclosed information about a Remote Code Execution and Denial of Service vulnerability that affects a number of their security product lines. The vulnerability is pretty bad. In fact, its CVSS (Common Vulnerability Scoring System) score is 10, the highest possible score.
I will not join the ranks of people who are bashing Cisco and its engineers over this. I respect Cisco as a company; for almost two decades it has been a worthy competitor and I believe that it employs experienced engineers that have high security awareness. Bugs in software have existed from time immemorial and, while modern multi-layer testing methodologies can and should discover and prevent them at an embryonic stage, this isn’t what I am focusing on.
Sure, a critical vulnerability in a software that runs on various appliances hidden deeply in old-school data centers is a reason for panic. Thousands of IT professionals in the world are now frantically looking for critical patches to the exact versions of software running on their dedicated machines and are improvising procedures of how to update them without causing impact on production environments.
But what about those of us running on modern cloud architectures? Surely, we are exempt from this “menace of the past”. Aren’t we?
Well, a close look at the list of affected products released by Cisco reveals a different reality.
Alongside products that are on the market for many years (some are already out of support), we can see that the pinnacle of creation, the most modern and cloud-native thing in the universe – Cisco’s Virtual Appliance - is also affected by the same issue. This means, in simple terms, that those of us who have created modern cloud architectures using seemingly modern solutions are in the same bad situation as the ones that haven’t updated their infrastructure for 10 years. How come???
Well, folks, by taking a many-years-old appliance code and running it on the modern Infrastructure-as-a-Service, you are completely missing the cloud architecture potential as it perpetuates the architectural principles of time long gone.
You are still responsible for manually maintaining it and updating it with patches when relevant. And simply put, when shit hits the fan, like the Cisco vulnerability announcement of this week, you will be effected just as if you’ve kept the old, traditional, on-premises architecture.
So, let me ask you: is there another way? I think there is...
To prove my point, here are screenshots of AWS and Microsoft Azure marketplaces showing the affected products:
#Cisco #CyberSecurity #Patch