I spent two days in the Expo at this year’s RSA Conference, and came out of it dizzy and exhausted. I learned a few things. One is that this is an area that has been getting a lot of funding over the past couple years. The sucking sound you heard in San Francisco this week is the sound of data scientists and machine learning experts being sucked into the cyber-security vortex; I suspect that cyber-security is the reason salaries in those fields are continuing to increase. Everybody is pitching their “AI” or machine learning based solution keep you from getting breached.
The funny thing is that all this intellectual fire-power is being fired back at attackers who are not using such highly sophisticated tools. Cylance, one of many endpoint protection vendors whose product is fueled by the latest breakthroughs in AI, was demonstrating how one can download wizard driven ransomeware creation kits on the tor network, create a ransomware executable, then use another utility to mangle the bits sufficiently to prevent any signature based endpoint product from detecting it. Here’s a link to one such kit.
The ease of creating malicious files that can evade traditional endpoint security product (e.g. the webroots, mcafees, symantecs, bitdefenders of the world, not meaning to pick on specific vendors) makes endpoint protection with realtime multi-level analysis of the files that are landing on your machine essential. One such product that I looked at was SentinelOne, whose web site is currently offering the newest Gartner Magic Quadrant report of Endpoint Security Solutions (a very good value!). I was mildly amused that the folks at SentinelOne were unable to describe for me what the user experience of their product was like, though they could discuss in detail the algorithmic progression that it followed.
If you read through the aforementioned GartnerMQ, you may become dazed at the amount of investment funds raised by the companies in the report. Another company that impressed us with its fundraising capabilities was iBoss. Like us, iBoss recently announced a FICO partnership; they are embedding the FICO Enterprise Security Score into their service. Unlike us, iBoss closed Series A financing in 2015 that included $35 million from Goldman Sachs. In a market crying for solution categorization, iBoss is really difficult to put into a box. They offer a sort of “all things” solution that they characterize as a Web Gateway Platform; take a look at their “Platform” page for a broad overview. They promise a more or less single vendor solution to cyber threats, which would certainly be less complex to deploy and administer than mixing and matching best of breed products. If it works for you, that’s great; I’m sure there are quite a few organizations where it will.
Another hot area, albeit one that I’m not fully understanding yet myself, is “threat hunting” platforms and automation. I think I’ll do a bit more research before I write about that one.