Security News Ahead of RSA: Breach Worries Stop Digital Transformation 

(Pasko Maksim/Shutterstock)

In advance of next week’s big RSA data security show in San Francisco, we’ve received a bevy of security product announcements from companies leveraging data analytics, AI, behavior analytics and machine learning to automate threat detection, many of them touting breach prevention, rather than post-breach investigation, capabilities.

“While most of this is not totally new, we expect to see step-function progress in the use of these techniques and technologies,” said consulting firm Ovum (which released a report on security trends to watch), adding that advanced security tools also help address security staffing challenges. “The security staffing and skills shortage continues and grows wider, which makes one wonder how the established MSSPs and vendors keep their skilled staff.”

Along with this comes a new study released by consulting firm SoftServe on digital transformation strategies for 2017 that underscores the degree to which security looms large with IT managers: security concerns are stopping 55 percent of organizations from committing to digital transformation.

Certainly the potential value of business digitization is widely appreciated. In the U.S., according to the SoftServe study, 33 percent of organizations claim to have adopted complete transformation. Moving forward, industry watcher IDC reports that enterprises embarking on digital transformation initiatives will more than double by 2020 to almost 50 percent. Gartner Group reports CIOs are typically spending 18 percent of their budget on digitalization, a figure that Gartner predicts will increase to 28 percent by 2018.

Meanwhile, only 1 percent of organizations surveyed by SoftServe don’t know what digital transformation means, and just 2 percent said they don’t have a digital transformation strategy or plans to implement one.

In the face of this Yin/Yang desire for/fear of business digitization, what new security offerings are coming on the market?

Gemini, the new moniker for the perhaps unfortunately named SBOX, yesterday announced the Gemini Atlas, an AI-driven SaaS security platform that the company said enables security analysts to conduct quick investigations across disparate information silos for “true situational awareness.” The idea is to see the forest along with the trees.

“Analysts are overwhelmed with information and alerts from applications and security solutions,” said Gemini CEO Tony Ayaz. “They have no simple way to quickly identify and comprehend critical information from disparate systems, or collaborate to conduct faster, more thorough investigations.”

Gemini, started by early Splunk and ArcSight employees, said Atlas is designed to be a Palantir “for the rest of us,” citing Palantir as an “all seeing oracle” able to pull together data from disparate sources “and create a breadcrumb trail for analysts to follow to solve their biggest security challenges.”

Atlas brings together machine and human intelligence, and combs security, application and enterprise data at scale, Gemini said, connecting the dots across users, systems and applications and allowing analysts to focus on security problems instead of data management.

Meanwhile, two security companies, Cylance and Bitglass, today announced a threat prevention partnership for the enterprise that combines Cylance’s AI and CASB (Cloud Access Security Brokers) solutions to protect data in the cloud and BYOD.

The partnership is founded on the idea that as enterprises move to the cloud, traditional network security solutions become obsolete when data travels from third party servers, via third party networks, to end-user devices. Security, they say, should be delivered in-network via CASB and at the endpoints via advanced endpoint security.

Bitglass Advanced Threat Protection (ATP) identifies unknown and zero day attacks by combining Cylance’s advanced machine learning and artificial intelligence with Bitglass’ CASB solution. “The combined solution is the first of its kind to stop the proliferation of all threats, including unknown and zero day exploits, on any device – managed or unmanaged – and any enterprise cloud application,” the company said.

The joint solution combines data leak prevention techniques, searchable cloud encryption, user behavior analytics and contextual access control for SaaS, IaaS, custom applications and BYOD.

Bracket Computing, provider of the Bracket Computing Cell, offers “full workload isolation” for enterprise cloud computing, a single set of security controls to stop the spread of malware, malicious insiders and mistakes without, it says, impacting the performance of the self-service cloud. Yesterday the company announced two enhancements:

• a set of controls that ensure runtime integrity of a data center server, preventing tampering with critical parts of the operating system that should not be modified or stopped.
• a forensics capability that captures NetFlow and the memory of a running server in response to an event or a behavior indicating a server has been compromised.

Bracket said its security controls are designed for the modern hybrid data center and can’t be turned off, even with root access.

“Our forensics are similar to a traffic camera at a stoplight,” said Jason Lango, co-founder and CTO of Bracket. “It will snap a picture of an attacker at the precise moment of the offense, and provide detailed information about the source of the attack.”

Switzerland-based Kudelski Security has introduced its U.S. Cyber Fusion Center, based in Phoenix, what the company calls the first managed security services (MSS) offering that addresses all phases of the attack kill chain providing “contextualized data and comprehensive threat response plans.”

The company said its MSS approach is founded on fusing contextual threat intelligence with security-relevant data, enabling quick response to evasive threats.

Finally, AI-based CASB provider Skyhigh Networks has unveiled what it said is the first comprehensive security, compliance and governance solution, a single control point for all cloud services, beyond SaaS security to also encompass PaaS and IaaS platforms, such as AWS, Microsoft Azure and Google Cloud Platform.

Skyhigh cited pharma giant AstraZeneca.

“With thousands of users to connect, sensitive data to protect and a highly regulated environment to operate in,” said David Smoley, CIO, AstraZeneca, “we are laser-focused on ensuring all our security, compliance and governance requirements also extend beyond our premises and in the cloud. Skyhigh’s expansion of its security controls beyond SaaS is a key way IT can empower the business to fully leverage custom applications running in public IaaS, as well as having the confidence in protecting the IaaS platforms themselves.”

Skyhigh for Custom Applications utilizes AI techniques to “seamlessly” extend CASB capabilities from SaaS to custom applications running in PaaS or IaaS platforms “without introducing friction to the end-user, developer or security team…, providing IT security teams visibility into the user activity capturing a complete audit trail for compliance and investigations.”

Skyhigh for AWS, Azure and Google Cloud Platform analyzes the configuration and use of IaaS accounts, identifies security and compliance gaps and recommends specific actions to reduce risk. It captures an audit trail of administrator actions in the IaaS platform and detects insider threats and compromised accounts, Skyhigh said.