Are You Really You? Identity-as-Perimeter in a World of Compromised Credentials

RSA is one of the largest Security events in the world. Pre-Covid over 40,000 people would scurry through the halls of Moscone in San Francisco, surrounded by a dizzying array of 'threat vectors,' security approaches, vendors, and intimidating mega booths with images of scary cybercriminals all around. I've always had a bit of sympathy for the Chief Information Security Officers (CISO) who have to navigate the vendor landscape, on top of the threat landscape, to stay up on best practices.

Mike DeCesare recently joined Exabeam after a six-year run at Forescout and eight years at McAfee. Mike knows enterprise security. The security arms race is waged at the very edges of new capabilities, so no surprise, applied artificial intelligence (AI), new architectures, and cloud computing, are accelerating the technical sophistication on both sides of the fight. I recently had an opportunity to catch up with Mike to learn more about his new adventure and the evolving security landscape.

(if you'd like to jump the full-length interview, click here, or if you prefer a podcast on Spotify or Apple Podcasts or SoundCloud )

Changing data environment powering security intelligence

Applied AI in security uses more data (variety, source, quantity) and evolving algorithms to pick up anomalies, track activity, compare to norms, prioritize alerts, make recommendations, take action, and more, empowering the security professional in an ever more complicated threat landscape. The Security Information Event Management (SIEM) category is not new, but the sophistication of the attacks has seen a parallel rise in the use of AI in defense, and it's all based on getting a better perspective, a more holistic view, with more data, being processed with better algorithms. A key enabler is leveraging data outside any single application silo.

... we built this analytics engine that sits on top of that data regardless of where it sits in the environment and helps companies make sense

- Mike DeCesare

A concrete step in digital transformation is identifying data use cases with ROIs that justify the cost of storing and managing the data. As the cost and complexity of storing and managing data decrease, the TAM of economically feasible projects increases, so the more uses for the data, the better. New storage architecture from companies such as Snowflake, Databricks, AWS, Azure, and GCP are creating another step function in terms of cost and accessibility, to the benefit of applications that can leverage the additional asset streams, including security applications like Exabeam.

What these new (storage) architectures have done is to NOT require the data to sit in a single repository to play a meaningful role (in security)

- Mike DeCesare

One of the many challenges of the CISO is keeping current on new threats and technologies while managing the portfolio of point solutions in an ever-increasing security products and services portfolio. Mike made an interesting point is that market dynamics enable an up-and-comer to quickly disrupt the incumbents with newer, better approaches to the problem.

Cybersecurity is a place where a startup can go from hardly being heard of to something big in a short period of time

- Mike DeCesare

Zero Trust - Assume the bad guys have valid login credentials

Any final vestiges of the old security paradigm, with a clearly defined, defensible perimeter faded away in the face of the global Covid work-from-home directive. Security practices have moved beyond simply pointing the guns outward, to more focus inward. Today, with the never-ending series of large breaches reported in the press almost daily (how many never get reported?), and people's predisposition to re-use passwords and credentials, the starting position must be that the bad guys have compromised credentials for anything they want to access. It's called Zero Trust, a position popularized by Forrester's Dr. Chase Cunningham.

We have to expect that everybody's credentials have been compromised at this point ... where the adversary has the login credentials to all the things they are trying to break into

- Mike DeCesare

So if the bad guys have the login, how do we catch them, minimize the damage, and exfiltrate them from the system?

Identity as the new perimeter. Is it you, or the bad actors with your credential? Bringing AI to the fight.

When credentials are compromised, what other data can be used to determine true identity? Multi-factor authentication (MFA) is just the beginning. What other behavioral data, system data, pattern data can be brought to bear?

It's about taking all the input from your firewall, and endpoints, and all the different products companies have in their environments and create a holistic picture of what's on my network at any given time

- Mike DeCesare

The bad actors are getting more sophisticated and pull from the same set of skills and tools as the good guys. Not only state-sponsored threats, but the 'business' of ransomware is also growing.

... the threat vectors are becoming more daunting. It's one thing to see ransomware. It's another thing to see ransomware take down someone's supply chain

- Mike DeCesare

Shifting gears - Technical Founders and CEOs

As frequent listeners know, I'm a big fan of a company retaining their technical founder whenever possible. Having said founder as CEO is a more complicated issue, and successful execution as the company grows is rarer still. So I always ask the perspective of founders working with new CEOs, as well as the CEOs coming in to work with technical founders, what are the secrets to a good working relationship? I'm a huge fan of Fred Luddy at ServiceNow, and there have been three CEOs since he moved out of the role (Frank Slootman, John Donahoe, and now Bill McDermott). I discussed it with Sumo Logic's Christian Beedgen, who works for CEO Ramin Sayar, and Pager Duty's Alex Solomon, who works for CEO Jennifer Tejada.

As Mike mentioned, the CEO role is a very different job, with different responsibilities and day-to-day tasks. And Mike learned from one of the best early in his career, Larry Ellison, Founder and CEO of Oracle.

I was exposed at a very young age to one of the strongest CEO founders on the planet in Larry Ellison, and Larry wasn't just one of the most technically advanced CEOs, he's also an operator. ... but that's not common.

- Mike DeCesare

Being a CEO is very different from being a technical founder, and for many founders, the CEO day-to-day is a bit too far removed from the products and services for their liking.

Every time I sit down with Mike, I learn something new about the state of the security environment. I encourage you to listen to the interview in its entirety, it won't disappoint.

Thanks again Mike.

--------------------------------------------------------------------------------------------

Links and References

Alex Solomon, LinkedIn, Twitter

AWS

Azure

Bill McDermott, LinkedIn, Twitter

Christian Beedgen, LinkedIn, Twitter

Crowdstrike

Dr. Chase Cunningham, Forrester, Forrester Profile, LinkedIn, Twitter, theCUBE Profile Page

Databricks

Exabeam

Firewall

Forescout

Frank Slootman, Snowflake Profile

Fred Luddy, LinkedIn, Twitter

GCP

Jennifer Tejada, LinkedIn, Twitter

John Donahoe, LinkedIn

McAfee

IDC Identifies MDR as the Next Generation of Managed Security Services, IDC, June 2020

Michael DeCesare - LinkedIn, Twitter, Crunchbase, theCUBE Profile Page

Live Interview - Mike DeCesare - Turn the Lens Episode 14, Jeff Frick, YouTube, August 2021

Multi-factor authentication - Wikipedia

PagerDuty

Palo Alto Networks

Podcast - #14 Mike DeCesare - Are You Really You? Identity-as-Perimeter in a World of Compromised Credentials, Turn the Lens with Jeff Frick, Episode 14 on Spotify, Apple Podcasts, Google Podcasts, SoundCloud, Libsyn

Ramin Sayar, LinkedIn, Twitter

RSA Conference

theCUBE Coverage, RSA 2018, theCUBE, SiliconANGLE Media, 2018

theCUBE Coverage, RSA 2019, theCUBE, SiliconANGLE Media, 2019

RSA 2020 Conference Map (with Sponsor Names)

Security Information and Event Management (SIEM) - Wikipedia

Gartner Magic Quadrant for Security Information and Event Management, Gartner Reseearch, 2021

The Forrester Wave:? Security Analytics Platforms, Q4 2020, Forrester, 2020

ServiceNow

Snowflake

Sumo Logic

WannaCry Ransomeware - Wikipedia

Zero Trust - Wikipedia

_________________________________________________________

Disclosure and Disclaimer

This is an unsponsored editorial

Fair Use - In good faith, this work contains fair use of copyrighted and non-copyrighted media from the public domain & web for non-commercial & nonprofit educational purposes. This work is distributed free of charge. The author has neither monetized this work nor sought any profit from its distribution. Copyright Disclaimer under section 107 of the Copyright Act 1976: Allowance is made for fair use for purposes such as criticism, comment, news reporting, teaching, scholarship, and research. Fair use is a use permitted by copyright statute that might otherwise be infringing. Non-Profit, educational, or personal use tips the balance in favor of fair use. This work contains original work of commentary and critical analysis. Quotations are attributed to the original authors and sources.?

All products, product names, companies, logos, names, brands, service names, trademarks, and registered trademarks (collectively, *identifiers) are the property of their respective owners. All *identifiers used are for identification purposes only.?Use of these *identifiers does not imply endorsement. Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks?and/or names of their products and are the property of their respective owners.?

We disclaim proprietary interest in the marks and names of others. No representation is made or warranty given as to their content.?User assumes all risks of use.??