Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

Guest Blog // Selected Security Content Provided By Sophos
What's This?
3/1/2013
03:33 PM
David Schwartzberg
David Schwartzberg
Security Insights
50%
50%

Cool Tech's First Showing At RSA Conference 2013

Meet five unsung heroes that showcased their new solutions at the RSA Conference. You may find something you didn't know you needed

Meeting with as many exhibitors as the RSA Conference in San Francisco provides is a daunting task. Invariably, a startup company with a compelling solution is easily overlooked.

RSA Conference 2013
Click here for more articles.

At this year's Conference, the top questions asked were much like last year's. Many people came to the Sophos booth asking about mobile security solutions for smartphones and tablets in respect to bring-your-own-device (BYOD) initiatives. I found that to be very interesting since this year the RSA Conference added a new track called the "human element."

When thinking about BYOD solutions, the primary challenge most organizations have is around protecting data and stopping threats without reliance on the human element. In many BYOD situations, that is not the case -- the human element is in play and unavoidable.

For the benefit of Dark Reading readers who were unable to attend the conference, I decided to find five companies that had their booths in the periphery of the Exhibitor Hall. I selected random companies from each side of the hall that were newcomers or coming back from hiatus.

The concept is simple: to ind out what new solution each was showcasing, what problem(s) the offering solves, what makes its product unique, and how it coincides with this year's topic -- the human element.

I was able to speak with:

iDriveSync
iDriveSync was represented by Shane Bingham, Business Development Associate, who stated that this was its first year in the Exhibitor Hall. The private key encryption for iDriveSync enables users to select a private key that is known only to them; even iDriveSync employees won't have access to the key was what they were showcasing.

This solves the problem of security where accounts with only usernames and passwords are at risk to the employees of the solution provider storing the data. Shane Bingham stated, "Private key encryption prevents anyone from doing that but you." According to Shane, iDriveSync is the only cloud provider that offers the use of private key encryption that makes it unique.

iDriveSync coincides with the topic of the human element in two ways: 1) It takes out the human element of the unwanted humans from accessing your data, and 2) it makes it easier to give you the control that you have access to your data. You won't have to worry about someone else out there digging through your digital data.

For more information, go to the iDriveSync website or Facebook.

ManageEngine
Mason Hering, a Marketing Manager from ManageEngine, shared that this is the company's first year back after three years off, but was an exhibitor at RSA Conference a total of four times. It was showcasing a Password Manager Pro enhancement that offers password management for mobile devices.

The problem solved is when an admin is at a server in a data center. Rather than writing a password on a piece of paper or your hand, you can put the password securely in your smart device. Simply, ease of use and convenience when it comes to saving and retrieving stored passwords. As Mason Hering put it, "[Being] able to delegate access to certain individuals, [Password Manager Pro] can go out and put a password into the system for them and record the session." Those features are what differentiate Password Manager Pro from its competition.

Password Manager Pro coincides with the RSA topic by taking the human element out of the equation and the risk associated with allowing users to handle unprotected passwords.

For more information, go to the ManageEngine website, Facebook, or Twitter.

Pindrop Security
I spoke with Matt Anthony, Vice President of Marketing from Pindrop Security. He mentioned it is a first-time exhibitor this year on the trade show floor; last year it was in the innovation sandbox. During the conference, SC Magazine named Pindrop Security the "Best Rookie Security Company" for 2013.

The company was showcasing a set of solutions to help fight phone fraud: Fraud Detection System and Phone Reputation Service. For example, social engineering attacks on the contact centers in the large enterprises to do fraud. Matt Anthony stated, "When considering the large financial institutions, about 1 in 3,000 calls is a fraud call. It may not sound like a lot but amounts to about $4 billion in losses a year. Contact centers spend about $20 billion to authenticate people as they call into the call center." Pindrop security provides a solution that detects fraud and matches whitelists and blacklists while doing authentication to catch the bad guys.

The solution is unique because "...there hasn't been a solution in the phone channel that addresses the phone piece. The first solution to use multiple detection techniques to identify known attackers and anomaly detection to determine where the call is coming from and the type of device the caller is using," according to Anthony. From that information they can determine if the criminals are spoofing.

The human element topic is addressed because there are always people on the other end of the line. The good guys are battling toe-to-toe (or ear-to-ear) with the bad guys all day long.

For more information, go to the Pindrop Security website, Facebook, or Twitter.

Pwn Pad
The Pwn Pad is an Android-based tablet from Pwnie Express.
Pwnie Express
Anthony Hughes, Director of Government Sales and Marketing from Pwnie Express, said that this was its second year in the Exhibitor Hall. It was showcasing the Pwn Pad, which is an Android-based tablet, similar to the Pwn Phone. The Pwn Pad works on wired and wireless environments. It's able to inject packets, strip WEP, and act as an "evil" access point.

Pwn Pad solves the problem of the human element of social engineering, insider threats, and security awareness. It has a stealthy form factor, and wireless capabilities accessing covert channels for exfiltration. According to Anthony Hughes, "[The Pwn Pad] squarely addresses the human element issues on an Android tablet, which has never been done before."

Pwn Pad is unique because of the form factor and the suite of features offered.

For more information, go to the Pwnie Express website, Facebook. or Twitter.

Skyhigh Networks
I was fortunate to speak directly with the CEO of Skyhigh Networks, Rajiv Gupta. He said that this is the company's first time in the RSA Exhibitor Hall. It was showcasing the company and its new product, which both launched on Monday when the RSA Conference began.

Skyhigh's product solves the problem of exposure and risk with cloud-based providers so that they can benefit from cloud services. Skyhigh is the only company that helps with the discovery and risk assessment of more than 2,000 cloud services in order to control access to cloud services offered as a cloud service.

The human element is addressed because employees are looking to be productive without intent to create risk. Since many IT organizations do not have the visibility or ability to control cloud services, a cloud exposure comes to fruition. The cloud exposure risk forces decision makers to become production inhibitors. Discovering and controlling the cloud exposure helps eliminate risk so that employees can leverage advanced cloud technologies to be more productive.

Skyhigh received recognition this week as one of the top 10 "Most Innovative" companies while at the RSA Conference in San Francisco.

For more information, go to the Skyhigh Networks website, Facebook, or Twitter.

No security, no privacy. Know security, know privacy.

David Schwartzberg is a Senior Security Engineer at Sophos, where he specializes in latest trends in malware, web threats, endpoint and data protection, mobile security, cloud and network security. He is a regular speaker at security conferences and serves as a guest blogger for the award winning Naked Security blog. David talks regularly with technology executives and professionals to help protect their organizations against the latest security threats. Follow him on Twitter @DSchwartzberg

David Schwartzberg is a Senior Security Engineer at Sophos, where he specializes in latest trends in malware, web threats, endpoint and data protection, mobile security, cloud and network security. He is a regular speaker at security conferences and serves as a guest blogger ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15208
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can ...
CVE-2020-15209
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one....
CVE-2020-15210
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and ...
CVE-2020-15211
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices f...
CVE-2020-15212
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to `segment_ids_data` can alter `output_index` and then write to outside of `outpu...