informa

Tech News and Analysis

DR Technology

Identity Eclipses Malware Detection at RSAC Startup Competition

All 10 finalists in the Innovation Sandbox were focused on identity, rather than security's mainstay for the last 20 years: malware detection.

At the recent RSA Conference, malware detection got the cold shoulder among the 10 Innovation Sandbox finalists, illustrating how differently security looks after the pandemic cloud migration. It also indicates the investor community may consider malware a lower priority.

RSAC's Innovation Sandbox is a Shark Tank-like competition for cybersecurity startups, where entrepreneurs present dueling pitches to a panel of investors. SecDevOps startup Apiiro took the top prize with its single pane of glass for reporting threats and automating review, testing, and remediation. A second SecDevOps startup, Wabbi, also touted a broad risk management approach and boasted this year's only female founder.

The scramble to secure the new cloud infrastructure dominated the competition, which led to some controversy. Finalists were announced in April, a month before historic ransomware attacks against American oil and the global food supply chain. In light of this awkward timing, one wonders if the judges regret not allowing a malware detection startup into the finals.

Malware is the digital spear disrupting and damaging infrastructure. Yet there's an underlying truth about malware's diminishing role in the cloud that these judges know all too well.

Installing native software agents across the cloud to remotely control it has been an industry failure. Cloud VMs, containers, and their IP addresses may be recreated up to thousands of times per hour, creating a brutally ephemeral environment. Malware's difficulties in the cloud are quite analogous to the agent problem. Like software agents, malware must install natively across the cloud and maintain connectivity for command and control.

Compounding the problem, the public cloud and serverless technologies often lack a true runtime environment, allowing the installation of agents or malware.

Furthermore, malware spreads itself by discovering and infecting adjacent systems. Consider how few lateral movement opportunities there are in the cloud, as a Fortune 500 company's assets span disparate cloud vendors, segmented and ephemeral networks, and software-as-a-service (SaaS) apps.

For all these reasons, vendors embrace "agentless" approaches, controlling the cloud via APIs, now a favorite of hackers as well. Along with APIs, the human interface shell (think command line or the Web browser) are the only ways to reliably access cloud components.

Both API and shell access require authentication through the identity layer produced by secure access service edge (SASE) zero-trust products. Finalist Axis Security is a good example. From its cloud, it authenticates users, even from unmanaged devices, brokering a secure session to a company's many cloud components. In true zero-trust fashion, Axis monitors and continuously reauthorizes accounts throughout a session, as long as they remain compliant and well behaved.

One can see why after years of defending Azure, Microsoft CISO Bret Arsenault told me in 2019, "Hackers don't break in, they log in," and to defend the cloud he says, "Identity is the new perimeter."

Yinon Costica, co-founder and VP of products at Wiz, another finalist, pointed out that identity is even more than a perimeter. "Identity is the new vehicle in order to get from one place to the other," he said.

After the SASE identity layer is pierced and credentials are stolen, Costica described hacking the cloud through the eyes of threat actors, "I get a shell on a machine that's running in a cloud environment somewhere. Now I can use [Amazon Web Services] APIs. I can use a role that's assigned to the machine. I can scan the filesystem for secrets," he said. "I don't need any malware."

Instead of malware, Wiz focuses on identities, the secrets they access, the networks they touch, and vulnerabilities. In its Innovation Sandbox pitch, Wiz claimed 10% of the Fortune 500 purchased its product within its first six months of sales.

A competitor, Deduce, provides identity intelligence to spot risky logins. Finalist Strata migrates legacy applications to the identity layer, abstracting away details with orchestration.

The advertising tech industry also made a mark on Innovation Sandbox. Often dubbed "surveillance capitalism" by privacy advocates, ad tech produces sophisticated human intelligence. Startup Abnormal Security brings seasoned ad tech experts to email security. It believes providers such as Microsoft or Google already have excellent email threat detection, and focuses its behavioral analytics on the most advanced attacks.

Innovation Sandbox's final three competitors secure emerging DataOps. This new attack surface is arising as data vendors such as Snowflake migrate information to specialized data clouds. Open Raven identifies and classifies data. Satori is a low-latency gateway that masks sensitive information before forwarding it. Cape Privacy helps organizations share data with outside AI experts, something Cape accomplishes by exposing an encrypted version of data that hides secrets but still preserves usefulness.

The malware vs. identity debate illustrates why Innovation Sandbox is a favorite among trend watchers. For years to come, malware will continue compromising endpoints, as well as the Internet of Things and operational technology (OT) devices. Malware is still king for ransom and disruption, and for these reasons, 2021's choice of finalists was controversial.

In 2021, Innovation Sandbox was also a teaching moment. Malware can still be used against specific targets in the cloud. Yet the cloud is heterogeneous, ephemeral, and a peculiar runtime environment. All of which are eroding malware's reign as the universal hacking tool. With the SASE identity layer, increasingly hackers don't break in, they log in.

Recommended Reading:

MODULE B: Latest content for DR

High-Profile Breaches Are Shifting Enterprise Security Strategy

Increased media attention is driving changes in enterprise security strategy -- some positive, some negative.

Increased media attention is driving changes in enterprise security strategy -- some positive, some negative.


7 Smart Ways a Security Team Can Win Stakeholder Trust

By demonstrating the following behaviors, security teams can more effectively move their initiatives forward.

By demonstrating the following behaviors, security teams can more effectively move their initiatives forward.



What Are Some Red Flags in a Vendor Security Assessment?

The last thing you want is a vendor that lies to you about its security practices.

The last thing you want is a vendor that lies to you about its security practices.


MacOS Security: What Security Teams Should Know

As more macOS patches emerge and cybercriminals and nation-states take aim at the platform, experts discuss how macOS security has evolved and how businesses can protect employees.

As more macOS patches emerge and cybercriminals and nation-states take aim at the platform, experts discuss how macOS security has evolved and how businesses can protect employees.


Loss of Intellectual Property, Customer Data Pose Greatest Business Risks

The slightly "good" news? Security professionals are a little less concerned about certain threats than last year, according to Dark Reading's "State of Incident Response 2021" report.

The slightly "good" news? Security professionals are a little less concerned about certain threats than last year, according to Dark Reading's "State of Incident Response 2021" report.


Name That Edge Toon: Mobile Monoliths

Feeling creative? Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.

Feeling creative? Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.

Oct 04, 2021


Why Windows Print Spooler Remains a Big Attack Target

Despite countless vulnerabilities and exploits, the legacy Windows printing process service continues to be an attack surface in constant need of repair and maintenance, security experts say.

Despite countless vulnerabilities and exploits, the legacy Windows printing process service continues to be an attack surface in constant need of repair and maintenance, security experts say.


10 Recent Examples of How Insider Threats Can Cause Big Breaches and Damage

Theft of intellectual property, sabotage, exposure of sensitive data and more were caused by malicious behavior and negligence at these organizations

Theft of intellectual property, sabotage, exposure of sensitive data and more were caused by malicious behavior and negligence at these organizations


Editors' Choice
Jack Naglieri, CEO and Founder, Panther Labs