Q1. What do organizations need to understand about the potential security risks of using cloud email services? What should they be doing to mitigate the risks?
Although communication methods are changing and collaboration tools are becoming more prevalent, email remains the lifeblood of business communication today. In fact, our 2022 State of Email Security Report found that the rate of email usage rose in eight of 10 companies in 2021. Not surprisingly, email serves as the primary attack vector for cybercriminals; they target where the action is, and they’re not slowing down. In the same report, our research found that 72% of companies are experiencing higher levels of email-based threats. Our increasing dependency on digital communications and hyper-centralized infrastructures are creating new opportunities for threat actors to infiltrate organizations.
These market trends point to a critical need for organizations to better prioritize email security as a core business competency. Within the “always-on” dynamic of hybrid work structures, organizations need a strong balance of products and people that keep them proactive and protected in the face of cyber threats.
There is also critical risk associated with leaving Microsoft 365 or Gmail without an additional layer of email security in place. While these solutions deliver many benefits, they can’t always address real-time cybersecurity needs. Mimecast mitigates risk by layering on email security products that greatly enhance protection for our customers, while reducing complexity and cost.
To protect email to the highest degree possible, organizations should seek a partner who will work in lockstep with them.
Q2. How are adversaries taking advantage of AI and ML techniques to refine email attacks? How should security teams be responding to the threat?
The use of AI and ML across the cybersecurity community has been a positive development and is a compliment to IT teams and the solutions they deploy. However, threat actors have also taken notice and are now leveraging the technology themselves to try and score big wins. In the same way we study them, they study us.
Cybercriminals are constantly looking for new vulnerabilities to infiltrate an organization’s network. One-way adversaries are taking advantage of AI is by mimicking human behavior to try and bypass systems and create sophisticated social engineering attacks. Adversaries can also use AI and ML to identify user passwords, thus making their efforts exponentially more effective; and let’s not forget predatory deepfakes, which are becoming more advanced by the day.
The good news is that cybersecurity providers can leverage AI and ML to bolster their protection efforts. For example, our CyberGraph product utilizes AI to protect against the most evasive and hard-to-detect email threats, limiting attacker reconnaissance and mitigating human error. CyberGraph continually learns and evolves with threats, helping organizations to stay one step ahead. By gaining a deeper understanding of relationships and connections between senders and recipients, CyberGraph can detect and alert users to questionable behaviors. These alerts engage the user at the point of risk, adding a much-needed layer of protection for the advanced threats adversaries put forward.
Q3. What does Mimecast plan on highlighting for customers at Black Hat USA 2022? What can they expect from the company at the event?
Black Hat 2022 comes at a very exciting time for Mimecast. We are amidst a period of transformational growth and are energized about the opportunity to build a bigger and better company. We are proud to empower our customers to work protected. This year we will be announcing the upcoming availability of our Mimecast Email Security (Express Configuration), in addition to our existing email security product, Mimecast Email Security (Gateway Configuration), both of which will deliver the same world-class level of email security efficacy.
Mimecast Email Security (Express Configuration) will be a 100% cloud option and perfect for organizations with lean IT teams. This option will require little to no policy customization and there will be no need to redirect their MX record. It is gateway-less and can be deployed in minutes to provide best-in-class email security protection for organizations of all sizes.
Mimecast Email Security (Express Configuration) will be available this fall, and organizations can pre-register for a free trial by visiting our booth. We are thrilled to offer this new configuration to our customers and look forward to protecting more organizations with best-in-class technology that is trusted by 40,000+ organizations around the world.
Q1. You were CISO at the CIA before joining Rubrik recently. What are your immediate priorities in your new role? How do you expect your experience with the CIA to help you in your present role?
There are a few major priorities. One is ensuring that Rubrik’s internal cybersecurity program is growing, expanding, and keeping pace with the company as it grows. Part of that requires adding more talent and also enhancing the skills of the talent we already have as the organization continues to evolve. Another piece is around focusing on the product and its capabilities and features. As we continue to innovate to encompass more data security capabilities, we need to ensure that the right cybersecurity practices, techniques, and procedures are also put in place. There may be different or evolving cybersecurity threats as the organization moves through its growth phase, and we should be able to adapt accordingly.
Anybody that’s focused on cybersecurity in the public sector and moves to the private sector is well aware of the need for collaboration and partnership between public and private sector entities. There’s a great opportunity for threat intelligence sharing. Many private sector companies are significant providers of goods and services to the larger economy. There needs to be a good partnership between public and private organizations as it relates to threat intelligence. It’s important for us to know how the federal government can liaise with private sector companies to understand threats and build up resilience and cybersecurity practices.
Q2. As a CISO at a cybersecurity company what threats are you concerned about the most and why?
There are two primary threats. The first is threats to the product itself. We want to ensure we are keeping our customer base safe and that they are working with a secure product. We want to make sure as we develop products and continue to build new features and capabilities, that we’ve done the necessary cybersecurity regression testing, code base analysis, and feature analysis. That’s paramount to our focus and to our operations. Secondly, as a cybersecurity company, it’s important that we’re investing in people, processes, technology, skills, and training that give us greater acumen. That’s for two reasons. We want to ensure that all of our business continuity, the way that we operate, has the highest regard for cybersecurity and is making the right investments to ensure that. [Secondly], our customers will want to hear from us about cybersecurity best practices. We strive to be an organization that lives and breathes cybersecurity best practices on a daily basis. That will help us as we engage with our customers and talk to them about what we’re doing to secure our own IT infrastructure that they might look to as lessons learned or opportunities to improve their cybersecurity.
Q3. What do you expect will be top of mind issues for CISOs and other security leaders at Black Hat USA 2022?
The pace of cyberattacks is certainly not slowing down. Ransomware attacks have increased exponentially in the past couple of years. We live in an environment where attacks against data are monetized. This includes the theft of intellectual property, holding your data needed for business operations hostage, the sale of data on the black market, and identity theft. CISOs will be keenly interested in what are the best practices that other organizations are doing. Professional network building among CISOs is critical.
Security leaders should be looking for open lanes of communication to other organizations to understand that they’re not on an island and can constantly learn from each other and share best practices for enhanced cybersecurity. The conference will bring defensive awareness to a larger group so that CISOs are working through not only defense in depth within their organizations but also as a community across the larger ecosystems. Building a community framework to enhance the knowledge we have of cybersecurity incidents and sharing that knowledge will give us all a leg up so that individuals don’t have to deal with cybersecurity threats in a way that’s uninformed.
Q1. What do security teams and administrators need to know about the security risks associated with cloud middleware? How should they be using the Cloud Middleware Dataset project that Wiz unveiled recently?
It is essential for cloud organizations to treat cloud middleware software and study its potential risks, as they typically do when installing third-party software. Each cloud middleware software presents different risks. Some expose cloud users to local privilege escalation exploits, and in some cases, cloud middleware software even puts cloud customers at risk for remote command execution by malicious actors. In the absence of visibility into this software, cloud users cannot assess the risk of the cloud middleware installed in their environment. Each cloud service implicitly installs different cloud middleware software, making it tough to track and detect cloud middleware risks in cloud environments.
To immediately address those risks, Wiz recently launched a community-driven cloud middleware dataset detailing the “secret” agents installed by the different cloud services. This way, cloud customers can use this dataset to gain better visibility to cloud middleware software. The next time a new vulnerability pops up in cloud middleware software, customers will immediately know if, and how, they are affected. Mapping all the agents that cloud providers are installing is not an easy task. We ask that the security community help us by contributing and keeping the database updated. It can be found by visiting github.com/wiz-sec/cloud-middleware-dataset.
Q2. Wiz has attracted some $600 million from various funding rounds so far, including one which valued the company at $6 billion. What is the company doing that has attracted so much market attention?
Cloud security is broken. Solutions today are complex, fragmented, and generate too many alerts for security teams. This foundational problem is one that we have seen arise time and again, and why my co-founders and I decided to build Wiz: to provide a cloud security solution that delivers total visibility and lets security teams focus on the real risks. This vision has resonated with customers.
In just two over two years, Wiz has grown to protect hundreds of organizations, including 20 percent of the Fortune 500. And as a result, Wiz has become one of the fastest-growing cybersecurity and SaaS companies in the world. This success can be attributed to, among other things, the fact that Wiz provides visibility and context to cloud risks no other product can. Organizations can deploy Wiz in minutes across all major cloud platforms to seamlessly scan their workloads via a completely agentless, API-centered approach, giving organizations nearly instant coverage of their entire cloud environment – with no blind spots.
Wiz works across the most complex cloud environments to show critical risks and toxic combinations that should be prioritized immediately. It gives developers who are responsible for risk the capabilities to resolve issues before they hit production, helping bridge the gap between cloud builders and cloud defenders. In fact, Wiz is mostly used by engineers, as opposed to members of security teams. At the heart of what sets Wiz apart is the Wiz Security Graph. As opposed to long, contextless lists of siloed alerts and risks, the Wiz Security Graph displays all cloud resources along with their fields and interconnections in near real-time to correlate and find attack vectors no other technology can. It allows security and developer teams to focus on real risks.
Q3. What do you expect customers would want to see and hear from Wiz at Black Hat USA 2022?
The cloud is the most secure environment for organizations but needs to be used correctly. Much of the risk that comes from the cloud is the result of complexity caused by multiple clouds and architectures and thousands of technologies in customer environments. In turn, it’s difficult to operationalize a holistic cloud security strategy, causing gaps in visibility and a lengthy time to resolve critical risks. This doesn’t bode well for helping organizations prevent the top threats in the cloud, namely supply chain risk, including CSP or user-installed software, as well as user-granted third-party permissions.
Secrets exposure is another top risk we commonly see. Attackers can capitalize on secrets that are used insecurely or left in code to gain access to sensitive data, highly privileged roles, product environments, and so on. Breaches via exposed databases are nothing new, but we continue to see the same mistakes that make these possible, such as misconfigurations of databases and storage services, exposure of internal services to the internet, and overly permissive identify policies. We’ve seen a rise in threat actors that target cloud accounts and workloads and leverage cloud native features. In addition, over the past year, Wiz researchers have discovered critical, cross-tenant vulnerabilities in cloud service providers that make clear that platforms still have work to do to ensure they stay ahead of attackers and harden their architectures.
To help cloud customers track, remediate, and gain better visibility into cloud vulnerabilities, researchers from Wiz and others in the community recently launched cloudvulndb.org. The community-driven site catalogs CSP security issues in a new format and lists the exact steps CSP customers can take to detect or prevent these issues in their own environments. The site paves the way to an industry-wide, centralized cloud vulnerability database.
