Sign up for my newsletter to see more interviews with the biggest names in cybersecurity.
I hope everyone had a happy New Year! Since it’s a pretty slow news week, I wanted to take the time today to highlight some of the interesting facts that I learned from the people that I interviewed this year. Note that I could’ve written 100 interesting facts because I learned so much from all of my interviewees and it wasn’t easy narrowing it down to 10.
- Dmitri Alperovitch, CTO and Cofounder of Crowdstrike described the benefits of having a cloud-hosted security platform, arguing that the cloud gives the advantage back to the security companies over the hackers. With cloud-hosted products, the security companies can see the bad guys trying to break through their products in real time, and can make patches as necessary.
- James Foster, Founder and CEO of ZeroFox, described the importance of social media security. 2/3 of the world’s population actively uses social media, making it one of the biggest potential vectors of attack. One problem that ZeroFox alone is working on, is automating the detection of impersonator profiles, which have been used to tarnish brands’ reputations.
- Kevin Mahaffey, Cofounder and CTO of Lookout, described the landscape on mobile for mainstream malware and targeted malware. Mainstream malware (often acquired through malicious apps) is much more popular on Android because more of the world uses Android (especially in the countries where the malware tends to be developed) and because Google is less restrictive on the apps available for download. The first case of mainstream malware on iOS was found in 2014.
- Eric Winsborrow, Founder and CEO of Shadow Networks, says that endpoint security is just as fallible as network security. Some people have stated that companies should focus on endpoint security over network security. Eric argues that we need to start looking beyond the initial phases (network breached or endpoint breached) of the cyber kill chain.
- Stephen Boyer, Cofounder and CTO of BitSight Technologies, described how BitSight creates and applies cyber risk ratings. BitSight’s research has demonstrated that cyber risks can be quantified in a manner similar to credit risks
- Deepak Jeevankumar, a principal at General Catalyst, described the cybersecurity sub-sectors that he thinks could soon grow into billion dollar markets. These include threat intelligence, insider threat management, 3rd party vendor risk management, and next-gen DLP.
- Caleb Sima, Cofounder of BlueBox Security, describes why mobile device management is shifting to mobile data management. Sima points to the example of servers when they first came out. The initial goal was to protect the network with firewalls, then the goal was to protect the servers, then the goal was to protect the applications on the server and then finally to protect the data inside the applications. The same is happening with mobile–mobile device management protects the device, now we need to focus on protecting the applications and data on the devices.
- Rami Essaid, the Founder and CEO of Distil Networks, described the function of bots on the web. Good bots, like those used by Google, scan web pages and allow Google to provide relevant search results. Bad bots have been used to crawl the web and extract data in major data breaches like those caused by Snowden and Manning.
- David Canellos, former Perspecsys CEO, details the key capabilities of any cloud access security broker. These capabilities include cloud visibility, cloud access security, and data compliance, protection and residency.
- Tomer Weingarten, Cofounder and CEO of SentinelOne, details the EDR market and where each of the players (Tanium, Cylance, Bit9+CB) compete.
Thanks for reading and I hope that everyone has a great 2016!