Thought Leaders in Cyber Security: Markus Jakobsson, Chief Scientist of Agari (Part 2)

Markus Jakobsson: My work at Agari now is to identify the trends, preferably, before they even start becoming noticeable to others and identify how to block them.

Sramana Mitra: What kind of customers are primarily using Agari?

Markus Jakobsson: A large number of companies use a product that blocks scammers from spoofing companies. Many of them are in the financial sector, or are insurance companies and health service providers. The set of enterprise customers who use the second product in order to protect themselves and their own enterprise users is slightly smaller, but is largely the same. >>>

5 Thought Leaders in Cyber Security

As seen from some of the biggest news headlines in recent weeks, Cyber Security is clearly becoming a bigger challenge every day. All websites, apps, and enterprises are exposed, vulnerable. The following discussions with some leaders in the industry explore the topic in depth, and offer some pointers to open opportunities for entrepreneurs.

• Thycotic CEO James Legg and Founder Jonathan Cogley: Password management is a nightmare. See how the industry is evolving.
• Anand Adya, CEO of Greenlight Technologies: Cyber Security is fraught with all sorts of risks. We discuss application security here as it pertains to malware intrusion.

>>>

Thought Leaders in Cyber Security: Leo Taddeo, Chief Security Officer, Cryptzone (Part 5)

Leo Taddeo: We’re going to see more focus on data privacy and protection and controlling access to content in an enterprise. That dovetails with this trend towards using Big Data for business analytics. Here’s what I mean. There’s tension between allowing employees access to data they need and maintaining privacy and confidentiality of data. Those two things need to be balanced.

They’re difficult to balance because classification and access management becomes difficult in a large enterprise. The trend towards allowing our employees to access the data they need for analytical purposes is in tension with our need to maintain privacy and confidentiality of records. I think cyber security vendors who can manage the very fine granularity and tight control of what a person can access will provide real value to a trend that is emerging and developing. That is a trend towards really focused use of large datasets to analyse business problems. >>>

Thought Leaders in Cyber Security: Leo Taddeo, Chief Security Officer, Cryptzone (Part 4)

Leo Taddeo: What some people spend a lot of time on is embrace the return on investment type of calculation. We’ve seen studies where people have put a dollar value on a loss of a data record. It’s somewhere between $80 and $200. Then they count up the number of records that they have, potentially, at risk, and do a simple multiplication.

Then they’ll say, “Our return on investment is in the tens of millions of dollars because we could potentially use all of these records, and they cost a hundred dollars each.” That appeals to a numbers-oriented enterprise but to me, it doesn’t have a lot of value because the numbers are so subjective. It looks like data, but it’s not. It looks like a formula, but it’s not. We see some breaches where the data loss can be very small but impactful. We see other breaches where there’s a lot of data loss and not so impactful. >>>

Thought Leaders in Cyber Security: Leo Taddeo, Chief Security Officer, Cryptzone (Part 3)

Leo Taddeo: The second challenge I think a lot of them are facing is the complexity requirement and the specialization of the IT security staff that they need. CISOs in every private enterprise and in every government agency out there are competing for the same talent. They’re competing for the same experts. The lack of these experts and the cost of these experts is driving up security cost. It’s bringing security down because the turnover in security personnel reduces the security posture for an enterprise. >>>

Thought Leaders in Cyber Security: Leo Taddeo, Chief Security Officer, Cryptzone (Part 2)

Leo Taddeo: Our approach is that it’s very difficult to protect user credentials, and so the philosophy behind the software-defined perimeter is not only to do a very robust authentication of the user through attributes on the machine and other verifiable attributes, but also to prevent that user from going beyond the resources that they have legitimate access to. That, in effect, prevents critical stages of every attack that we’ve seen in the last 10 years. The attacker needs to move from an unprotected part of the network into a more sensitive part of the network. >>>

Thought Leaders in Cyber Security: Leo Taddeo, Chief Security Officer, Cryptzone (Part 1)

This discussion starts with perimeter security, and expands into a broader study of CISO priorities.

Sramana Mitra: Let’s start by introducing our audience to yourself as well as to Cryptzone.

Leo Taddeo: I’m the Chief Security Officer of Cryptzone. Cryptzone is a technology company providing security software to small and large enterprises and a number of organisations in between from financials to manufacturers. We provide security software in the form of an enterprise gateway called AppGate and two other data loss prevention products: Security Sheriff and Compliance Sheriff. >>>

Thought Leaders in Online Education: Felix Odigie, CEO of Inspired eLearning (Part 3)

Felix Odigie: When you think about where we actually win, it is in the analytics. You’re training to be more security-aware. How do you measure that? You must be able to show this analysis to the customer and the customer will show it to their executives. That’s what we do. We have a very advanced analytics software in our portfolio. That’s a very strong differentiation for us.

Think of what we’re doing as an antivirus, if you will. We try to prevent hacking access through humans. The next stage of evolution which we’re doing now in partnership is to have a partner who can deploy endpoint solutions just in time. You have FireEye. We have the content and the training.

Now you have a partner who can monitor user activity. When you click on the wrong email twice and you’ve been trained before, it’s time to get trained again. That automatically triggers training. It’s like an antivirus check with more advanced analytics and better ways to ensure that. This is more of a complete solution. >>>