Thought Leaders in Cyber Security: Neal Creighton, CEO of CounterTack (Part 2)

Neal Creighton: There are some good statistics that anti-virus stops only 50% only of the attacks. Most of those are mass and junk threats. The rest gets through. Of the very dangerous attacks that we’re reading about on other retailers and government agencies, it stops pretty much zero of those types of attacks and yet we’re still relying on it. There’s a big change in the industry right now to try and pick up the threats that haven’t been seen before. We have to do that through different techniques than what anti-viruses use. We’re in the middle of a pretty large shift where the anti-virus technology, I believe, will go away. It’s still relevant. It’s still useful in some capacity. To stop new types of attacks we need different technology. That’s where we play and that’s where some of our competitors play.

Sramana Mitra: Essentially, you are providing something that replaces anti-viruses. That’s the crux of what you said?

Neal Creighton: That’s our eventual goal. Right now, we’re focused on letting the anti-virus keep out the mass viruses that are not trying to do damage other than bog down machines, and focus on the state-sponsored or criminal elements that are trying to steal data that are much more >>>

Thought Leaders in Cyber Security: Neal Creighton, CEO of CounterTack (Part 1)

Have you wondered what if cyber criminals could be tracked down and convicted like regular criminals? Very interesting discussion on that related issues, as well as possible entrepreneurial opportunities.

Sramana Mitra: Let’s start with some background about yourself as well as CounterTack.

Neal Creighton: I’m the President and CEO of CounterTack, which is a cyber security company. I’ve been in cyber security for about 18 to 20 years now. This is my fifth cyber company. All venture-backed. A couple of those companies are with Semantic now and one is owned by Trend Micro. CounterTack has a very big value proposition. We’ve been around for six years or so and have about 100 employees. We’ve raised $70 million or so in total. We are one of the leading companies trying to solve the problem of all these threats attacking major corporations that you read about in the newspapers these days, whether they’re State-sponsored, activist groups, or criminal elements. >>>

Thought Leaders in Cyber Security: Andrew McLennan, President, North America of Inside Secure (Part 6)

Sramana Mitra: Switching topics, can you talk about open problems that you recommend entrepreneurs ought to be working on that you’re hearing from customers or you’re observing?

Andrew McLennan: That’s a tough one. I’m very focused on what I do. However if I speak outside of my experience, I think wearables is going to be the new frontier. That area, whether it’s software or hardware, is probably the hottest place for entrepreneurs to be. >>>

Thought Leaders in Cyber Security: Andrew McLennan, President, North America of Inside Secure (Part 5)

Andrew McLennan: Hacking cars is essentially a numbers game. What is the risk of your car being hacked when you’re doing 50 miles an hour? The only acceptable answer should be zero. Any other answer that means a non-zero chance of death due to software in your car is unacceptable. That would just kill the product.

Sramana Mitra: I know what you’re saying, but it’s not just the brakes switched off. It could be all kinds of other things.

Andrew McLennan: When we do have autonomous cars and they’re driving themselves, someone can hack the software and kidnap you. It could be anything from location tracking to stealing your car. It could be just stealing data that’s in your car for whatever purpose. There are so many hacks in car systems. It’s terrifying. >>>

Thought Leaders in Cyber Security: Andrew McLennan, President, North America of Inside Secure (Part 4)

Sramana Mitra: Let’s switch the discussion to Internet of Things. On our blog, we have two series that are related. One is cyber security and the other is Internet of Things. One of the issues that we’ve been hearing about from various people is that there are large swaths of the Internet of Things applications that customers  are not going forward with because of security concerns. If you turn everything on a retail shelf into an Internet of Things situation, the surface area that can cause cyber security breaches goes up exponentially. Retailers are cautious about that and are afraid of that. Tell me what you are seeing in your work with Internet of Things. What is your approach with Internet of Things? How are you adding to the challenge of the Internet of Things situation?

Andrew McLennan: I’ll deal with the hardware aspect of that first, then I’ll talk somewhat on the software. What we see with Internet of Things is that people are selling the product. They don’t have a high degree of security if any at all. What we see on the hardware side is people >>>

Thought Leaders in Cyber Security: Andrew McLennan, President, North America of Inside Secure (Part 3)

Sramana Mitra: I have a follow-up question. If you look at the space of security in the context of payments, both mobile payments and desktop payments, who are the major security vendors and what are the differences in the key approaches? You have, of course,  just described your approaches. What are the key approaches in the industry and why is one better than the other?

Andre McLennan: There are three basic approaches and a variety of vendors across the space. You can use hardware to secure where you host Java code. All the processing is done in the hardware, and you’ve the most secure processing environment. But I think we’re all aware now that hardware is never 100% secure. It’s a great paradigm for payment, but the problem is it requires the maker of the payment application to understand what the hardware is. This is where you see the likes of Apple Pay come in, because they understand what their hardware is.  They can devise a payment experience knowing exactly what the hardware platform is. Of course, what that means is if the hardware is compromised, everyone loses. Every single person’s security is compromised. >>>

Thought Leaders in Cyber Security: Andrew McLennan, President, North America of Inside Secure (Part 2)

Sramana Mitra: Let’s take a few examples. Let’s take maybe one example from the chip side and one example from the credit card side and talk us through how exactly this works.

Andrew McLennan: I’m the software specialist, so I can give you more detail on the software side and less detail on the hardware side. I’m going to take the use case for host card emulation. In October 2013, Google removed the need for radio device to have to talk directly with a hardware element. Before Google did this, the SIM card was holding a secure element, which is basically a cryptography engine and hardware. If you want to make a mobile payment, the mobile network operators are in control of the SIM; therefore, you had to work through them. The cost of mobile network operators was demanding at that point. Android Google topped the market by allowing anyone to make a payment without passing through the SIM. >>>

Thought Leaders in Cyber Security: Andrew McLennan, President, North America of Inside Secure (Part 1)

I am still digging into the issue of vastly enhanced exposure to cyber security threats with the advent of Internet of Things. Here we discuss that and other issues.

Sramana Mitra: Let’s start by introducing our audience to yourself as well as Inside Secure.

Andrew McLennan: I currently serve as the President of US for Inside Secure. Inside Secure is a public company headquartered in France. We basically focus very strongly on embedded security and in particular, security elements and software security. My own particular expertise is in the area of software security, which is quite hot in the payments industry and finance in general.

Sramana Mitra: Talk to me a bit about the broader trends in your space and how does what you are doing align with those trends? >>>