Keynote Presentation by Ted Ross, Authority on the Cyber Underground
Giving a keynote whose sub-title was Turning the Tide: Dragging Criminals out of the Shadows, for Ross, safety was all about trusting no-one and nothing – not even your spouse – and especially not your employee or customer or supply chain logins. We focus on getting data from criminals, he said. Account take-over is the no.1 attack vector, and the theft of credentials the most frequent online criminal activity. From a user perspective, the biggest issue is password re-use. The best defence is to use a password manager, Ross said.
He talked about hidden attack surfaces, such as employees at home as criminals can go after family members. As an example: he cited one individual who found his account on Fantasy Football was hacked because he re-used the same password on mail and the bank. The criminal hacked the account, reset the bank’s password, and the criminal then stole his retirement funds.
The biggest fraud is business email compromise – only 3% of stolen funds are ever recovered.
How does it work? Credentials are harvested from a website, they get email addresses and old and new passwords. A team of criminals then focus on monetising the information. Over the next few years, they fingerprint the organisation, try and log in using stolen credentials. Tools will try thousands of different permutations of your password. Password rotation doesn’t work because becomes another attack surface. A couple of years later they finish monetising the data, then the data ends up on the ‘dark web’ – on some forum somewhere. Hundreds of people now have access to it. By this time, it’s too late to remediate because it’s already been used.
One fintech company found that 10% of attacks are targeted. Once the credentials become a commodity, they form the basis for 80% of all attacks, and that’s the part that the security industry is focussed on. But the initial 10%, before the dark web phase, causes 80% of the loss.
So you need to react quickly, change passwords.
Ross then demonstrated how stolen data can be used to hunt criminals. Ross used Maltego to drill down on one individual, look for his online activity, identities and passwords. Enterprise example: one medium-sized bank – he looked for a bank’s employees who used the bank’s IP address to access the web.
He showed how to respond to strange emails, especially those demanding money, ie look at the raw email header data – although even that can be compromised.
Keynote panel session
The Dark Web: Fight back to protect your networks and data
Chair: Vikram Phatak, Founder, NSS Labs
Panellists: Ted Ross, CEO & Co-Founder, SpyCloud; Jan Guldentops, “White Hat” Hacker; Thomas Edwards, Special Agent in charge at US Secret Service, San Francisco Field office
Phatak asked about losses. Ross said companies know they have lost data but underestimate their losses. Guldentops said there are so many ways of cashing in, all we see is credit card fraud. Ross said people buy gift cards to launder the stolen cash. Edwards said criminals use encrypted communications and are global in scope, they can send a message and get an instantaneous response to attack a vulnerability.
Phatak: Can it be cleaned up – can you retrieve data after the fact? No – was the panel’s response.
Phatak said medical records are being stolen – why? Edwards said they can use it for information to get surgery or a procedure. Also use it to embarrass a high profile individual / politician for extortion. Guldentops said there’s no solution – once your data is out there it’s game over.
The panel then swapped anecdotes…
Conference Debate Session V – Wide Area Networking: As the technology and players mature, what’s happening with SD-WAN and MPLS?
Chair: Erin Dunne, Director of Research Services, Vertical Systems Group
Panellists: Conrad Menezes, VP Industry Initiatives, CTO Office, Aruba; Prashanth Shenoy, VP Marketing for Enterprise Networking, Cisco; Kelly Ahuja, CDEO, Versa Networks
Dunne opened the session with her research, which illustrated how MPLS services have shown solid growth over the last 20 years – it’s a $40b market, although more concentrated at bandwidths above 1.5Gbit/sec. Revenues are down across all access speeds but above T1 speeds, MPLS is still strong with no drop off. But below those speeds, people are using SD-WAN – top service providers are AT&T, Hughes, Verizon, Windstream, CenturyLink – all are top MPLS providers too. Top tech suppliers to the SPs are VMware, SilverPeak, Versa, Cisco.
She asked: what is your company’s USP from a SI/carrier point of view? Each panellist gave a pitch for their company.
Do you agree that low speed sites are going towards SD-WAN away from MPLS, she asked? Ahuja said companies doing their own service provision are doing this. It’s a large mass market for those without their own network teams who go for managed services, but some SPs realise that their customers want a co-managed service so they can do their own policy settings. Other sectors such as retail don’t use MPLS.
Shenoy said MPLS is still around in large enterprises, it offers high reliability and performance. But now you have high speed and reliable broadband technology. So usage is changing. Menezes said MPLS is dying because of the cost. Customers can save by moving to alternative eg fibre broadband. Ahuja said we don’t see that – large enterprises want dedicated access with SLAs, they might use low cost consumer broadband as backup.
What’s driving SD-WAN – use cases? Menezes said workloads are moving to the public cloud. We see the ability to manage the WAN from a single pane of glass as the biggest attraction. Shenoy it’s all about the business outcomes – SD-WAN only exists because of the cloud, it reduces costs, offers transport independence, and guarantees of security policies. Ahuja said SD-WAN is about visibility and control in a programmable and automated way. They want disaggregation of software from hardware. Shenoy said yes, people do want that – but SD-WAN is not a one size fits all – each use case is different.
Conference Debate Session VI – Rapidly Evolving Trends in Cloud Networking Security and Cloud-Native Security
Chair: Scott Raynovich, Principal Analyst, Futuriom
Panellists: Kevin Deierling, Chief Marketing Officer, Mellanox Technologies; MK Palmore, Field Chief Security Officer, Palo Alto Networks; Kelly Ahuja, CEO, Versa Networks
Raynovich talked about the landscape from the network manager’s point of view: changes wrought by the cloud growth, increased WAN bandwidth, greater demand for security flexibility, network appliance sprawl, need for orchestration, visibility and automation from the cloud. Security needs to be everywhere but there are hundreds if not thousands of vendors and technologies. So it’s a management not a technology issue – most breaches are down to human error – eg patching. Security? SD-WAN makes security a default – end users say that’s the biggest driver for SD-WAN.
The panel introduced themselves and their roles. Palmore talked about his previous role at the FBI and his current one at Palo Alto.
Can networks keep up with the processing demands of encryption? Deierling said two of our major customers put encryption into their datacentre so everything is encrypted.
How much is and should be encrypted? Palmore said best practice means encryption should be adopted for data at rest and in transit. Ahuja said our job is to provide the ability to encrypt wherever a customer needs it. At high speed networking – eg 200Gbit – hardware assist is essential. Future WiFi standards will include an encryption option. Deierling said hardware assist is not sufficient. With VMs and overlay networks, NICs are doing all that work. If you use software to encrypt, all that breaks – because the NIC never knows what’s in the packets. We think encryption needs to be inline in the NIC.
Shouldn’t SD-WAN vendors and firewalls merge as they’re doing the same thing? Palmore said a firewall is a specialist technology. Ahuja said this is a new space with innovation – we give the customer the option to do firewalling wherever they prefer using any vendor. It’s about solving the customer’s problem.
Conference Debate Session VII – Hyperscale for Enterprises: You don’t need to be Google or Facebook to achieve datacentre greatness
Chair: Brad Casemore, Research VP, Datacenter Networks, IDC
Panellists: Kevin Deierling, Chief Marketing Officer, Mellanox Technologies; Mansour Karam, CEO & Founder, Apstra; Kyle Forster, Founder, Big Switch Networks; Mike Capuano, Chief Marketing Officer, Pluribus Networks
BC talked about the way that datacentres have grown to become hugely capable facilities. The panellists introduced themselves and were invited to talk about their customers’ challenges when setting up, configuring and operating modern datacentres. Capuano said he was helping medium-sized companies move to a full datacentre model. Deierling said you can use technologies that hyperscalers use even if you’re not a hyperscale company – open networking is the key. Karam said the decoupling of software from hardware is what’s driving this – just don’t choose a hardware vendor to make this work as you’ll be locked into that vendor’s technology, ie look at software first.
Conference Debate Session VIII – Edge Computing-Driven Transformation of Data, Management and Applications
Chair: Gerry Christensen, Founder & CEO, Mind Commerce
Panellists: Kevin Deierling, Chief Marketing Officer, Mellanox Technologies; Rick Calle, Head of Business Development, Microsoft AI Research/M12; Sreelakshmi Sarva, Head of Product Strategy, NetFoundry
Christensen defined and located edge computing in the datacentre. He talked about the importance of edge computing – it’s here now, eg LTE and mobile – but what’s new with 5G is that it will be a requirement because of the latency gains 5G will bring. Ie you won’t have to go to the core but go directly to the Internet for access to data. Applications include cloud-based gaming, vehicle to vehicle comms, smart cities, buildings, homes and workplaces.
Panellists introduced themselves and gave use cases for edge computing. SS: saw security as a key application. Use cases include biz automation for IoT devices, IoT generally driving edge adoption. KD: human visual system is inspiration for edge computing – it’s pre-processing data before it gets to the brain – detects motions, bi-lateral symmetry. Same as in IoT: self-driving cars accumulate a massive amount of data which the car processes, compresses it and only sends the useful stuff.
Calle said a retail store wants to understand what’s happening in their stores but cameras break privacy. How to detect activity and measure it? Then how to get a device to capture and store that? Use case: diseased crops: one company uses drones to fly autonomously to capture this data.
The panel then discussed the challenges relating to edge devices, security issues and trust.
Christensen asked who owns and manages the edge? Calle said it was hard to say, depends. Deierling said: “We do – us consumers.”
Conference Round-Up – Analyst reflections & predictions for the future
Led by: Jeremiah Caron,
Panellists: Brad Casemore, Research VP, Datacenter Networks, IDC; Scott Raynovich, Principal Analyst, Futuriom; Vikram Phatak, Founder, NSS Labs; Erin Dunne, Director of Research Services, Vertical Systems Group
Caron did a quick round-up of the sessions and what we learned. Dunne said the house-buying cash scam happened to me. Phatak said we haven’t hit rock bottom (re security), there’s more and worst things to come, but quantum computing is starting to become interesting. Security was a recurring theme. Casemore said infrastructure transformation is key to the future of businesses.