There are six categories: covering both start-up and established companies in three fields: Cloud/Datacenter, Internet of Things (IoT) and Cybersecurity. The awards will be presented at a prestigious gala dinner on Thursday 3rd October 2019 at the NetEvents Global IT Summit in California, USA. All award entry fees are being donated to three charities: Prostate Cancer Research, STEM and UNICEF. To date these awards have generated over $110,000 for charity.
For each of the Hot Start Up award categories, two finalists have been announced to go “head to head” as follows:
These Hot Start-up finalists will give a short elevator-pitch presentation in true ‘Shark Tank’ style to a judging panel of tech industry Venture Capitalists, and in front of the Summit’s entire audience of international press and analysts, representing 35+ countries, plus tech and business industry leaders.
For each of the Innovation Leader award categories, three finalists have been announced as follows:
· CyberSecurity: Cylus, Darktrace and Guardicore
· Cloud/Datacentre: Apstra, Luminance Technologies and Mellanox
· IoT: Darktrace, Marlabs Inc and SmartSens Technology
The three InnovationLeader categories will be judged by a panel of leading technology press and industry analysts from around the globe.
These awards spotlight outstanding innovation among today’s most critical technology challenges. The awards will be presented at a prestigious gala dinner on Thursday 3rd October 2019 during the NetEvents Global IT Summit which includes key Technology Press & Analysts representing more than 100 publications across 35+ countries worldwide – as well as tech industry leaders, VCs and technologists. This annual event provides an exceptionally effective opportunity for tech industry leaders and innovators to meet so many of the world’s key technology business press and analysts in a series of scheduled face-to-face sessions over two days – as well as a great way to be informed, to debate and discuss the latest hot topics and breaking tech news.
“Each year we provide this very special opportunity” says Mark Fox, NetEvents CEO. (Pictured above) “Both for the top players in the industry as well as for ambitious, dynamic innovative start-ups – where else can one be seen and heard by so many key industry figures plus the world’s top IT press and analysts?
Add to that NetEvents’ worldwide media partners, and you end up with industry-wide recognition from a massive global audience of C-Level and senior executives, VCs and media gatekeepers”.
Call it alert fatigue. Call it information overload. Call it mind-killing and soul-destroying. The sheer number of alerts coming into a modern security operations center (SOC) can overwhelm even the most dedicated security analysts.
Alerts pour in from many dashboards and security information and event management (SEIM) platforms, with some focused on the network, others on endpoints, some on the firewall and outside-facing servers, and others on critical infrastructure.
And with the vast majority of alerts being (fortunately) false alarms, it can be easy to overlook the real warning signs… which may be subtle indications of malicious reconnaissance or an actual breach.
As SC Magazine’s Greg Masters writes in “Crying wolf: Combatting cybersecurity alert fatigue,” nearly three-quarters of security teams stated they were overwhelmed by the volume of vulnerability maintenance work assigned to them. When security teams were queried about contending with threat alerts, 79% said they were overwhelmed by the volume.
And according to Ryan Francis in “False positives still cause threat alert fatigue,” published in CSO, “The Cisco 2017 Security Capabilities Benchmark Study found that, due to various constraints, organizations can investigate only 56 percent of the security alerts they receive on a given day. Half of the investigated alerts (28 percent) are deemed legitimate; less than half (46 percent) of legitimate alerts are remediated. In addition, 44 percent of security operations managers see more than 5000 security alerts per day.”
What can you do? What must you do? Reinvent the SOC. Business as usual simply can’t cut it. Fortunately, there are companies working on this very challenge. Cylance pioneered the application of artificial intelligence (AI), algorithmic science, and machine learning to prevent the most sophisticated security threats. Demisto’s security operations platform combines security orchestration and incident management with machine learning from analyst activities, and interactive investigation. JASK too applies enhanced AI and machine learning to automate the correlation and analysis of threat alerts.
Other companies like CA Technologies have specialist departments addressing these issues. CA’s SVP Central Software Group, Dr Vinod Peris, points out that data has typically been something to look back on with hindsight: “What we are doing with AI is to be more predictive. We’re looking not just at what you’ve missed as red flags, but alerting you that you’re likely to miss”. In the case of card payment security, they use behavioural analytics to assess the gap between the transaction and expected behaviour and warn the bank.
Neither Demisto nor JASK make alert fatigue their starting point. Their first concern is human resources – the lack of qualified security analysts, and a company’s sheer inability to recruit, retain, and afford them. And of course, keep them from burning out.
“The biggest problem that SOCs are having right now is talent,” says Greg Fitzgerald, Chief Marketing Officer at JASK. “One is recruiting just people. Second of all is having the skillsets to just place in those jobs, and then the third piece is the experience, those that actually know what to do when they find something inside the SOC.”
Demisto’s CEO, Slavik Markovich, agrees. “When you talk with analysts and you see them day in and day out, just handling all those incoming alerts, and going through, like, tens of different tools, it burns them out.”
Markovich continues, “We looked at how analysts are working, and man, they’re not happy. After six months, they’re ready to run away. The average, probably, for an analyst is less than two years. The reason is that, because they’re doing the same thing over and over again. Just, nobody wants to operate like that.”
In addition to the tedium, says Fitzgerald, is the lack of opportunity in many organizations. While there are many analysts, there aren’t many spots for promotions. “What needs to happen is the same thing that would happen in any job, which is they want career advancement.,” he says. “What we are seeing today is that the security operations person who has that initial job, once they get educated to understand both the process and the experience, even with a year or two, quickly leave the company. So, organizations spend a lot of time and effort getting a person up to speed, and then they leave.
The solution there, Fitzgerald says, “Make it so they have an upward career path within where they are so they can get out of the mundane job, and start doing something much more proactive about threat hunting, or actually just seeking resolution to the problem they have, or being a part of an incident response team. It’s much more like the elite staff that any IT and security personnel wants to do.”
Addressing Alert Overload
You’ve got to address alert fatigue. Before enterprises can offer more interesting and challenging projects for security analysts, that fire hose of SEIM notices and log anomalies must be made more manageable – both in quantity and in the ratio of false alerts to real incidents.
In the words of Greg Martin, JASK CEO and Co-Founder we need: “to filter the advanced attacker from all of the noise of automated lower-level cybercrime attacks. This is where the industry is really struggling right now: how do I identify what I should care about versus the malware that I see every Monday?”
Cylance’s Kumad Kalia pointed out that, despite the publicity about sophisticated attack innovations, the more common tactic is simply to overwhelm security with a flood of more basic attacks: “Multiple exploits put together so, even if you detect one, you might not think to look in the other place. Sometimes, one attack will be used to overwhelm some resources to hide another stealthier attack underneath”.
Such automated attacks are best dealt with by automated response: “The future is going to be where AI is at the heart of the solution so that you’re not being overwhelmed by that amount of information, that the AI engine in the prevention tool is doing all that heavy lifting.”
“Technologies for preparing and triaging and responding automatically,” are key for Demisto’s Markovich. “Those technologies orchestrate and automate across hundreds of different security tools, and bring the data, fully prepared and analyzed, to the analyst.”
With that data, the analyst can review the recommendation from the security tool, and either allow automation to continue to handle the incident, or choose human intervention. “Triage would be look at the threat intelligence info about the incident, look at the file properties, maybe detonate the file, do all of those things,” adds Markovich. “Then the analyst says, okay, yeah, I think it’s malicious, and then the response automation should be, okay, eradicate this email, block this end-point, block this IP, and so on and so forth.”
The upshot: The technology takes boring, tedious manual labor out of the equation, and “and just allows the analyst to focus on what he’s good at, which is the decision-making and the actual smart hunting and thinking about security,” says Markovich.
Smarter tools can also help with a key element of triage: choosing which alerts to focus on first. “Analysts are overwhelmed with what they have to see today, and they need some sort of prioritization,” says JASK’s Fitzgerald. “It’s not just what’s important. It’s also where to start. Because an attack or a compromise can be caught at any point in the sequence, and so they need some guidance to say, help me, and that’s what happening.”
AI to the Rescue
Leading cybersecurity companies are leveraging artificial intelligence and machine learning in their next-generation SOC platforms. These technologies will enable automatic filtering of threat reports, allow correlation of alerts across platforms, evaluate the dangers, present recommendations – and lead to automatic remediation.
Machine learning is a key component, because malware moves too fast to allow security systems to be trained after the event. Kumad Kalia gave the example of a Cylance system that had not been updated for two years yet could still detect the latest attack patterns. “That’s a profound demonstration of the efficacy of AI within cybersecurity… our code had never seen these types of software – probably hadn’t even been written in the combinations that were then released for attack – and the software stopped these on machines.”
Where will this go? To a solution that reinvents the SOC, with triage and front-line reporting done in real time by software – not by burned-out humans.
Imagine, says Markovich, a SOC with a single pane of glass where the analyst gets alerts already ordered in a queue. All the alerts are already processed by AI, and are presented with all the context and data needed for a human judgment. “The analyst makes a quick decision, almost like Tinder: Swipe left, swipe right, block or it’s okay.”
The action is then done by the SOC platform, so the entire response is being done automatically. Goodbye, non-stop information overload. Goodbye, mind-numbing and soul-destroying alert triage. Finally, we can cure the alert-fatigue epidemic.
Heather Wright was in San Jose as a guest of NetEvents
Endpoint protection and response vendor Ziften has further extended its relationship with Microsoft, joining the Windows Defender Advanced Threat Protection advanced hunting project.
Ziften will provide analytics and queries so customers can conduct threat hunting for fileless – or zero-footprint – attacks across macOS and Linux platforms, with Ziften integrating with Windows Defender ATP.
Roark Pollock, Ziften SVP of marketing, said the partnership with Microsoft has been a driving force for Texas-based startup in the last six months.
In November 2017 the two companies announced that Ziften’s Zenith security platform had been integrated with Windows Defender ATP to provide a cloud-based single pane of glass view to detect, view, investigate and respond to advanced cyber-attacks across Windows, macOS and Linux endpoints.
Ziften was one of several companies Microsoft teamed up with in November as it seeks to add third party security to its Defender ATP offering.
The two companies co-sell into deals where Microsoft installs its Windows Defeder ATP endpoint on Windows machines, while Ziften installs its software for any Mac or Linux machines.
“The last six months working with Microsoft has been like going on a rocket ship,” Pollock said. “Our business was going well before we got the Microsoft business, but now it’s like being on a rocketship.
“Before the partnership we were slowly looking to expand into Asia and Europe but now it’s happening almost overnight.”
In January, Ziften rolled out a fast-start channel programme to recruit and onboard Microsoft resellers. While Ziften’s traditional partners tended to be smaller, specialist security partners, Microsoft has much bigger partners, selling its entire suite, from Azure to Windows to Office 365. Pollock said Ziften is currently on-boarding ‘a lot’ of those new Microsoft partners.
The fast-start launch was followed in March by the opening of an Australian and New Zealand office, headed by Greg Kieser – ex-Dropbox – as ANZ country manager, based in Sydney.
“The Microsoft team in Australia was by far the first and most aggressive part of the Microsoft sales organisation in picking the partnership up and rolling it out to customers,” Pollock
“We very quickly started going on customer visits with them and they introduced us to distributor Insentra who we’ve signed with.”
As part of Microsoft’s co-sell programme, Microsoft staff receive commission for selling Ziften into joint customers.
Pollock said Microsoft has taken Ziften into very large enterprise deals, which Ziften would previously not have been considered for.
He said more than 50% of Microsoft’s Windows 10 enterprise customers are using Windows Defender, while Gartner has told Ziften Microsoft is the most asked about endpoint detection and response tool by enterprise customers.
“There’s a huge opportunity for Microsoft and Ziften to disrupt the endpoint security space both on the endpoint protection platform side and on the endpoint detection and response (EDR) side, because if customers start adopting what Microsoft is doing… We’ve all heard of Netscape, Lotus Notes, Word Perfect, all of these tools that have been displaced by Microsoft because they have embedded these tools in their operating system.
“There’s an opportunity for the antivirus and EDR space to get disrupted in the same way – that’s one of the big reasons we wanted to work with Microsoft. If they’re going to disrupt this market it’s better to be a partner than one of their competitors.”
Pollock said the two companies solutions are similar architecturally, providing visibility into devices and taking data from the endpoint into the cloud where security intelligence and analytics are applied to discover breaches or threats.
“A lot of detection and response tools today are very much focused on looking at real time data,” Pollock said. “We do that but we also collect that data so you’re not just looking at real time data. We store up to six months of data by default and a lot of customers buy 12-18 months of storage capacity.
“What that means is that once I identify a threat or breach on any device I can go back and see where it came from, how long it has been in the environment, how it got in, where it started and moved to…Having that history enables you to root out where it started and eliminate that whole kill chain and not just an individual instance on an individual device,” he says.