You could tell by the din that the RSA Conference in San Francisco this week is the largest enterprise IT security confab in the world. The fact that several prominent breaches over the last year have shaken the C-suite out of its ostrichlike complacency clearly turned the volume up on this show all the way to eleven. So now money seems to be flowing into IT security like never before, adding to the commotion.
The big question: with all this security gear from the many hundreds of vendors exhibiting at the conference, each trying to get their message heard above the clamor, why do the hackers appear to be winning? Clearly, tools aren’t enough – even when they’re arguably better than ever.
Regardless, the RSA Conference is largely about the tools and technologies – where each tool addresses some corner of the security sphere. Here are my picks for some of the most interesting (in alphabetical order, so as not to play favorites). Are they sufficient? You be the judge.
CA Technologies – As the largest vendor on this list, CA Technologies was predictably showing off a number of security products. The one tool that caught my eye is their secure API management tool, which joined the CA family through the 2013 Layer 7 Technologies acquisition. Today, this product has moved well beyond its XML appliance roots to a user-friendly tool for handing all the security around APIs, so that developers don’t have to worry about the nuts and bolts when publishing their software interfaces.
Certes Networks – Once hackers penetrate a corporate network, they typically sneak around from place to place, seeking further vulnerabilities until they happen upon their goal, which is typically data they’d like to steal. Certes Networks aims to slow down this behavior by leveraging sophisticated encryption to compartmentalize the network. Different segments of the LAN or WAN have separate keys, preventing hackers from moving around easily.
Contrast Security – Contrast Security takes a page out of the agent-oriented playbook of Application Intelligence vendors like AppDynamics and New Relic, leveraging agents scattered about the network to identify vulnerability patterns in code. Customers primarily use contrast security for development and test environments that leverage Java, .Net, and Adobe Systems Cold Fusion languages, but the technology also works in the production environment. The Contrast Security plugin for Eclipse will alert developers when they introduce vulnerabilities that might allow common attacks like SQL injection, thus preventing those vulnerabilities from reaching the production environment in the first place.
CrowdStrike – CrowdStrike is one of a handful of vendors who seek to detect adversaries once they’re already on your network by uncovering indicators of attack (IOA) and indicators of compromise (IOC). These indicators are essentially breadcrumbs that hackers leave behind as they probe for vulnerabilities. The trick to detecting them is that individually they may not raise red flags, so tools like CrowdStrike must look for suspicious patterns – at least until the hackers figure out how to avoid leaving breadcrumbs.
Dispersive Technologies – Fresh on the heels of its distributed network technology (a subject of a previous Forbes article), Dispersive Technologies has taken the same idea to storage. Their technology can take any file and slice and dice it in such a way that hackers would find it nearly impossible to reassemble the bits – even if the file wasn’t encrypted beforehand. In addition, Dispersive can move the pieces around automatically, looking for the best performance while making it even harder on the hackers.
FireHost – When you use a public cloud like Amazon Web Services from Amazon.com, they leave the security up to you. Sure, they have plenty of security capabilities you can use, but it’s up to the customer to know how to configure and manage them – a task many companies as well as government agencies struggle with. FireHost solves this problem by offering a secure cloud environment. They proactively handle security so that their customers don’t have to maintain the expertise on staff, and FireHost also works directly with customers to make sure the applications they put in the FireHost cloud follow security best practices.
Good Technology – Good Technology is an established firm with a number of products, but the one they announced at the conference was technology that leverages security features built into current Android devices. Apparently Google has worked with the handset chip manufacturers to implement a trusted execution environment in each device. Good leverages this environment to handle authentication and key management for apps running on the main environment – preventing keystroke loggers from capturing your phone login password, for example.
Hypori – Hypori solves the “no sensitive data on the phone” problem in spectacular fashion with a fully thin client version of Android. Similar to Virtual Desktop Infrastructure (VDI) technology, Hypori’s Virtual Mobile Infrastructure allows both iPhone and Android phone users to access secure apps, files, and data running on Android on the server as though they were local. Conventional wisdom says that such remote virtualization would be far too slow to be practical, but Hypori has mostly cracked that nut (for 4G and faster, anyway – performance is poky on 3G). The other issue with VMI is dropped connections – true, the Hypori interface will stop working when there’s no connectivity, but their server manages all state, so users can pick up where they left off when connectivity is restored. iPhone users may not be happy with Android on their phones, however – so Hypori isn’t for everyone.
iboss – Essentially, iboss has built a “better mousetrap” for anomaly detection and auto-containment. Similar to CrowdStrike, iboss looks for suspicious behavior on the network. If it finds signs of a hacker, it snaps like a mousetrap – catching the hacker in the act before they can do further damage. As the shrewdest hackers use zero day (previously unknown) vulnerabilities, iboss’s fast response causes the bad guys to burn their zero days – a clear deterrent, as zero days are valuable and can only be used once.
Mocana – While it may be preferable to build mobile apps with security built in, many apps already out in the wild lack this basic capability. Mocana steps in and wraps existing mobile apps, adding security to code where it was absent before. They combine this application wrapping capability with a hardware virtual private network (VPN) appliance into a secure mobile platform that SAP is eying as a critical component of their mobile strategy.
Buy all these tools (and any others that catch your eye), and will you be able to keep the hackers out or stop them in their tracks? Perhaps, but who’s to say if there’s still a weakness – a blind spot that the tools don’t cover. Remember, the bad guys are looking for weaknesses, and they only need to find one. The good guys, in contrast, must lock every door and window – and even then, locks are more of a deterrent than an impenetrable barrier. It’s a wonder the hackers haven’t already won this war.
Intellyx advises companies on their digital transformation initiatives and helps vendors communicate their agility stories. As of the time of writing, AppDynamics, CA Technologies, and Dispersive Technologies are Intellyx customers. None of the other organizations mentioned in this article are Intellyx customers. Image credit: Davide Restivo.
This article was written by Jason Bloomberg from Forbes and was legally licensed through the NewsCred publisher network.