At RSA 2018, TruSTAR co-founder Patrick Coughlin had the opportunity to moderate a series of panels in partnership with The Wall Street Journal and Highwire PR. This is Part 1 of a 5-Part series highlighting these discussions.
As endpoint data collection methods continue to expand, securing the perimeter has become increasingly challenging. Security problems bleed into big data problems, and as an IT admin it can be hard to keep up.
TruSTAR convened a panel with thought leaders Simon Thorpe, Director of Product & Account Security at Twilio, Jackson Shaw, Vice President of Product Management at One Identity, Scott Register, VP of Security at Keysight and Brad Bell, CIO of Infoblox to discuss.
The following is an excerpt from their conversation. Full video below.
Patrick Coughlin, TruSTAR: How do you see attackers evolving their tactics, techniques, and procedures (TTPs) to take advantage of the fact that the perimeter has moved or dissipated?
Simon Thorpe, Twilio: Attackers are very advanced -- not just technologically. They are way ahead on social engineering and speed. If a particular zero-day pops up, your team is immediately inundated. Even the big tech companies are getting hammered with zero-day vulnerabilities and can’t move quickly enough because of their size. We tend to group hackers together as one common adversary, but they’re huge and diverse groups of well-funded organizations making billions of dollars off the weaknesses of the designs of the internet.
If you look at HTTP protocols or other application protocols, authentication is always an afterthought. We need to authenticate a user but we’re still using passwords for the vast majority of authentication. Biometrics and facial recognition is a modern solution we’re beginning to see more often. Has the new iPhone solved it? Well, all it’s doing is storing a locally made password. It’s not using a true biometric authentication because it’s local to the device.
Patrick Coughlin, TruSTAR: So how do we kill off the password?
Brad Bell, Infoblox: If you look at biometric information, there’s a digitization, whether a fingerprint or facial recognition or retinal scan. It’s stored somewhere but it’s much harder to change than a password or certificate. It falls on the boundary between what’s convenient and secure.