Blog TruSTAR Industry Talks: Securing the Perimeter with Twilio, One Identity, Infoblox

TruSTAR Industry Talks: Securing the Perimeter with Twilio, One Identity, Infoblox

At RSA 2018, TruSTAR co-founder Patrick Coughlin had the opportunity to moderate a series of panels in partnership with The Wall Street Journal and Highwire PR.  This is Part 1 of a 5-Part series highlighting these discussions.

As endpoint data collection methods continue to expand, securing the perimeter has become increasingly challenging. Security problems bleed into big data problems, and as an IT admin it can be hard to keep up.

TruSTAR convened a panel with thought leaders Simon Thorpe, Director of Product & Account Security at Twilio, Jackson Shaw, Vice President of Product Management at One Identity, Scott Register, VP of Security at Keysight and Brad Bell, CIO of Infoblox to discuss.

The following is an excerpt from their conversation. Full video below.

Patrick Coughlin, TruSTAR: How do you see attackers evolving their tactics, techniques, and procedures (TTPs) to take advantage of the fact that the perimeter has moved or dissipated?

Simon Thorpe, Twilio: Attackers are very advanced -- not just technologically. They are way ahead on social engineering and speed. If a particular zero-day pops up, your team is immediately inundated. Even the big tech companies are getting hammered with zero-day vulnerabilities and can’t move quickly enough because of their size. We tend to group hackers together as one common adversary, but they’re huge and diverse groups of well-funded organizations making billions of dollars off the weaknesses of the designs of the internet.

If you look at HTTP protocols or other application protocols, authentication is always an afterthought. We need to authenticate a user but we’re still using passwords for the vast majority of authentication. Biometrics and facial recognition is a modern solution we’re beginning to see more often. Has the new iPhone solved it? Well, all it’s doing is storing a locally made password. It’s not using a true biometric authentication because it’s local to the device.

Patrick Coughlin, TruSTAR: So how do we kill off the password?

Brad Bell, Infoblox: If you look at biometric information, there’s a digitization, whether a fingerprint or facial recognition or retinal scan. It’s stored somewhere but it’s much harder to change than a password or certificate. It falls on the boundary between what’s convenient and secure.



Why Automated Data Workflows are a Foundational Capability for Enterprise SOCs SOAR technologies and the adoption of orchestration have fundamentally changed the way we think about cybersecurity, and we’re all better for it. ... Read More
Black Hat 2019 Recap: Strategies for Understanding Your Attacker   Read More
CSA Security Update Podcast: TruSTAR CEO Paul Kurtz on the Value of Information Sharing on Threat Intelligence   TruSTAR’s CEO and co-founder Paul Kurtz recently appeared on Cloud Security Alliance’s podcast, CSA Security Update, and sat down with podcast host ... Read More
TruSTAR Sits Down With the Shape Security's Director of Engineering to Discuss Fraud & Account Takeover Trends The TruSTAR team recently had the opportunity to sit down with Jarrod Overson, the Director of Engineering at Shape Security. Jarrod, an expert in ... Read More