This year’s Black Hat® conference is right around the corner. Now, amazingly, in its 20th year, Black Hat is one of the world’s top gathering of information security professionals. Friends in the industry refer to this as “Security Summer Camp” and it’s true, between the training, briefings, arsenal, and business hall, Black Hat is chocked full of the latest information security trends.
We were pleased to be interviewed for the Black Hat newsletter about our focus on securing the hybrid cloud and our theme for this year’s show.
Q1. What are some of the unique security challenges that enterprises face in implementing and managing a hybrid-cloud environment?
When adopting a hybrid-cloud strategy, the first challenge for an enterprise is inevitably tooling. Organizations have always been used to hardware compensating controls, like firewall and IPS, at the perimeter of their datacenter. Even some software based security can be challenged by the diversity and pace of change in the cloud. Tools often don’t account for the diversity and rapid update of Linux-based operating systems, or agile features like auto scaling.
Once they overcome this challenge and adopt cloud friendly tools, the perennial issue of security skills shortage still stands in the way. There are often too many tools, too few skilled resources and not enough budget to meet the complex compliance, identity, and data protection requirements that come from adopting a hybrid environment.
The other challenge comes from a rather unexpected place… procurement. Organizations move to the cloud partially for the agility and shift to an OpEx model. Too often, security is still stuck in the past, failing to provide options that fit the swift movements of a modern cloud environment. Today’s savvy security buyer expects per-hour, zero-commitment options that allow them to burst and vary the number of workloads every hour.
Ultimately adopting a hybrid environment can mean reevaluating organizational structures, policies, procedures and how security is integrated into the fabric of a deployment. This challenge presents an incredible opportunity to innovate, streamline and reduce the overall cost of securing modern hybrid environments.
Q2. How does Trend Micro help address some of these challenges? What do you see as the fundamental value add that Trend Micro brings in this space?
Trend Micro has always been at the forefront of technology and infrastructure change. We saw the rise of virtualization and were the first to offer agentless security for virtual environments. We anticipated the development of the cloud and invested heavily very early in the birth of public cloud.
Now hybrid environments are the new normal. Most organizations have not just one cloud provider, but a set of trusted cloud providers in addition to on premise resources that form an overall cloud of clouds. This unified cloud needs a unified approach to security in order to reap its true benefits.
Trend Micro offers tools designed to meet the complex security and compliance requirements of these environments and treat a diverse hybrid environment as a single entity. This means a consistent policy and unilateral visibility across the hybrid cloud, from a tool designed to fit platforms like a glove.
What we uniquely offer this space is a single security control with a cross-generational blend of threat defense techniques. Our solutions, powered by XGen™ security, apply the right security controls based on the context of the environment. Most importantly, we ensure the tools fit cloud environments by offering per-hour pricing with no commitment, full automation and the broadest coverage for cloud environments.
We recognize the industry-wide shortage of skills and have designed our solutions to operate with minimal time spend configuring and monitoring. Automation is critical to overcoming the challenges of skill shortage and put the focus back on proactive security (rather than reactive, detect only security). After all, a customer once told me “I don’t want to be told when I have been breached, I never want to be breached in the first place!”
Q3. Trend Micro has often used Black Hat as a platform for highlighting trends, discussing new threats or demonstrating various things. As a Platinum Sponsor at Black Hat USA 2017, what do you expect your main focus to be at the event?
The information security field is fast paced! Our research has shown that there are now 500K new unique threats are created every day to get at valuable information! What may be surprising is that 90 percent of malware variants only impact a single device. There are more network-facing vulnerabilities than ever and attacks, like the recent Struts 2 flaw, cause a high impact on servers worldwide. Unfortunately, the user is often the weakest point in any organization with 74 percent of attacks begin with a simple phishing email. According to Verizon, it only takes 60 seconds from the time of successful phishing attempt to encrypt endpoints with ransomware – creating a major productivity hit for any organization, big or small, around the globe. That is just the threats today…
When it comes to emerging threats, our international team of researchers predicts an increase in challenges with API’s being compromised for command and control, and a growing trend in threats to IoT and ISC/SCADA. No matter if it is smart homes, smart factories, smart cities or smart vehicles, as more devices are connected, security becomes more critical to organizational success than ever. With a strategy that is all about anticipating and adapting to the evolving IT and threat landscape, Trend Micro is in a unique position to protect against these threats before they reach your business.
At the show, our focus will be on our XGen™ security, a new class of security software that addresses the full range of ever-changing threats—now and in the future. We believe that there is no silver bullet when it comes to protecting your organization, so XGen™ security delivers a cross-generational blend of threat defense techniques that includes high fidelity machine learning, app control, behavioral analysis and custom sandboxing, and intelligently applies the right technique at the right time. Also, instead of using separate, siloed security solutions that lack essential information sharing, XGen™ security provides a connected threat defense with centralized visibility that can protect your organization from unseen threats. We introduce this concept with a fun new theme.
Our show theme this is out of this world…literally. We take our visitors on a trip through deep space, using metaphors to show how a blend of security controls is the answer to creating a strong information security practice.
Find out more at www.trendmicro.com
If you have questions or comments, please post them below or follow me on Twitter: @justin_foster.
Interview reprinted with permission from https://www.blackhat.com/sponsor-interview/