Black Hat USA 2017
Last month I traveled to Las Vegas to meet with some colleagues and analysts that attended Black Hat USA 2017, the world’s leading information security event.
The main conference focused on the latest information security risks, sharing ground breaking research, open-source tools, and zero-day exploits. This year, the Keynote speech by Alex Stamos, CSO of Facebook, addressed the need to re-focus the security community on defense.
A few trends started to develop across the conversations I was having. These trends echoed the themes and briefing topics surrounding Black Hat. I noticed that “machine learning” and “artificial intelligence” continue to be the terms required for full buzzword compliance this year. This has largely replaced “big data” as the marketing phrase on the back of every booth. Machine learning, a theory in artificial intelligence, involves the creation of algorithms to make predictions based on data. This goes along with the overall shift in the security community from discovering vulnerabilities to focusing on defensive security research.
I noticed almost all the vendor solutions require the customer to have a Security Operations Center (SOC) staffed by an experienced team. This decreases their value to the vast majority of small to medium businesses, which make up the bulk of the economy. Most detection and response-based solutions depend on very knowledgeable operators to deliver value. Vendors told me that when they sell to smaller businesses, the customer almost always stops using the product after a year or so because they see no benefit.
There seems to be broad agreement across the industry that we need to stop shaming and blaming users for breaches. If a single accidental click can lead to total compromise, that is a failure of the security design, not the user. There are even fairly effective tools to solve this problem, but they are not widely used. Awareness of the need for user-resistant security design is growing, and we are seeing some practical tools deployed based on that philosophy. We are starting to do a better job at protecting the computer against human mistakes. However, we are much further from preventing humans from being tricked into handing over the keys to the kingdom. Upgrades to that part of the system will take many millennia, so we need to focus on workarounds.
This is where Passages differs from other products. It neither requires a fully staffed NOC to provide effective protection, nor does it expect perfect OPSEC from its users. Passages security works by passively preventing infections of the user’s computer. Malware is trapped within an isolated virtual machine , which is then destroyed completely. Even undetected malware is eliminated. All internet traffic is isolated from the local network using a VPN terminating outside the perimeter. Simultaneously, any malicious files are quarantined and destroyed, eliminating the possibility of accidental or drive-by downloads. Even if a user clicks on a link that delivers malware , the computer is protected. Because the protection is automatic, it works without any need for trained security professionals to use and monitor it. With Passages, users can conduct their online operations with confidence.