The 2019 RSA conference is taking place this week in San Francisco. While the event is focused on security, there's usually some news that's interesting to EUC folks, too. Since I live in San Francisco, I also like to use it to set up a bunch of meetings and walk the expo hall learning about new products. This article is my running notebook of EUC news and conversations from the show.
As mentioned back in the Friday Notebook, Lookout kicked off the RSA 2019 news by announcing the Post-Perimeter Security Alliance, with Google Cloud, BlackBerry, Okta, SentinelOne, and VMware as the initial members. Post-perimeter security, a.k.a. zero trust or conditional access, is the most important concept to emerge in years (you’ll be heading about it a lot at RSA) and Lookout has had integrations with EMM and identity vendors for years. What’s new here? I spoke to Lookout’s chief product officer, Santosh Krishnan. He said that the goal isn’t just marketing and integration partnerships, rather it’s an interoperability forum. For now, the idea is that if you use a combination of these vendors, they should be able to work together to enable you to implement PPS/zero trust/conditional access concepts with their joint solutions.
Last Thursday, Microsoft announced Azure Sentinel, a cloud-native SIEM, as well as Microsoft Threat Experts, a wetware service where Microsoft’s security staff will help watch over your environment, all integrated through Microsoft 365. As EUC folks, SIEM always fell outside of our area, but efforts like Citrix Analytics, Workspace ONE Intelligence, and Microsoft Intelligent Security Graph are pulling similar-sounding functional into the EUC realm. For now, we’re putting down a note to learn more about how Sentinel, legacy SIEMs, and new EUC analytics platforms differ, so we can put together a good explainer article.
Two security vendor funding announces caught our attention, so we’ll be sure to seek them out at the show:
We’ve been a fan of secure browser services like Ericom Shield for a while (most recently I spoke to Ericom’s new CEO, David Canellos). On Monday at RSA, Ericom announced new phishing protection features in Shield. It sounds like it’s based around URL filtering, and it includes a “read only” mode, which I like the sound of. We’ll update once we get a demo.
Microsoft’s second round of announcements for RSA again didn’t happen to have anything that’s extremely focused on EUC, with the exception of a mention of Microsoft Cloud App Security enabling some new conditional access policies. (Really, this is about how many security-related product announcements Microsoft makes in any other given week—it just happens to be RSA week.
Verizon has released its Mobile Security Index 2019. Verizon’s security reports are well-respected and often cited, so we’ve been looking forward to this. We have interviews scheduled with Verizon and some of the contributors, but for now, we had a few first impressions. The introduction is certainly attention-grabbing (emphasis mine):
“Something missing from [all the security headlines from the last year] was a compromise directly attributed to the vulnerability of a mobile device. Yet we found that the number of companies admitting that they’d suffered a compromise in which a mobile device played a role went up—from 27% in the 2018 report to 33% this time around. So, where’s the disconnect?”
“The answer lies in how little is normally made public about major incidents. We learn about the consequences—for example, how many thousands of social security numbers or what secrets were exposed—but not the details of how it happened. Often, attacks will start with phishing, getting an unsuspecting user to click on a malicious link. But that part of the story rarely makes it into print, never mind whether it was actually a tap on a mobile screen rather than the click of a mouse. You could say that none of the biggest breaches have been publicly attributed to mobile vulnerabilities; but a mobile element hasn’t been ruled out either.”
These numbers are from a survey, which was targeted at mobile procurement, management, and security professionals. Just under half of survey the respondents have rolled out or plan to deploy mobile threat defense, and only slightly more (but still under 50%) said that they had rolled out unified endpoint management (i.e. EMM or MDM). Given the demographics, I would have expected more companies to have rolled out UEM or EMM already. And assuming that MTD adoption generally comes later on, I was surprised that the numbers were so close. Again, we’ll be talking to the report authors, so we’ll ask what they think of this. The report also include some metrics from Lookout, Wandera, MobileIron, and IBM MaaS360. (We saw some of these metrics in our own series of mobile threat articles.)
While touring the show, I happened on the Zimperium booth (we recently featured them in our mobile threat defense series) and I appreciated their clever marketing message, which implored security experts to think of mobile devices as full-fledged endpoints:
I also happened upon Garrison, makers of a hardware-based secure remote browsing solution, which we covered last year.
Here’s the inside of @garrison_tech’s secure browser appliance that @rhbBSE wrote about last year! Each one of those chip pairs does an isolated browsing session (the heat sinks are there to hid the chip model) and there are 288 pairs in the 3u box pic.twitter.com/5KoOxb7jLY— Jack Madden (@jackmadden) March 5, 2019
We've liked the sound of VMware AppDefense ever since we heard of it at VMworld 2017. Via the hypervisor, it monitors your VMs, learning their known-good behavior, and then looks for deviations indicating possible security issues. Now they're using it for something they're calling the VMware Service-defined Firewall, which uses the concept to protect communication between apps inside your datacenter, not just your perimeter. This may be outside of EUC, but it sure is interesting.