Axonius was chosen as this year's winner. The company's CMO, Nathan Burke, represented Axionus on stage, and he characterized the problem they solved as "unsexy," or, as one of the selectors put it during questioning, "yesterday's problem." Unglamorous and all too familiar, Burke nonetheless made a plea for addressing it, calling the challenge of asset management "a big, nagging problem that's only getting worse." It's a familiar CISO pain point, and Axionus seeks to approach it in a way that enables its customers to adopt its solution without replacing their existing investments in security tools. As the selection panel summed it up in their explanation of their choice, Axionus solves a problem that's been around for decades, and it's interesting because of the pain enterprise security managers experience from "never having a straight answer about their assets."
As he has for several years, Dr. Hugh Thompson emceed the proceedings. A preliminary discussion between Thompson and one of the judges, RSA veteran Niloofar Razi Howe, summarized the themes that drew the judges to the ten finalists: hybrid cloud, asset discovery, container security, API security, and privacy. That's as good a list of the high-profile topics that seem to be engaging participants at RSAC 2019 as any.
The criteria the judges applied during their deliberations came down to these. They looked at the problem a candidate company sought to solve, and for whom. They assessed the originality and soundness of the company's approach. They looked at its go-to-market strategy, and the company's probable impact and reach. The quality of the candidate's leadership team was an important aspect of the judges' evaluation. And, significantly, the judges looked at market validation.
A follow-on program, RSAC's first Launch Pad for three innovative companies, will be held this afternoon.
By the CyberWire staff
India used “offensive measures” to counter hackers from Pakistan who attacked more than 90 Indian government websites in the hours after the Pulwama suicide attack last month, senior security officials told the Hindustan Times. The officials didn't give details on the operation or disclose which agency was behind it, but a cybersecurity adviser to the government said the counterattacks "did help India get a grip of the situation." Times Now points out that Indian hacktivists attacked more that 200 Pakistan Government websites in the days following the Pulwama attack, though it's unclear if this campaign was related to the government's operation.
FireEye published details on the Chinese cyberespionage actor they call "APT40." The group targets the engineering, transportation, and defense industries, as well as universities, in search of maritime technologies that could be used to build up China's naval capabilities. APT40 has also been observed influencing elections in support of China's Belt and Road Initiative.
Facebook is again facing criticism after users realized that the phone number they provided for two-factor authentication could be used to look up their profiles. Users can’t opt out of this feature, as TechCrunch notes. Facebook’s former CSO Alex Stamos tweeted that “this isn’t a mistake now, this is clearly an intentional product choice.”
Researchers from Google’s Project Zero publicly disclosed a zero-day privilege-escalation vulnerability in macOS, after Apple missed Google's 90-day deadline to release a patch. The vulnerability is serious, but it's difficult to exploit and depends on malware already running on the system.
Today's issue includes events affecting Australia, China, European Union, France, India, Israel, Pakistan, Russia, United Kingdom, United States.
What if you could augment your security team by adding zero staff?
Cylance’s industry-leading security experts analyze your cybersecurity requirements and design solutions that meet and often far exceed objectives. Cylance secures our clients quickly using years of hard-won expertise, and world class artificial intelligence. Let Cylance help you achieve a state of ThreatZero, bolster your organization’s security posture, and zero in on what really matters.
XM Cyber is coming to RSA(San Francisco, California, United States, March 4 - 8, 2019) Visit XM Cyber at the Innovation City, Booth IC2233, to experience the first fully automated APT simulation platform to Simulate, validate and remediate every hacker’s path to organizational critical assets.
OSSEC Con2019(Herndon, Virginia, United States, March 20 - 21, 2019) OSSEC Con2019, “The Future of OSSEC: Security and Compliance for Cloud, On-Premise and Hybrid Environments” will take place March 20-21 in Herndon, VA. Join OSSEC users to share best practices and use cases with plenty of peer-to-peer networking.
Indo-Pak tensions play out in cyberspace, websites hit(Hindustan Times) After successive waves of attacks were thwarted, the government advised all departments to not violate “Standard Operating Procedures” and be on the alert. The exact nature and extent of India’s offensive operation, and the agencies behind this aren’t known.
Eyeing Russia, EU Girds for Cyberthreats to Parliament Vote(SecurityWeek) With campaigning for May's European Parliament elections shifting into high gear, security officials are preparing for potential attempts by Russia-linked hackers to sway the vote -- and potentially deepen divisions in the bloc.
Hackers Sell Access to Bait-and-Switch Empire(KrebsOnSecurity) Cybercriminals are auctioning off access to customer information stolen from an online data broker behind a dizzying array of bait-and-switch Web sites that sell access to a vast range of data on U.S. consumers
Vulnerability Summary for the Week of February 25, 2019(US-CERT) The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Attack traffic up 32 percent in 2018(BetaNews) Levels of attack traffic observed by F-Secure's network of decoy honeypots in 2018 increased by 32 percent over the previous year, and increased fourfold in the latter half of 2018 compared with the first half of the year.
Comcast Buys AI Cybersecurity Firm BluVector(PYMNTS.com) Comcast announced Monday (March 4) that it has acquired BluVector, a company that uses advanced artificial intelligence and machine learning to provide cybersecurity protection to companies and government agencies.
Juniper to pay over $400M to buy ex-Cisco execs' Cupertino startup(Silicon Valley Business Journal) Mist Systems CEO Sujai Hajela (left) and CTO Bob Friday (right) co-founded the wireless networking business with fellow Cisco Systems veteran Brett Galloway in 2014. Their Cupertino business is being acquired by Juniper Networks for $405 million.
How you can protect your business from a cyber attack(Baltimore Post-Examiner) If you ran a shop on the high street, there would be certain security measures you would never go without. You would have a metal shutter to protect the doors and windows when you left work, you would only give […]
Why CISOs must get better at connecting to the rest of the company(CyberScoop) Corporate security experts need to emerge from behind their physical cubicles and their digital firewalls to ensure that new technologies don’t create new vulnerabilities that could threaten their jobs, according to two executive-focused panels Monday at the RSA cybersecurity conference in San Francisco.
The Challenges of Implementing Next-Generation IAM(BankInfoSecurity) Identity and access management is more complicated when organizations rely on a cloud infrastructure, says Brandon Swafford, CISO at Waterbury, Connecticut-based Webster Bank, which is implementing a new IAM system.
Data Privacy & Employee Monitoring(IT Security Central - Teramind Blog) How to ensure insider threat prevention with a privacy-friendly business culture Today’s technology landscape is undoubtedly powered by data. It’s the lifeblood of the digital ecosystem, making it at once...
Design and Innovation
Is a Facebookcoin in the works?(Naked Security) Facebook, Signal and Telegram are all planning cryptocurrencies. But why these companies, why now, and will they be successful?
US is plotting to cripple us, warns Russian general(Times) Russia must increasingly threaten its enemies in the West or risk being attacked by the United States, according to President Putin’s military chief. Valery Gerasimov, chief of the general staff of...
California Privacy Legislation Update(Cooley) With the promulgation of the California Consumer Privacy Act of 2018 (“CCPA”), California has continued its role in pushing bleeding edge privacy and data security legislation. From the first data…
The Criminal Element Gets Its Due(SC Media) Attribution is difficult and sometimes it seems that cybercriminals are beyond the long arm of the law. But hackers – some even foreign nationals – were increasingly brought to justice on both sides of the Atlantic in 2018 for various cybercrimes.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
National Cyber League Spring Season(Various, February 25 - March 24, 2019) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...
RSA 2019(San Francisco, California, USA, March 4 - 8, 2019) This year’s theme is, to put it simply, Better. Which means working hard to find better solutions. Making better connections with peers from around the world. And keeping the digital world safe so everyone...
U.S. Commercial Service at RSAC2019(San Francisco, California, USA, March 4 - 8, 2019) In partnership with RSA Conference 2019, we at the U.S. Department of Commerce are excited to offer U.S. exhibitors at RSAC 2019 services to assist in entering or increasing their presence in international...
FAIR Institute Breakfast Meeting during the 2019 RSA Conference(San Francisco, California, USA, March 6, 2019) Join us and fellow cyber risk executives to learn from other industry leaders about their experiences: Marta Palanques, Director, Enterprise Risk Management and Steve Reznik, Director, Operational Risk...
Zero Day Con(Dublin, Ireland, March 7, 2019) On March 7 2019, Zero Day Con will bring together leading technology firms, industry experts and government officials that will share insights for cybersecurity professionals grappling with the rise of...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.