NEW YORK CITY. When attendance at an annual conference jumps from 300 to 1,000 in a year, something’s going on – and in the case of the Carbon Black cybersecurity gathering, that can be boiled down to increasingly sophisticated expectations from consumers of cyber products, signs of important progress and evolving big-picture goals in this policy space.
Those themes were offered and explored in the four individual keynote speeches at the Oct. 10-11 conference here, and were reinforced by panel discussions and hallway conversations.
Carbon Black CEO Patrick Morley kicked things off, highlighting the dramatic attendance jump as well as the messages his security firm was hearing from customers. They want more automation, more value from data and help moving safely to the cloud, he said. At a recent board meeting, Morley shared, the message was “cloud, cloud, cloud.”
Carbon Black’s big announcement at the conference was the unveiling of the “Cb Threat Hunter” service, which he said would “transform security through Big Data and analytics in the cloud.”
Carbon Black’s Paul Morville explained in an interview that the tool is designed “to bring unfiltered data to bear so organizations can do individual threat hunting,” including the ability to “instantly query whether an anomaly is anywhere else in my environment.”
The service is designed to be “accessible to a broader class of customers” beyond the “high-end market” that initially formed for such products, he said, adding, “It’s for anyone with a SOC [security operations center] really.”
Jimmy Sanders, head of security for NetFlix DVD, took the stage to impart that security firms need to answer customers’ “3 a.m. Saturday problem” – fixing a problem at the most awkward times with the most relative ease – and their “coffee shop problem,” or ensuring “similar levels of protection for my employees working out of a coffee shop or at the airport.”
He called “automation through open API [application programming interface] the key.”
IBM Security vice president of strategy and design Kevin Skapinetz closed the Wednesday session by shifting from the dark clouds over the internet to the “fantastic progress” that has been made in recent years.
“Our brains are wired to react to bad news more quickly than to good news, we’re slow to see positive developments,” he said.
But cybersecurity progress is real, he said, noting increasingly common practices like least-privilege access, default encryption, and multi-factor authentication, as well as much more intense focus on cybersecurity at the corporate board level and “intelligence-driven rather than compliance-driven” approaches to cyber.
“Just look at the features in your smart phone” for signs of progress, Skapinetz said.
To keep this progress going, Skapinetz said, the cyber community must use “force multipliers” like “augmented intelligence,” automation and “security orchestration,” such as preparing “dynamic incident response playbooks” – and practicing.
“Nobody ever learned to swim by watching YouTube,” he said.
On Oct. 11, after a full day of panels, Frank Abagnale wrapped things up with the final keynote.
His story is the basis for the film “Catch me if you can,” and a subsequent play and musical, heady stuff for a kid who ran away from home in Bronxville, NY, in 1964 and traveled the world living the high life thanks to a pre-cyber version of identity fraud. He’s been an advisor to the FBI since getting out of federal prison some four decades ago.
His message was twofold: Young people are not being taught ethics, and the absence of an “ethical foundation” shows up in costly and dangerous ways in the anonymous digital world. He has started a training camp in computer ethics for young people.
And, he concluded, “The one thing I want to accomplish: Eliminate passwords! Passwords are for treehouses.”
Next year’s Carbon Black “Connect” conference will be in San Diego in the spring, and should provide an opportunity to assess whether and how these trends have accelerated or evolved.
There won’t be final answers, but there should be signs, perhaps, that tools and services are matching businesses’ cyber needs, that inch-by-inch advances are being made in the unceasing digital war, and that government and private-sector policymakers are effectively engaging on the big-picture questions around cybersecurity. – Charlie Mitchell (cmitchell@iwpnews.com)