Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Infosec defenders' supply chain is inferior to black hats, says Carbon Black CEO

Cloudy analytics as an experience aggregator to the rescue? Maybe

The security industry’s supply chain is currently inferior to that of its attackers, says Carbon Black CEO Patrick Morley, but he thinks the industry is finding ways to fight back.

In conversation with The Register yesterday, Morley advanced a theory that exploit brokers, malware authors and other bad actors work together. Security vendors, by contrast, tend to work alone.

“We don’t do as good a job, as defenders,” he said. Matters aren’t helped by miscreants increasingly use “living off the land attacks” that require no malware. Instead they find a way in through tools everyone uses – email or browsers – and then seek out software on an endpoint that can do something nasty. That’s often something with known vulnerabilities, like PDF readers, or something like PowerShell that can pull a machine’s strings.

The evil supply chain works well in such scenarios because one player will create the poison web site, another will sell a zero-day to crack whatever’s found on an endpoint and a third will deliver and harvest the cryptocurrency-mining payload.

Happily Morley thinks that the industry is starting to network in useful ways that make all players’ wares more effective.

One way that security vendors are fighting back is with the kind of cloudy aggregation Carbon Black already practices. The company not only monitors its users’ endpoints for odd behaviour but combines data from all its clients so that it can look for patterns that represent attacks. The CEO spoke of being able to detect legitimate and malicious use of PowerShell through such analysis of aggregated experiences.

Another is by facilitating networking opportunities for users. Carbon Black’s conferences now include candid sharing sessions at which clients ‘fess up to their security scares. ServiceNow does something similar but in closed forums.

A third is by integrating with other security vendors. While confident in his own products’ protective powers, Morley admitted that he doesn’t have all the answers and that users will benefit from as much information as possible. That belief is why Carbon Black partners with networking and other security software vendors.

Carbon Black is also adding to its own services. The company is currently beta testing “LiveOps”, a tool Morley said stateful queries of endpoints and enables users to ask “almost any question I want of an endpoint” and another called “CB response”, a detection and response tool.

Asked by The Register if the new services suggest Carbon Black could expand into other fields that can benefit from a large pool of anonymised user data, Morley said that he sees multiple uses for the data Carbon Black collects. “The average user has 70 security products,” he said. If Carbon Black can help them to reduce that count by even five, he sees happy days ahead.

He also said that customers will buy into consolidation of the security industry, because a lot of security products were bought without a strategy. With more organisations hiring chief security officers, Morley believes buyers are now looking for platforms, not products. And he’s aiming to be the former. ®

 

Similar topics

TIP US OFF

Send us news


Other stories you might like