On April 14th 2021, AMTSO held its most recent Testing Town Hall where speakers from Sophos, SecureIQLab, and the Cyber Threat Alliance presented and discussed topics focused on the anti-malware and cybersecurity world. It was an opportunity for member and non-member vendors and testers to engage with the cybersecurity community and gain inside knowledge.
Openness in machine learning
Joshua Saxe, chief scientist at Sophos, argued that security companies should publish the approaches to machine learning that they use in their products. Currently, most companies working on machine learning in the security field are “closed”. Rarely do companies publish their machine learning info, but even with the few that do, there are no public benchmarks so it is difficult to compare the results or progress of one company to another. Saxe pointed out that in other areas of AI, like machine vision or machine learning driven natural language processing, companies already publish their machine learning, use common benchmarks, and exchange ideas via scientific papers. In Saxe’s opinion, security companies should always publish their machine learning and be measured against public benchmarks so that companies can still compete but have “healthy cross-pollination.” Saxe believes that if companies continue to go down the same closed path, it will be harder to say whether there is any progress being made, we won’t know what ideas work, and there would be an “overall failure to efficiently leverage broad machine learning trends.”
A era of testing cloud security
David Ellis, VP of Sales and Corporate Relations at SecureIQLab, presented about the new era of testing cloud security. Ellis says that currently there is a cloud security gap in the shape of misconfigurations and security breaches, which shows the reality of how complicated it is to keep everything secured when moving to the cloud. When testing a cloud implmentation for security, architecture, asset identification, data protection, and automation all need to be examined to make sure they are just as good as a traditional approach. SecureIQLab’s perspective on testing is to look at the enterprise work flows and focus on the optimization and validation of work flow mapping. Their goal is to bring together the ideal solutions that testing firms strive for and the visionary solutions that analyst firms strive for to make both sides reality. Ellis says that we “need to consider the changing threat landscape when we’re developing testing for cloud security” and that after testing, you have to be able to tell your client if they are more or less secure and what their risk exposure is when moving to the cloud. Some of the risks that SecureIQLab considers during cloud testing are data compromises, insecure interfaces/APIs, malicious insiders, and lack of awareness and abuse of cloud services. In addition, because of COVID-19 and a more distributed work place environment, some examples of new challenges needed to be faced are monitoring and visibility, multiple users with privileged access to cloud computing environments, and no physical boundary to the internet attack surface. When testing, Ellis says that “in order to understand if an app is protected, we have to look across all the layers of the platform, we can’t look at just the top layer.”
The Cyber Threat Alliance
Michael Daniel, President and CEO of the Cyber Threat Alliance (CTA), spoke about his organization and what the purpose of their non-profit is. CTA is made up of cyber security providers which share security knowledge with one another through the CTA infrastructure. Their three core missions are to protect end users, disrupt malicious actors, and elevate overall security. To share security information, CTA employs an automated sharing platform where members share technical threat intelligence, human to human interaction, and operational collaboration. When members agree to join CTA, they agree to share a certain amount of threat intelligence and must include where in the world they encountered the threat, the context, and where in the kill chain phase that threat occurred. Daniel also shared that CTA members regularly provide other members with “early access to malicious cyber activity, blog posts, research findings, and samples”, which helps the industry to mitigate threats quickly and prevent more harm from occurring. Currently, CTA has two working groups that some members volunteer with: Election Cybersecurity for the 2022 elections and Olympic Cybersecurity for the Tokyo Olympics. Daniel said that CTA tries to engage across the industry by providing a guest blog and webinar program, as well as working with governments and other groups across the globe to promote good cybersecurity practices.
The next AMTSO Testing Town Hall will be on June 9th, 2021, and is open to all AMTSO members and the public. To find out more about becoming an AMTSO member, see our joining page. To register your interest in attending our next Testing Town Hall event, please contact us at firstname.lastname@example.org or complete the event registration form.