KnowBe4 | Pentera | ThreatLocker | Wiz
Q1. KnowBe4 recently announced plans to acquire UK-based e-mail security firm Egress. How will your customers benefit from the acquisition?
We are very excited about the acquisition of Egress, a leader in adaptive and integrated cloud email security. Egress’ Intelligent Email Security suite provides a set of scaled, AI-enabled security tools with adaptive learning capabilities to help prevent, protect, and defend organizations against sophisticated email cybersecurity threats. Organizations globally struggle to contain behavioral-based data breaches, with 68% of incidents involving the human element according to Verizon’s 2024 Data Breach Investigations Report. By acquiring Egress, we plan to deliver a single platform that aggregates threat intelligence dynamically, offering AI-based email security and training that is automatically tailored relative to risk. Our customers will benefit from differentiated aggregate threat detection to stay ahead of evolving cyber threats and foster a strong security culture.
Q2. What emerging trends or developments do you see shaping the future of security awareness training and simulated phishing solutions? How is KnowBe4 adapting its offerings and strategies to address these trends and stay ahead of evolving threats in the market?
Given the persistent appeal of the human element as a primary target for cyberattacks, it’s clear that the bad guys are relentless in their quest to exploit any vulnerability, extending their reach into both the professional and personal lives of employees. Regrettably, many organizations remain focused on reinforcing their technological defenses, often sidelining the critical human dimension of cybersecurity. What’s urgently needed is a transformative shift in perspective: Rather than perceiving employees as security liabilities, organizations must recognize and cultivate them as vital allies in the ongoing battle against cybercrime. We urge organizations to adopt a proactive approach to security awareness, a strategy that goes beyond compliance. This new-school approach places a premium on continuous, frequent learning, practical simulations and open dialogue all aimed at arming employees with up-to-date knowledge and competencies they need to confront and neutralize ever-morphing threats posed by cyber adversaries.
Of all new developments, artificial intelligence (AI) will probably have some of the most profound cybersecurity impacts on organizations and individuals. AI is already being used to facilitate disinformation and misinformation campaigns, enhance social engineering attacks, and automate multi-layer and multi-faceted attacks at scale – even by attackers with little technical know-how. Central to the KnowBe4 platform are the innovative capabilities of AI and machine learning, which streamline and empower a suite of proactive cybersecurity measures – from crafting simulated phishing tests and offering tailored security awareness training to providing instantaneous analysis and response. By harnessing these advanced technologies, organizations can expedite their risk reduction efforts in a more effective and efficient manner.
We at KnowBe4 are proud of AIDA, which stands for Artificial Intelligence Driven Agents, our cutting-edge application of AI technology. Utilizing AI, AIDA intelligently curates phishing simulation templates and proposes customized content that aligns with the varying levels of user knowledge and skills, without manual intervention. In essence, AIDA harnesses the formidable prowess of AI to increase your employees’ defenses against social engineering attacks.
As cybercriminals increasingly deploy sophisticated social engineering tactics, they are wagering on the likelihood that employees will fall short in vigilance, discernment, or cyber literacy. The harsh reality is that a single moment of stress, distraction, or educational shortfall in just one employee could be the breach point that malicious actors exploit to infiltrate an organization. The commitment to nurturing a security-ready workforce and driving a strong security culture is an indispensable strategy in shutting the door on these pervasive cyber risks.
Q3. How does KnowBe4 plan to leverage its presence at Black Hat USA 2024 to raise awareness and educate attendees about the importance of security awareness training and threat defense techniques?
At Black Hat, we are thrilled to showcase an exciting array of happenings: Enlightening live sessions from KnowBe4’s subject matter experts, dynamic live demonstrations featuring a myriad of Knowsters, the presence of on-site KnowBe4 Evangelists ready to discuss the latest cyber threats and engage with participants, as well as media coverage highlighting our acquisition of Egress and the newly inaugurated August 6th National Social Engineering Day. We are dedicated to promoting awareness and education as key tools in combating social engineering. Please join us for an enriching experience filled with Invaluable insights and cutting-edge knowledge.
Q1. How has the increasing demand for continuous security validation and the adoption of DevSecOps practices impacted enterprise approaches to penetration testing? How should security leaders be approaching the issue?
Penetration testing is evolving as our IT processes evolve. The adoption of DevSecOps has introduced a continuous nature to security to mirror the continuous nature of how applications and infrastructure are dynamically changing to meet the needs of the business. As a result, pentesting (and security validation in general) need to also "catch up" to make sure that risk is not introduced into the IT environment as it continuously changes.
In our State of Pentesting 2024 report we found that 73% of enterprises report changes to their IT environments at least quarterly, however only 40% report pentesting at the same frequency. The change can occur from the addition of new workstations, changes within the tech stack, and even M&A activities--which introduces new risk from the acquired company. The frequency gap leaves organizations open to risk for extended periods.
Pentesting needs to be a more constant process; it should be a checklist step in the process or "pipeline" to validate that the risk footprint has not increased. No other process can as effectively account for the adversarial perspective and validate your security against the TTPs that attackers are using in the wild.
Q2. What should organizations be doing, from a penetration testing standpoint, to mitigate risk from third-party vendors, supply chain partners and other external dependencies?
The answer here is pretty simple: Don’t assume. Validate.
While often positive for the business or operations of the organization, from a cyber perspective, third parties introduce risk. In an ideal world, we could be confident that everyone is practicing proper cyber hygiene, but we know this isn’t the case. And even if our defenses are somehow perfect, threat actors may still be able to compromise us if a third party we are integrated with is not.
The philosophy behind pentesting and security validation is that by emulating their tactics, we understand exactly what threat actors can do to compromise our organizations. By knowing reachable attack paths, we can proactively eliminate security before threat actors ever reach our organizations. I advise customers to run user-persona (or what is sometimes called blast-radius) testing with identities, especially third party identities. This will help organizations quickly understand what the attacker would have access to if identities are compromised. Additionally, this testing will also help enumerate attack path vectors in the event a threat actor crosses our perimeter via supply chain.
Q3. What are Pentera’s plans at Black Hat USA 2024? What does your company plan on highlighting at the event?
This year we’re going to focus on pentesting and security validation in the cloud. We recently introduced Pentera Cloud as the first software product enabling on-demand automated pentesting and resilience assessment of corporate cloud accounts against cloud-native attacks. Our solution challenges existing security controls and policies to validate their effectiveness and identify exploitable gaps across AWS and Azure environments. This is a revolution of automation for the Cloud where up until now the only option was manual pentesting.
We're eager to have conversations with customers about their challenges as well as how automation can help make them more effective in their security validation efforts. Stop by booth 1040 for a "sweet treat" and learn a little bit more about how we can help.
Q1. What are the key considerations and challenges that organizations should be aware of when adopting zero-trust strategies for protecting endpoints? How does your company approach the implementation of zero-trust principles in your products and platforms?
The concept of zero trust is to implement a least-privilege approach and only grant access where access is required. The biggest challenge for corporations is often understanding what is used in their environment and what access is required to use those applications. ThreatLocker expedites implementation by automatically learning the environment and presenting organizations with a very easy-to-see report of what is currently running in their environment and how it’s being used. ThreatLocker then automatically creates policies based on the organizations’ existing environment that they can customize if the policies don’t represent what they want in their environment.
Q2. How has the rise of fileless attacks and living-off-the-land techniques complicated the endpoint security challenge for organizations? What capabilities does your technology provide in detecting and managing these threats?
Living-off-the-land attacks make it very difficult for a traditional antivirus or EDR to determine if something bad is happening because attackers are using trusted tools already in the environment such as PowerShell, RegServe or even remote access tools.
ThreatLocker not only detects anomalies in these tools, but more importantly, we control exactly what these tools can do based on what the environment needs. In a true Zero Trust environment, if an application doesn’t need access to something, it won’t have access. ThreatLocker Ringfencing is a zero trust application containment tool that can take away permissions from applications and only give them the access they need. So, if they are compromised or weaponized, they won’t be able to step out of their lane.
Q3. What products, technologies or initiatives does your company plan to highlight at Black Hat USA 2024? What is your main messaging focus at the event?
The biggest focus for ThreatLocker is highlighting our Zero Trust control suite to show customers how Zero Trust is the only way you can protect against today’s attackers. We’re going to demonstrate how easy it is to implement Zero Trust controls into an environment. We’ll also show how controls can be augmented with our Detect suite so you can also receive the alerts of things attempting to happen in your environment while blocking them first.
Q1. As cloud security threats continue to evolve, what emerging trends or attack vectors should organizations be particularly vigilant about? What are the biggest challenges organizations face in maintaining a strong security posture in the cloud?
Cloud has fundamentally changed the way security teams operate. All of the factors that make it compelling for developers to build in the cloud - the broad range of services available “on tap”, the speed with which they can be deployed – require a new approach for security teams trying to build guardrails and to detect and respond to threats.
At Wiz, one of the most common things we hear from customers when they first approach us is, “if everything is critical, where do I begin?” That really underscores the need for visibility and context in the cloud. Effective collaboration between security, operations, and development teams must be rooted in a common understanding of the environment, how it operates, and how risks are prioritized.
One example of a vector that continues to exemplify these challenges is supply chain attacks. We recently saw how organizations scrambled to respond to the backdoored XZ Utils library. This was among the most sophisticated software supply chain attacks in history, but still required answers to the same fundamental questions that are posed any time a critical risk surfaces in a third-party code or dependency: “Is this present in my environment?” and “What are the attack paths that require the most urgent response?” When teams have consistent and complete coverage of their cloud environments, it becomes far easier to confidently answer those questions and swiftly contain any threats.
Q2. In your opinion, what role can automation and artificial intelligence play in cloud security. How is Wiz leveraging these technologies in its offerings?
Wiz sees some sort of AI service present in over 70% of cloud environments, which tells us that adoption has far outpaced governance – and in many cases, teams are using these powerful technologies regardless of whether it has been explicitly sanctioned by the business. This harkens back to the early days of cloud, where you had explosive growth that forced security to play catch up – not just to understand the technical risks, but to build healthy operating models with new personas racing to bring AI solutions to production: AI engineers and data scientists, cloud operations teams, and legal and compliance teams. These roles are all part of the new cloud operating model, making it even more important to foster a culture of security ownership.
As is always the case for complex systems, security cannot be “bolted on” to AI services in the cloud – it must be embedded into every part of the AI pipeline, including data sources, model management, and the workloads powering training and inference. Wiz calls this holistic approach “AI Security Posture Management” – AI-SPM – to find and eliminate risks end-to-end and help accelerate AI adoption securely.
Wiz also continues to introduce AI-powered features that help its customers use our products more effectively and efficiently. Most recently, that has included Wiz’s AI-powered remediation guidance, which automatically analyzes open security issues and generates clear, easy-to-follow steps to fix them. This helps drive down one of the most critical KPIs for any security function - mean-time-to-respond (MTTR) – despite the increasing complexity of cloud infrastructure and services.
Q3. What key messages around cloud security does Wiz hope to communicate with attendees at Black Hat USA 2024?
2024 is the year of security consolidation. Teams are tired of managing a slew of disparate, siloed tooling. Wiz is solving this pain and helping combat tool sprawl while revolutionizing risk reduction in the cloud through a solution that security and development teams love. Everything we do is for our customers; we will never stop innovating on their behalf.
Recently, Wiz acquired Gem Security to help transform security operations for the cloud era. Gem is a great example of how we are making good on the promise of consolidation while bolstering our Cloud Detection and Response capabilities so that SOC teams have the context and agility needed to identify, investigate, and contain unauthorized activity.
