📡 Cybersecurity Innovation Pulse #26: NSAs AI Security Center; Hybrid Approach to PQC; API Security Trends; and Security Product News!
Covering Sept. 28th - Oct. 4th
Welcome to Issue 26 of the Cybersecurity Innovation Pulse! I'm Darwin Salazar, your compass to the dynamic world of cybersecurity innovation. Each week, I deliver the latest on product debuts, groundbreaking innovations, strategic collaborations, and other developments at the intersection of innovation and cybersecurity. Digging these updates? Subscribe and get the intel delivered straight to your digital doorstep, ensuring you're always in the loop 🚀
🫱🏼🫲🏽 Intro 🫱🏼🫲🏽
Howdy! It’s October aka Spooky Season aka Cybersecurity Awareness Month aka still Hispanic Heritage Month. I hope you are all well wherever you are reading this from and that you are staying cyber-secure. That said, let’s jump into all the high-tech cool shtuff that’s come through the tape this week!
🗞️Emerging Trends & Innovation News
Post-Quantum Cryptography: A Hybrid Approach Emerges
The discussions, research, and implementation of post-quantum cryptography (PQC) have been intensifying in the background as GenAI continues to take the spotlight. However, we all know that Quantum Computing (QC) poses a serious threat if it lands in the wrong hands and it eventually will. Think nation-state actors and cyber warfare. Things could get ugly fast. This isn't groundbreaking news; it's a scenario that cryptography experts have been warning us about for quite some time.
However, we do have organizations like NIST, Google, NSA, CISA, and Signal, racing to develop and implement PQC where more most critical. It seems that the preferred strategy, for now, is a hybrid approach where we continue to use tried and true traditional cryptography methods while augmenting its capabilities with PQC. For example, a Signal spokesperson said they use PQC to:
"[augment] existing cryptosystems such that an attacker must break both systems in order to compute the keys protecting people's communications." - Signal
As we keep venturing into new spaces with tech we haven’t secured at scale before, it'll be key for defenders to keep an eye on these emerging threats. Even though we've made major strides across various security verticals, some organizations are still getting hit through the usual attack vectors (i.e., human element, publicly exposed assets). Now, with AI and QC stepping into the scene, it’s gonna be a wild ride seeing how things unfold.
More on Post-Quantum Cryptography:
Notable company doing great research and work in the AI + QC space is SandboxAQ
Source: The Hacker News
NSA Establishes Center for AI Security
The National Security Agency (NSA) has inaugurated a new center focused on the development and integration of AI capabilities into U.S. national security systems.
“The AI Security Center will become NSA’s focal point for leveraging foreign intelligence insights, contributing to the development of best practices, guidelines, principles, evaluation methodology, and risk frameworks for AI security, … end goal of promoting the secure development, integration, and adoption of AI capabilities within our national security systems and our defense industrial base.” - U.S. Army Gen. Paul Nakasone, Director of the NSA
Source: SiliconANGLE & Schneier on Security
API Security Trends 2023: NoName’s Report
We all know the importance of APIs in today’s world. If you don’t, this is a great article that highlights the significance of APIs. That said, NoName, an API security company, just released a report on the state of API security in 2023. Of course, the way they position their findings have to be taken with a grain of salt because they ultimately benefit from the problem their business is built on but the stats provide an empirical data point we can point to. Here are some key findings from their report:
72% of respondents have a full inventory of their APIs but only 40% of those have visibility into whether the API is handling sensitive data.
WAFs are the primary attack vector followed by network firewalls and API gateways.
81% of survey respondents stated that API security is more of a priority now than it was 12 months ago.
Source: NoName (Skip the info intake form)
Gartner Predicts a Surge in Global Security and Risk Management Spending in 2024
Gartner forecasts a 14.3% increase ($215B) in global security and risk management spending in 2024, compared to the est. $188.1B in 2023. Mo money, mo problems.
Source: Dark Reading
🛰️Security Product Innovation 🛰️
AWS to Mandate Multi-Factor Authentication in 2024
Amazon Web Services (AWS) has announced plans to enforce multi-factor authentication (MFA) for all root users of AWS Organizations in mid-2024. MFA options will include:
FIDO security keys
Virtual auth apps
Hardware-generated time-based, one-time password (TOTP) tokens
Amazon's MFA
Source: Dark Reading
A Revamped Look and CNAPP for Sysdig
Sysdig recently revamped its brand profile and website with a new lime-ish green, dark gray, and white color scheme. They also unveiled their attack graph for their CNAPP which leverages ML and real-time analytics to scour different domains in cloud environments (i.e., IAM permissions, VPC/NSG, CSPM findings) to identify critical attack paths.
Source: SecurityWeek
Okta Integrates AI Across Its Identity Platform
Okta announced this week, at its Oktane conference, that it has developed a new set of AI capabilities they’re dubbing “Okta AI”. Okta AI capabilities will be dispersed through their different offerings over time starting with its Identity Threat Protection to detect anomalous sign-in activity. The new capability integrates with Material Security, Jamf, PANW, Netskope, and others to consume and analyze user activity and correlate it with Okta’s signal to better identify anomalous activity.
Source: TechCrunch & MSSP Alert
What Else I Read To This Week 📚
Lucr 3: Scattered Spider Getting SaaS-y - The Hacker News
Microsoft: Hackers Target Azure Cloud VMs via Breached SQL Servers - BleepingComputer
Combating Ransomware Attacks: Insights - Palo Alto Networks
AI and ML: The Keys to Better Security Outcomes - Palo Alto Networks
Conclusion
That's all for this week! I hope you found this issue insightful. Your feedback shapes the future of this newsletter, so drop me a line on what resonated with you or what you'd like to see more of. If you believe others can benefit from these insights, share the love and encourage them to subscribe. Every week, I dive deep into a sea of headlines to curate the most pivotal stories in cybersecurity innovation just for you. Your continued support is a testament to the value this brings. Catch you in the next issue!