The SecurityANGLE

SiliconANGLE

In this episode of The #SecurityANGLE, Shelly Kramer, managing director and principal analyst at #theCUBEResearch, is joined by Jo Peterson, VP of cloud and security services at #Clarify360 and a member of #theCUBECollective community of independent analysts.

Check out theCUBE for the latest in enterprise tech https://siliconangle.com/category/cube-event-coverage/

read less

TechnologyTechnology

Start Here

A Dive into Software Supply Chain Security with Schneider Electric’s Cassie Crossley

A Dive into Software Supply Chain Security with Schneider Electric’s Cassie Crossley

In this episode of the SecurityANGLE, Shelley Kramer, managing director and principal analyst at theCUBE Research, is joined by fellow analyst, engineer and member of theCUBE Collective community, Jo Peterson, for a conversation with Cassie Crossley, VP of supply chain security, cybersecurity and product security office at Schneider Electric.Check out the latest from theCUBE, including upcoming tech events https://www.thecube.net/Before we dive in, we start with some background on Schneider Electric, a French multinational company specializing in digital transformation and energy management. The company combines energy tech, software, real-time automation and services to transform homes, buildings, data centers, infrastructure and industries. Earlier this year, the company launched its new Industrial Digital Transformation Services, which are designed to help industrial enterprises achieve future-ready, innovative, sustainable, effective and end-to-end digital transformation.Follow theCUBE's wall-to-wall coverage as the roving news desk for SiliconANGLE reports live from tech's top events https://siliconangle.com/category/cube-event-coverage/Why is there a focus on software supply chain security? Supply chain security is the management of the supply chain that focuses on risk management of external suppliers, vendors, logistics and transportation. It's safe to say that today's supply chain and the security of the supply chain play an outsized role in successful digital transformation initiatives. The proliferation of software throughout the tech stack potentially exposes organizations to greater risk than ever before, which makes managing and securing the supply chain crucial when it comes to the ability of vendors to deliver software releases that are trusted and reliable and for end-user customers to know they are using software developed with security as a foundational element. Our conversation today covers:• Why the focus on third-party cyber risk management and what makes that so critically important today?• Crossley shares suggestions for other supply chain pros on three ways a strong supply chain security program can help identify, analyze and mitigate risks associated with working with outside vendors and organizations as part of your supply chain.• Smaller firms often don’t have dedicated application or supply chain experts. Crossley shares advice on how organizations of any size can implement a software supply chain security program.• The Lehigh Business Supply Chain Risk Management Index was released on March 29th showing that cybersecurity was identified as the #1 risk for the fifth straight quarter and, not surprisingly, generative AI has become a concern for supply chain managers. Zach Zacharia, associate professor of supply chain management and director for the Center for Supply Chain Research at Lehigh, said that thoughts about generative AI and how that might increase their companies’ vulnerability was identified by survey respondents as the second highest risk after worries about customer risk. Crossley shares her thoughts on the risk generative AI poses as it relates to the software supply chain and gives advice on how to think about navigating that.• We explore the risks that generative AI brings as it relates to software supply chain and how to combat those, as well as give our thoughts on what makes a supply chain resilient. As we wrap the show, we discuss the reality that there are no established, one-size-fits-all guidelines for software supply chain security, and we leave the audience with thoughts on a few of the crucial elements needed to develop a strategy, as well as give advice on how to get started.Visit theCUBE Research for the latest in tech news https://thecuberesearch.com/

Episodes

A Dive into Software Supply Chain Security with Schneider Electric’s Cassie Crossley

A Dive into Software Supply Chain Security with Schneider Electric’s Cassie Crossley

In this episode of the SecurityANGLE, Shelley Kramer, managing director and principal analyst at theCUBE Research, is joined by fellow analyst, engineer and member of theCUBE Collective community, Jo Peterson, for a conversation with Cassie Crossley, VP of supply chain security, cybersecurity and product security office at Schneider Electric.Check out the latest from theCUBE, including upcoming tech events https://www.thecube.net/Before we dive in, we start with some background on Schneider Electric, a French multinational company specializing in digital transformation and energy management. The company combines energy tech, software, real-time automation and services to transform homes, buildings, data centers, infrastructure and industries. Earlier this year, the company launched its new Industrial Digital Transformation Services, which are designed to help industrial enterprises achieve future-ready, innovative, sustainable, effective and end-to-end digital transformation.Follow theCUBE's wall-to-wall coverage as the roving news desk for SiliconANGLE reports live from tech's top events https://siliconangle.com/category/cube-event-coverage/Why is there a focus on software supply chain security? Supply chain security is the management of the supply chain that focuses on risk management of external suppliers, vendors, logistics and transportation. It's safe to say that today's supply chain and the security of the supply chain play an outsized role in successful digital transformation initiatives. The proliferation of software throughout the tech stack potentially exposes organizations to greater risk than ever before, which makes managing and securing the supply chain crucial when it comes to the ability of vendors to deliver software releases that are trusted and reliable and for end-user customers to know they are using software developed with security as a foundational element. Our conversation today covers:• Why the focus on third-party cyber risk management and what makes that so critically important today?• Crossley shares suggestions for other supply chain pros on three ways a strong supply chain security program can help identify, analyze and mitigate risks associated with working with outside vendors and organizations as part of your supply chain.• Smaller firms often don’t have dedicated application or supply chain experts. Crossley shares advice on how organizations of any size can implement a software supply chain security program.• The Lehigh Business Supply Chain Risk Management Index was released on March 29th showing that cybersecurity was identified as the #1 risk for the fifth straight quarter and, not surprisingly, generative AI has become a concern for supply chain managers. Zach Zacharia, associate professor of supply chain management and director for the Center for Supply Chain Research at Lehigh, said that thoughts about generative AI and how that might increase their companies’ vulnerability was identified by survey respondents as the second highest risk after worries about customer risk. Crossley shares her thoughts on the risk generative AI poses as it relates to the software supply chain and gives advice on how to think about navigating that.• We explore the risks that generative AI brings as it relates to software supply chain and how to combat those, as well as give our thoughts on what makes a supply chain resilient. As we wrap the show, we discuss the reality that there are no established, one-size-fits-all guidelines for software supply chain security, and we leave the audience with thoughts on a few of the crucial elements needed to develop a strategy, as well as give advice on how to get started.Visit theCUBE Research for the latest in tech news https://thecuberesearch.com/

Unpacking Zscaler ThreatLabz’s 2024 State of AI Security Report

Unpacking Zscaler ThreatLabz’s 2024 State of AI Security Report

In this episode of the SecurityANGLE, host Shelly Kramer, managing director and principal analyst at theCUBE Research, is joined by Zscaler’s CSO, Deepen Desai, for a conversation about the findings in the company’s newly released 2024 AI Security Report. The survey relied on more than 18 billion transactions across the company’s cloud security platform, the Zscaler Zero Trust Exchange from April of 2023 to January of 2024.Follow theCUBE's wall-to-wall coverage as the roving news desk for SiliconANGLE reports live from tech's top events https://siliconangle.com/category/cube-event-coverage/Zscaler’s ThreatLabz researchers explored how AI/ML tools are being used across the enterprise, and then went deeper, mapping out trends across sectors and geographies. They explored how companies are thinking about AI, how they are integrating AI into their business operations, how they are thinking about security around the use of AI tools and the risks that generative AI brings and how organizations are addressing those AI risks — all things top of mind for many business leaders today.Visit theCUBE Research for the latest in tech news https://thecuberesearch.com/In his role as CSO, Deepen is responsible for global security research operations and works with Zscaler’s product teams to ensure security across the Zscaler platform.Zscaler’s value prop is all about accelerating DX so that customers can be more agile, efficient, resilient, and secure, and the Zscaler Zero Trust Exchange™ platform protects thousands of customers from cyberattacks and data loss by securely connecting users, devices, and applications in any location. Distributed across more than 150 data centers globally, the SSE-based Zero Trust Exchange™ is the world’s largest in-line cloud security platform.Their conversation covered:- The challenges of leading security operations in the age of AI- The biggest challenges Zscaler sees customers trying to get arms around as it relates to AI security- Data from the 2024 AI Security Report, which shares that AI/ML usage skyrocketed by a whopping 594.82% during a nine-month period, rising from 521 million AI/ML driven transactions in April 2023 to 3.1 billion monthly transactions by January of 2024- Findings from the report on how AI is being used by threat actors to speed cyber campaigns- The risks associated with the sending and receiving of data from AI tools and how to think about managing that process securely- The role that blocking plays in the enterprise today in these early days of generative AI, and what some of the most blocked AI applications are today- Attack surfaces and which of these are the most concerningCheck out the latest from theCUBE, including upcoming tech events https://www.thecube.net/Catch up on the last episode of the SecurityANGLEhttps://www.youtube.com/playlist?list=PLenh213llmcY5rmBToKb51z4uQFMgiTj-#SecurityANGLE #theCUBEResearch #ZScaler #2024AISecurityReport #CloudSecurity #ZScalerZeroTrustExchange

Fortinet Accelerate 2024: Unpacking the Event, Exploring What's Ahead

Fortinet Accelerate 2024: Unpacking the Event, Exploring What's Ahead

In this episode of the SecurityANGLE, host Shelly Kramer, managing director and principal analyst at theCUBE Research is joined by fellow analyst Zeus Kerravala, principal of ZK Research, to discuss Fortinet Accelerate 2024, held in Vegas this past week, with a whopping 4,000 people in attendance.In November 2023, Fortinet announced a reorganization of its business market focus, shifting to laser in on three high-growth, differentiated markets: secure networking, universal SASE, and security operations. With large and growing TAMs in these markets of about $126B in 2023, and predicted to grow to $199B by 2027, there's much opportunity here.sKramer and Kerravala discussed Fortinet's shift in terms of focus and why that makes sense, as well as Fortintet's recent move into the leader quadrant for wired and wireless WAN. This is notable, since many think primarily of Fortinet as a security company. And, if we are now thinking of Fortinet as a networking company, we explored how Fortinet stacks up against some key competitors in the networking space.We explored challenges ahead for Fortinet, speculated on the reasons for the growth of in-person attendance at the Accelerate event, and took a look forward at opportunities on the horizon for Fortinet.

Exploring Gen AI, Security, and Law Firm Readiness for Microsoft 365 Copilot

Exploring Gen AI, Security, and Law Firm Readiness for Microsoft 365 Copilot

In this episode of the SecurityANGLE, host Shelly Kramer, managing director and principal analyst at theCUBE Research, is joined by fellow analyst, engineer, and member of theCUBE Collective community for a conversation exploring generative AI, security, and law firm readiness for Microsoft 654 Copilot with Jason Thomas. Thomas is the CIO at Cole, Scott, Kisan, one of the AM Law 200 and Florida's largest law firm.Microsoft Copilot for Microsoft 365 is an enterprise-grade generative AI Assistant and part of the Microsoft application suite designed to enhance user productivity. The AI assistant works in conjunction with Microsoft Teams, Outlook, SharePoint, etc.Thomas has been the CIO of Cole, Scott, and Kisane for the better part of a decade and it's safe to see he's seen a lot in that time, including the firm's embrace of AI for business process automation and other tasks for quite some time. That's why we wanted to discuss generative AI and how he sees it advancing into the law firm realm and what he sees happening on the adoption front.Our conversation covered a variety of topics, including:- Thoughts on the news that global law firm Clifford Chance, with 34 offices across 23 countries and 3,600 lawners rolled out Microsoft 365 and Viva Suite at scale across its entire workforce, which is probably the first and largest instance of international law firms to integrate Microsoft Copilot.- Where Thomas sees the legal field in general on the adoption of generative AI.- How CIOs in the legal sector educate lawyers and their teams about Microsoft Copilot and its capabilities, and how discovery teams define processes and maintain them for these new Copilot Discovery tasks.- What CIOs in the legal field are doing and thinking about access and permissioning for confidential, sensitive, and proprietary data.- What's ahead from an eDiscovery standpoint: a shift from custodian-centric data to collaborative data and often content-centric data, and what different methods of scoping preservation and collection requests we might see ahead.We wrapped this show with Jason's advice to legal field practitioners interested in integrating generative AI into their operations, what to think about and where to start.

The Impact of Cybersecurity Regulation in 2024

The Impact of Cybersecurity Regulation in 2024

In this episode of the SecurityANGLE, guest host Jo Peterson, member of theCUBE Collective community of independent analysts, is joined by Chuck Brooks, president of Brooks Consulting. In addition to his strategic consulting work, Brooks is also an adjunct professor at Georgetown University, where he teaches courses on risk management, homeland security, and cybersecurity, as well as a certificate course he designed on blockchain technologies for a conversation about cybersecurity regulation in 2024 and what's happening in that realm.The conversation reflected on the events of 2023 around cybersecurity regulation including:Legislative developments we expect to see moving forward as it relates to the regulation of privacy and data securityDiscussion on whether we expect to see an increase in civil litigation around data privacyTrends that pertain to government data collection Comparison of the US's Executive Order on AI versus the EU AI Act, and how they differThoughts on national regulation of data privacy in the USUS cybersecurity disclosure rules for public companiesWashington state's My Health, My Data Act and how this has modified the legal landscape, creating data privacy requirements focuses on personal health data for Washignton-based entities and whether we expect more states to follow suit on thisWe also explored data minimization and shared what we believe every CISO needs to know about the obligations comprehensive state privacy laws impose on data controllers, who are entities that determine the means and purposes of processing personal consumer data. These obligations include things like data minimization, setting purpose limitations, requiring the maintenance of privacy policies, the requirement of maintaining reasonable administrative, having technical and physical data security controls in place, and contractually requiring processors of personal data or service providers to provide with the applicable law

Top 4 Consumer and Enterprise GenAI Cyber Risks and How to Combat Them

Top 4 Consumer and Enterprise GenAI Cyber Risks and How to Combat Them

In this episode of the SecurityANGLE, theCUBE Research's Shelly Kramer is joined by Jo Peterson, analyst, engineer, and member of theCUBE Collective community, for an exploration of four of the most pressing generative AI risks that keep CISOs up at night:- Model training and attack surface vulnerabilities- Data privacy- Corporate intellectual property exposure- Generative AI jailbreaks and backdoorsAfter exploring these four major security risks facing organizations today as it relates to generative AI, the conversation turned to an exploration of cybersecurity best practices for using generative AI and advice on where and what to focus on. This includes: Building AI governance in your organization, training and mentoring employees, identifying and classifying corporate data, and understanding how data governance and security tools work best together.The last part of the episode focused on a quick cybersecurity / AI Security tool roundup from vendors we are tracking. These vendors and their AI security tools include:

The Transformative Nature of Cloud and AI

The Transformative Nature of Cloud and AI

In this episode of the SecurityANGLE, theCUBE Research analysts Shelly Kramer and David Linthicum are joined by fellow analyst, engineer, and member of theCUBE Collective community, Jo Peterson, for a conversation about the transformative nature of cloud and AI.With the global cloud computing marketing expected to reach an estimated $600 billion US in 2024 representing a 30% jump in the span of two years, AI is no doubt playing a role in that acceleration to cloud. Our conversation explored managed AI and the rapid adoption we're seeing there, and why that is such an attractive offering. Research from Wiz shows that in the battle for AI dominance, Azure AI, which includes Azure Open AI, is leading the way, with some 39% of responding organizations using the service. We also explored the financial pressure that the demand for AI is putting on cloud infrastructure itself and thoughts on when we might see those investment numbers showing up in earnings reports. We discussed security and AI, the novel security vulnerabilities that need to be considered in the age of AI, alongside standard cybersecurity threats, as well as regulation in the EU and US and what's ahead on that front.

A CISO's Take on the Rise of AI-Enhanced Vishing and Smishing

A CISO's Take on the Rise of AI-Enhanced Vishing and Smishing

In this episode of the SecurityANGLE, host Shelly Kramer, managing director and principal analyst at theCUBE Research is joined by fellow analyst, engineer, and member of theCUBE Collective Community, Jo Peterson and Bil Harmer, operating partner and CISO at Craft Ventures.Our conversation today centered on the rise of AI-enhanced vishing and smishing attacks, which join phishing attacks as an attractive threat vector for cybercriminals. As organizations of all sizes rush to embrace AI, threat actors are likewise rushing in and wasting no time finding and leveraging AI-powered tech to help supercharge their efforts at wreaking havoc, getting access to data, and infiltrating networks. Harmer shares his expertise from 30 years immersed in the tech industry and provides insights for CISOs, executives, and board members on what AI is doing to power phishing, vishing, and smishing attacks and how to protect against them.

5 Top Enterprise Risk Management Trends to Watch in 2024

5 Top Enterprise Risk Management Trends to Watch in 2024

In this episode of the SecurityANGLE, our series focused on all things security, theCUBE Research managing director/principal analyst Shelly Kramer is joined by fellow analyst, engineer, and member of theCUBE Collective community, for a conversation around the top five enterprise risk management trends to watch in 2024 and a dive into why ERM awareness and software solutions are quickly becoming table-stakes.

The Ultimate Insider’s Guide to the Modern Data Stack with Bob Muglia

The Ultimate Insider’s Guide to the Modern Data Stack with Bob Muglia

This is theCUBE's latest episode in our series, The Road to Intelligent Data Apps, which focuses on the evolution of the modern data stack into the new platform for applications, or what we’re calling “the sixth data platform.” This modern data stack is becoming the new platform for applications as raw cloud infrastructure recedes into the background. In this series, we feature insights from some of the brightest minds in the tech world. For this episode, theCUBE Research principal analyst Shelly Kramer welcomes Bob Muglia, who pretty much needs no introduction, certainly within the tech industry.Check out the latest from theCUBE, including upcoming tech events https://www.thecube.net/ Bob was president of the precursor to Microsoft’s Enterprise Division, growing it to $14 billion in revenue. Most recently, Bob was CEO of Snowflake, leading it from $0 revenue and guiding the company to an IPO, which was the largest ever debut of an enterprise software company. Today, Bob is an investor, advisor and mentor to some of the most exciting companies driving the evolution of the modern data stack. Bob is also the author of The Datapreneurs, which focuses on the promise of AI and the creators who are building our future.Follow theCUBE's wall-to-wall coverage as the roving news desk for SiliconANGLE reports live from tech's top events https://siliconangle.com/category/cube-event-coverage/

The SecurityANGLE 5 Network Security Predictions for 2024

The SecurityANGLE 5 Network Security Predictions for 2024

In this episode of The #SecurityANGLE, Shelly Kramer, managing director and principal analyst at #theCUBEResearch, is joined by Jo Peterson, VP of cloud and security services at #Clarify360 and a member of #theCUBECollective community of independent analysts.Check out theCUBE for the latest in enterprise tech https://siliconangle.com/category/cube-event-coverage/Today's episode centers on 5 network security predictions for 2024, including:- SaaS security will see an increased focus- DDoS attacks will continue to increase at a rapid rate and protecting against them is critical.- Convergence is the new black. We expect to see organizations actively work to consolidate the number of cybersecurity vendors they use to mitigate risk and reduce operational complexity.- Consolidation within the industry is a given, and we expect to see more acquisitions as vendors add to the breadth of their solutions and work to become more holistically attractive to customers. - Zero Trust Network Architectures are, without question, the future of network security.Read the full article https://wikibon.com/5-network-security-predictions-2024/

The Evolution of the AI Threat -Three Stages to Watch in 2024

The Evolution of the AI Threat -Three Stages to Watch in 2024

In this episode of the #SecurityANGLE, our focus is on the evolution of #AI as a threat, where we explore the three stages that we expect to see this evolution unfold in 2024. The three stages we discuss on today's show are: Check out theCUBE for the latest in enterprise tech https://siliconangle.com/category/cube-event-coverage/- AI Threat Actors Take the Stage. We explore how human threat actors are being augmented with AI capabilities and explore how those capabilities will act as a force multiplier.- New AI Threat Vectors Emerge. AI will continue to enhance existing attack vectors and will also create new vectors that are crafted based on the quality of results of generative AI itself.- AI Code Assistants Introduce Further Vulnerability. The increased adoption of AI assistants will likely introduce more errors in software developers, namely, writing #security vulnerabilities into the source code. We explore interesting findings from Stanford exploring instances of insecure code and the role AI assistants are playing there.Follow theCUBE's wall-to-wall coverage as the roving news desk for SiliconANGLE reports live from tech's top eventshttps://siliconangle.com/category/cube-event-coverage/

Battle of the Network Giants

Battle of the Network Giants

In this episode of our #AnalystANGLE, theCube Research's Shelly Kramer talks with Zeus Kerravala, principal analyst at ZK Research and member of theCUBE Collective community, about the news of #HPE's acquisition talks with #JuniperNetworks for a rumored $14 billion.Check out theCUBE for the latest in enterprise tech https://siliconangle.com/category/cube-event-coverage/While this might be a smart move on HPE's part to compete more effectively against networking giant #Cisco, there are some downsides as well. Integration challenges, servicing a massive debt load and product overlap all play a role. Our analysts share their thoughts on whether it's a thumbs up or a thumbs down scenario.Read the full article https://wikibon.com/hpe-juniper-networks-14b-price-tag-smart-move-not-so-much/Follow theCUBE's wall-to-wall coverage as the roving news desk for SiliconANGLE reports live from tech's top eventshttps://siliconangle.com/category/cube-event-coverage/Catch up on the last episode of the AnalystANGLE https://www.youtube.com/playlist?list=PLenh213llmcYnzc3JScBR0fSUUWbHh1EH#theCUBE #theCUBEResearch #ZKResearch #theCUBECollective #Wikibon