CTOvision.com

Context for the CTO, CIO, CISO and Data Scientist

You are here: Home / Archives for tech

Fiji Nuke Supply

Lots going on here at Acme. This is hweere ew could give our opinins:

Why Disruptive: That would be a short descripitin here

Markets Service: Who is buying this

What to watch for: What do we think will come next, what indicators will show themselves

URL for more: www.acmewidgets.coms

More commentary: This was onnce a place where things were decided by thinking of the fast times that culuub ebuilt bua block or trwo but now theyu asas;doiqw08ud in the end of the day ti could be the day or the day or the day or night.

Go back to the main list of all index entries at The CTO List

Mitigating Advanced Threats with Scalable and Automated Malware Analysis: An interview of Chad Loeven and Mike Hylton

Scalable automated malware analysis has become a critical component of enterprise defense. When properly implemented it can be key to mitigating malware threats that otherwise bypass perimeter defenses. In this post we provide context enterprise architects and security engineers can use to dramatically scale their ability to conduct malware analysis. It is based on an interview with two widely known experts in the federal cybersecurity community, Mike Hylton and Chad Loeven.

Chad is the VP Malware Analysis Sales for OPSWAT. He joined OPSWAT to lead the Malware Analysis go to market initiative, following OPSWAT’s acquisition of SNDBOX and its malware analyzer technology. Prior to OPSWAT, Chad spent over 14 years in the malware analysis field, bringing the first commercial automated malware analyzer to market in 2007. He also ran technology alliances for RSA, where he came on board as part of RSA’s acquisition of Silicium Security and their ECAT EDR (Endpoint Discovery and Response) technology.

Mike leads government business for OPSWAT. He is a sought-after expert on Zero-Trust security and the use of Zero-Trust technologies to mitigate advanced cyber threats. Mike has a background of over 20 years in federal technology consulting with the Pentagon and other federal agencies. Mike also has extensive international experience, as well as experience with cybersecurity startups. On top of that, we have found him to be a great explainer of tech, which will come through in the discussion below:

Q: Chad for context can you give us your views on how malware analysis has evolved over the last decade? I’m especially interested in the concept of a sandbox in malware analysis:

I’m dating myself that it’s actually a decade and a half since I started in the sandbox field. Our CEO and CTO had gone to a research conference where a young German Masters student in Comp Sci presented his thesis on automating file analysis. Our CEO approached him and asked if our company could have the commercial rights to his project. The student said sure as I think at the time, he didn’t believe there was any market as such. I was tasked (“voluntold”) by the CEO with figuring out who would buy it and turning a collection of code with no user interface or documentation into a product. I was despairing of the futility of the task when Google contacted us out of the blue and said they needed to buy it, no questions asked. I walked into the CEO’s office and said, “You know how you wanted me to find a way to sell that German Masters’ thesis as a product? I found our first customer.” After that a dam broke, especially in the Federal sector as they all became aware of how nation-state threat actors could craft custom malware that could trivially bypass existing defenses. Keep in mind that at the time virtually all defenses (AV, firewalls etc) were relying almost exclusively on signatures. So, if the threat wasn’t defined in the vendor’s signature database, it went straight through as the dirty secret was that most security vendors had a default-allow approach for anything they couldn’t identify. As a result, doing a dynamic behavioral analysis of an unknown file (a.k.a. sandboxing) was the only effective way to determine if that unknown file was in fact malicious and what it would do if it got onto the targeted systems.

Q: Mike as I interact with government tech leaders, I find most are familiar with the sandbox concept, but many are not up to speed on what a modern sandbox is capable of. Would you agree? What would you most like government tech leaders to know about modern sandbox capabilities?

Generally speaking, government tech leaders are familiar and perhaps even using sandboxes as part of their incident response program. Traditionally, sandboxes provide IR teams the capability to delve deeper into a small subset of files for dynamic analysis or detonation to examine behaviors of the file.

Nistifi: your governmnet AI platform

Lots going on here at Acme. This is hweere ew could give our opinins:

Why Disruptive: That would be a short descripitin here

Markets Service: Who is buying this

What to watch for: What do we think will come next, what indicators will show themselves

URL for more: www.acmewidgets.coms

More commentary: This was onnce a place where things were decided by thinking of the fast times that culuub ebuilt bua block or trwo but now theyu asas;doiqw08ud in the end of the day ti could be the day or the day or the day or night.

Go back to the main list of all index entries at The CTO List

Mitigating Advanced Threats with Scalable and Automated Malware Analysis: An interview of Chad Loeven and Mike Hylton

Scalable automated malware analysis has become a critical component of enterprise defense. When properly implemented it can be key to mitigating malware threats that otherwise bypass perimeter defenses. In this post we provide context enterprise architects and security engineers can use to dramatically scale their ability to conduct malware analysis. It is based on an interview with two widely known experts in the federal cybersecurity community, Mike Hylton and Chad Loeven.

Chad is the VP Malware Analysis Sales for OPSWAT. He joined OPSWAT to lead the Malware Analysis go to market initiative, following OPSWAT’s acquisition of SNDBOX and its malware analyzer technology. Prior to OPSWAT, Chad spent over 14 years in the malware analysis field, bringing the first commercial automated malware analyzer to market in 2007. He also ran technology alliances for RSA, where he came on board as part of RSA’s acquisition of Silicium Security and their ECAT EDR (Endpoint Discovery and Response) technology.

Mike leads government business for OPSWAT. He is a sought-after expert on Zero-Trust security and the use of Zero-Trust technologies to mitigate advanced cyber threats. Mike has a background of over 20 years in federal technology consulting with the Pentagon and other federal agencies. Mike also has extensive international experience, as well as experience with cybersecurity startups. On top of that, we have found him to be a great explainer of tech, which will come through in the discussion below:

Q: Chad for context can you give us your views on how malware analysis has evolved over the last decade? I’m especially interested in the concept of a sandbox in malware analysis:

I’m dating myself that it’s actually a decade and a half since I started in the sandbox field. Our CEO and CTO had gone to a research conference where a young German Masters student in Comp Sci presented his thesis on automating file analysis. Our CEO approached him and asked if our company could have the commercial rights to his project. The student said sure as I think at the time, he didn’t believe there was any market as such. I was tasked (“voluntold”) by the CEO with figuring out who would buy it and turning a collection of code with no user interface or documentation into a product. I was despairing of the futility of the task when Google contacted us out of the blue and said they needed to buy it, no questions asked. I walked into the CEO’s office and said, “You know how you wanted me to find a way to sell that German Masters’ thesis as a product? I found our first customer.” After that a dam broke, especially in the Federal sector as they all became aware of how nation-state threat actors could craft custom malware that could trivially bypass existing defenses. Keep in mind that at the time virtually all defenses (AV, firewalls etc) were relying almost exclusively on signatures. So, if the threat wasn’t defined in the vendor’s signature database, it went straight through as the dirty secret was that most security vendors had a default-allow approach for anything they couldn’t identify. As a result, doing a dynamic behavioral analysis of an unknown file (a.k.a. sandboxing) was the only effective way to determine if that unknown file was in fact malicious and what it would do if it got onto the targeted systems.

Q: Mike as I interact with government tech leaders, I find most are familiar with the sandbox concept, but many are not up to speed on what a modern sandbox is capable of. Would you agree? What would you most like government tech leaders to know about modern sandbox capabilities?

Generally speaking, government tech leaders are familiar and perhaps even using sandboxes as part of their incident response program. Traditionally, sandboxes provide IR teams the capability to delve deeper into a small subset of files for dynamic analysis or detonation to examine behaviors of the file.

Not ACME Robotics

Lots going on here at Acme. This is hweere ew could give our opinins:

Why Disruptive: That would be a short descripitin here

Markets Service: Who is buying this

What to watch for: What do we think will come next, what indicators will show themselves

URL for more: www.acmewidgets.coms

More commentary: This was onnce a place where things were decided by thinking of the fast times that culuub ebuilt bua block or trwo but now theyu asas;doiqw08ud in the end of the day ti could be the day or the day or the day or night.

Go back to the main list of all index entries at The CTO List

Others from this category:

ACME Biotech Industries

This is a great place to write a great deal.

ots going on here at Acme. This is hweere ew could give our opinins:

Why Disruptive: That would be a short descripitin here

Markets Service: Who is buying this

What to watch for: What do we think will come next, what indicators will show themselves

URL for more: www.acmewidgets.coms

Go back to the main list of all index entries at The CTO List

ure is a great widiti company with my phone ti can enrole in any product or paln ot type of think that I would want to be so wihy not just do it like a nike bird ofprey into the dark but that is fine if you like this can be reused anywhere with coprywrite.

ure is a great widiti company with my phone ti can enrole in any product or paln ot type of think that I would want to be so wihy not just do it like a nike bird ofprey into the dark but that is fine if you like this can be reused anywhere with coprywrite. ure is a great widiti company with my phone ti can enrole in any product or paln ot type of think that I would want to be so wihy not just do it like a nike bird ofprey into the dark but that is fine if you like this can be reused anywhere with coprywrite. ure is a great widiti company with my phone ti can enrole in any product or paln ot type of think that I would want to be so wihy not just do it like a nike bird ofprey into the dark but that is fine if you like this can be reused anywhere with coprywrite. ure is a great widiti company with my phone ti can enrole in any product or paln ot type of think that I would want to be so wihy not just do it like a nike bird ofprey into the dark but that is fine if you like this can be reused anywhere with coprywrite.

ACME Robotics Industries

Lots going on here at Acme. This is hweere ew could give our opinins:

Why Disruptive: That would be a short descripitin here

Markets Service: Who is buying this

What to watch for: What do we think will come next, what indicators will show themselves

URL for more: www.acmewidgets.coms

Go back to the main list of all index entries at The CTO List

DasanAI

I like this firm because of their focus on creating real solutions.

This is a test of post types. This post type is of type techlibrary.

For more see: https://www.a16z.com

URL for more: www.acmewidgets.coms

Go back to the main list of all index entries at The CTO List

ure is a great widiti company with my phone ti can enrole in any product or paln ot type of think that I would want to be so wihy not just do it like a nike bird ofprey into the dark but that is fine if you like this can be reused anywhere with coprywrite.

ure is a great widiti company with my phone ti can enrole in any product or paln ot type of think that I would want to be so wihy not just do it like a nike bird ofprey into the dark but that is fine if you like this can be reused anywhere with coprywrite. ure is a great widiti company with my phone ti can enrole in any product or paln ot type of think that I would want to be so wihy not just do it like a nike bird ofprey into the dark but that is fine if you like this can be reused anywhere with coprywrite. ure is a great widiti company with my phone ti can enrole in any product or paln ot type of think that I would want to be so wihy not just do it like a nike bird ofprey into the dark but that is fine if you like this can be reused anywhere with coprywrite. ure is a great widiti company with my phone ti can enrole in any product or paln ot type of think that I would want to be so wihy not just do it like a nike bird ofprey into the dark but that is fine if you like this can be reused anywhere with coprywrite.

More Content

Cyber War

SciFi

Super Bowl Ads Indicate Big Businesses Think You Are Afraid of AI

Tom Loftus provided an insightful review of some of Super Bowl ads in the 4 Feb 2019 Wall Street Journal. Like AI parody in SNL, these ads really poked fun at computers: Seriously, did anyone catch the commercials? If the Super Bowl is the zeitgeist, then it is safe to say that America is not […]

HBO’s Westworld: The Man In Black is a special kind of Twitter user

HBO’s Westworld is a modern take on the Michael Crichton SciFi tale of a robotic amusement park. The HBO version has a new twist. The creators/writers were all exposed to years of Twitter, which has influenced every episode and the entire arch of two seasons of the show. Now that season two is wrapping up, […]