Some interesting stories, articles and topics that have hit The Cyber Hut mailboxes this week.
Are Passwords Really Worth $1/2 billion?
Identity vendor Transmit Security, this week announced a whopping series A financing around of $543 million. It is apparently the largest investment round of any cyber security company…EVER. They were founded in 2014 and their main aim is to rid the planet of passwords, via a sophisticated portfolio of features aimed at both the consumer identity and employee identity markets. But are passwords really worth the money? There are numerous vendors on the trail of ridding the planet of passwords. See Beyond Identity, Hypr, 1Kosmos, Keyless.io amongst others…all with differing approaches and methodologies for success. So what will Transmit spend the money on? It seems a focus on consumer identity, expansion into new geographies and rapid fire hiring are the 2021 attention areas. With such funding of course comes great pressure – as many sports people find with large transfer fees. Passwords need to die for sure. Are they worth the money?
ATT&CK (and now D3FEND)
The Mitre ATT&CK framework has been around for a long time and is a great (or perhaps as some say too large to use) model for classifying adversarial cyber activity. Well this week, an NSA funded extension was announced called D3FEND. D3FEND, as the name suggests, is entirely focused on the counter measures that the ATT&CK framework describes as part of the inbound malicious activity. At first glance it is not as large at ATT&CK (it’s clearly newer) but covers some interesting counter measures – all linked graphically to the various different attack techniques. There is a good set of resources supporting D3FEND as well as an ask for further contributions if you so wish.
Security Week APAC Industrial Control System Cyber Security Conference
This week I attended (remotely of course) the 2021 ICS Cyber Conference APAC/Singapore region. There were some great talks from both vendors, practitioners, threat hunters, risk analysts and industry big guns such as Robert Lee the CEO at Dragos who gave a great interview whilst on holiday. Big take aways? Well Critical National Infrastructure and ICS/SCADA infrastructure is hot right now. For the good (great conferences, expertise sharing and modelling) and bad (big breaches and attacks hitting the headlines). I came away thinking there are some big cultural and psychological reasons behind some of the main vulnerabilities – vulnerabilities which are linked to architectural design, operational management and how risk is prioritised.
NIST Request for Comments on Identity as a Service for Public Safety Organisations
The US National Institute of Standards and Technology have opened a request for comments period (through to August 2nd 2021) for a new draft focused upon authentication for Public Safety Organisations. This is essentially those teams that respond to emergency situations – and very likely need access to sensitive data in a time critical fashion. The document essentially overlays some of the existing NIST identity standards (800-63x) with regards to identity enrolment and authentication with some specific implementation guidelines that may only apply to PSOs. If you’re a vendor or solutions provider in this space, certainly worth a read and and opportunity to provide feedback.
The links above are to third party articles and blogs. They have no relation to The Cyber Hut. See our disclaimer policy for more details.
If you have a product newsletter, update or press release, please email us at intel@thecyberhut.com
About The Author
Simon Moffatt is Founder & Analyst at The Cyber Hut. A published author with over 20 years experience within the cyber and identity and access management sectors. His 2021 research diary focuses upon “How To Kill The Password”, “Next Generation Authorization Technology” and “Why We Are Not Prepared For Cyberwar”. For further information see here.