Infosecurity Europe 2019, held in the Olympia, London, is a leading event in the cyber security calendar bringing business, tech and communities together. Uleska CEO and founder Gary Robinson was a speaker at the event, addressing two prevalent cyber issues, whilst Uleska exhibited to a plethora of cyber practitioners. Here are just some of the key trends Uleska noticed throughout the event.

Automation and orchestration continues to be a trend that is driving the wider cyber security industry. On the security operations side, Security Orchestration, Automation, and Response (SOAR) is gaining a firm foothold in the organisation’s mindsets.

In contrast to the software security side, Application Security Testing and Orchestration (ASTO) is a few years behind SOAR, yet the success of SOAR is helping organisations’ see the value of ASTO.

Numerous visitors to the Uleska booth were attracted by an independent (i.e. non-tool vendor) view of the coverage provided by combinations of technical tooling against their security standards and regulations they need to meet. 

Many security tool vendors will have marketing departments which promise to cover every technical issue, yet the industry realises this is not the case.  While organisations accept that no one tool will fix everything, they are finding it hard to get independent advice as to what tool coverage they do need.

Chief Risk Officers (CROs) have to deal with a lot of data. Cyber security has fought for years to get onto both the board and risk agendas and is now a firmly placed issue that must be addressed.

However, CROs have many aspects to consider. From finance, human resources, natural disasters, and geopolitics, with cyber security being one more issue to be addressed on that list.

Yet within each aspect, there are many subplots, such as for cyber, ransomware, viruses, network security, infrastructure security, application security, and more.

As previously mentioned, this means that each element the CRO has to manage, measure, and report on has to be succinct – the best case being one number of stats that shows the current state, impact, and whether things are getting better or worse. 

Application security has historically been awful at this, throwing thousands of technical issues and high/medium/lows to describe the current state, which is simply not consumable for a CRO.

Cyber value-at-risk, culminating in a single monetary risk number that changes with the real risk in the software estate, provides such a measure that CROs can work with.

Many organisations are interested in maturing to a ‘standards-based approach’ to security testing, instead of a ‘tools based approach’. 

This means they are looking at the standards and regulations they need to adhere to, and asking “Which tools and processes can be combined to provide as much coverage of these as possible?”. 

This is a much more comprehensive approach than previous doctrine which started with using one or two tools or processes, allowing them to find issues towards the end of a project, fixing those issues, and then assuming all standards and regulations were covered.

All /processes were aligned to the standards and regulations. this without doing any analysis of how those tools. This has led to blind spots in their technical programs which led to breaches.

Uleska recently exhibited at CyberUK 2019 in Glasgow’s Scottish Event Campus. The event highlighted the progress that needs to be taken within cyber security and showcased innovative solutions currently on the market. Here are Uleska’s top five takeaways from the event.

CyberUK is the UK government’s flagship cyber security event. Hosted by the National Cyber Security Centre (NCSC), it features world-class speakers, solutions and opportunities for interaction between the public and private sectors.

The conference showcased evolving cyber threats that face the UK and how we must respond as individuals and organisations to keep cyber security one step ahead of malicious hackers.

Here are our top five security trends.

1) Many companies are in need of faster and more frequent software security checks and assurance.

In today’s software-driven climate, major companies are releasing software updates thousands of times a day. Amazon, for example, was doing a production deployment every 11.6 seconds in 2013.

Current testing to determine the weaknesses within an application can take months, and with software releases being pushed so frequently the traditional processes simply cannot guarantee software security.

This lack of speed and frequency can lead to release and security management practices being ignored. Akin to building skyscrapers from the same materials we used to build huts, if this continues we can expect software to continue to randomly, and catastrophically, fail.

The need for faster and more frequent security testing has also been pointed at the skills gap within cyber.

Gillian Arnott, International Communications and Marketing Manager, and Nick Chaffey, Chief Executive UK and Europe for Northrop Grumann asked the question of how we are going to meet the government target of filling 1.2m new technical roles.

Through engaging, educating and enthusing a new generation of cyber security practitioners, they are confident that they can capture new ability to push for innovative ways to test faster and more frequently.

2) Automation and orchestration of software security is moving from industry advisories, such as Gartner and Forrester, into everyday practice by industry.

Both Gartner and Forrester input’s into the importance of automation and orchestration within security testing has gone from advice to everyday practice.

Last year, for example, Gartner advised that by 2020 15 per cent of organisations with five or more IT security professionals will be using automation and orchestration tools to security test.

This advice has already started to work its way into best practices and many are taking the ASTO approach to security testing.

Speaking at CyberUK Cyber Security Partner at PwC, Colin Slater, backed up their everyday practices coming to fruition. He spoke about automation and orchestration services letting organisations hunt the threats they need to focus on, not just the alerts.

3) Consulting organisations servicing the public sector are being asked to innovate around their services, due to pressures on time, scope, and pricing.

The public sector faces a multitude of pressures, not least the financial challenge of shrinking budgets and increased expectations of service users.

Due to the speed of software development, the increasing scope of vulnerabilities and the expense of traditional security testing, public sector serving security companies are having to change the way they approach security testing and operations.

4) Regulatory concerns, in terms of breach fines, continue to be the largest driving factor in the procurement of cyber security services.  However, with more and more public sector initiatives involving software, the scale of this challenge is growing fast.

If a data breach doesn’t kill your business, the fine might.

Breaches and the associated fines have a massive negative impact on a company’s customer base, particularly if the breach involved sensitive data.

This fine driven fear has prompted numerous organisations to obtain cyber security resources, however, these organisations are starting to see the scale of security that is now needed due to the vast initiatives involving software.

5) The NCSC advisories on Cloud First and the 14 principles of Cloud Security are proving to be strong advisories, allowing public sector departments to involve these advisories in their procurement and evaluation discussions.

Everyone wants to know that their information is safe and secure and businesses have legal obligations to keep client data secure.

Two of the NCSC’s most senior researchers into cloud usage outlined some of the biggest threats that come with using the cloud. Their talked outlined some of the 14 principles in greater detail and presented the latest thoughts on laaS vs. “serverless” technologies.

NCSC’s 14 principles include the likes of a Governance framework, identity and authentication and secure development.

This advisory list details the context for the 14 Cloud Security Principles, including their goals and technical implementation, which means that any level of personnel in an organisation can understand the framework that needs to be in place for safer cloud security.

Uleska has been invited to speak, as well as exhibit, at Infosecurity Europe 2019 at the Olympia, London, between 4th – 6th June.

Uleska is proud to announce that we will be speaking and exhibiting at Infosecurity Europe 2019. The event, held at the Olympia in London, will take place over three days and see some of the most cutting edge cyber security companies exhibit, attend, speak and network.

Uleska CEO and founder Gary Robinson will be speaking at the event, covering both Application Security Automation & Orchestration and Automated Cyber Value At Risk.

This talk comes as enterprises are faced with massive opportunities, and risk, due to the tide of software transformations they are undergoing.  Traditional security testing is running much slower than their software changes, with a lack of clarity in security coverage. The benefits of these talks include an understanding of how Uleska’s automation is reducing the need for personnel and providing much-needed consistency for software assurance.

You will also be able to see how automation and orchestration can be achieved for application security and understand the benefits of experiencing software assurance in a truly integrated and DevOps environment.

Uleska is excited about the opportunity to inspire people about our platform and services during three days of networking and collaboration and hopes that the event will be a success for the cyber security industry as a whole.

Infosecurity Europe has been dubbed the sourcing and knowledge hub for Europe’s information and cyber security community.

With over 400 cutting-edge suppliers, a far-reaching conference programme and a host of networking opportunities, the event will bring the information and cyber security to life. This is an event within the cyber security industry that you cannot afford to miss.

The plethora of interesting and educational talks, coupled with the ability to talk to industry thought leaders offer a variety of security-related problems is reason enough to make sure you are in attendance.

The group covering the event has over 23 years of global experience in informing, inspiring and enabling business connections in the information and cyber security industries.

Whether you are attending or exhibiting, the Uleska team would appreciate your time at stand Q115 to discuss how our cyber security solutions can efficiently and effectively help you protect your software, reduce the reliance on personnel and allow you to better understand your security scope.

If you would like to contact Uleska before Infosecurity Europe then please email info@uleska.com, or contact Uleska through the event portal.