Since I last spoke with Massachusetts-based security vendor Cryptzone in 2015 the company has gone through a major change with a new CEO heading it up.
Also a partner at Cryptone’s venture capitalist Medina Capital, Barry Field was formerly lead partner on the company. “So looking at the technology and how it addressed what is happening now in terms of the attack surface, we decided not to invest but to acquire the company two years ago,” he said.
“We also did an acquisition of HiSoftware and I was always involved in the company and we are active investors, and not guys showing up at meetings telling you what you did wrong, we are there with you. So I came on full time last September permanently, so I am still a partner at Medina Capital, but I do this full time.”
Field told me that Medina is involved in seven companies, one of which was Prolexic that was acquired by Akamai in 2013. I asked him why this job appealed to him. “From my perspective in terms of what Cryptzone has to offer, for me it is the best opportunity I had seen in my career. I went to meetings and recruited top tier talent and showed people what it could do with top tier attacks, and where everything is headed, I went to the board and said I wanted to do this.”
In terms of the old adage about the perimeter being dead, Field said that his view is that there is no perimeter and the reason everything has changed is because of the way that everyone works now. “We had a contained area where stuff was and built a perimeter to keep bad guys out and built things like IPS and IDS and firewalls, as if we keep the bad guys out we don’t have to worry about what is going on outside the walls,” he said.
“Then you have cloud, mobile, BYOD, remote workers and network entitlements to do business and I don’t care what size company you are, you give entitlements to contractors, temps, vendors so you let people in the perimeter as the network security has become the number one attack surface for the bad guys."
“Any breach looks the same and when bad guys get a credential and steal username and password via spear phishing, and get inside the perimeter and network, their actions are always same – they move laterally and escalate privileges and steal money or do whatever their motives are.”
Field told me a customer example where they installed the Appgate software, opened up a regular prompt and had access to 4300 resources for a 100 person company. “We could see every fax machine, every phone and their servers and other customers servers,” he said.
Appgate is software based on context and posture, and builds a digital identity of you. Field said that the concept is about shrinking the attack surface, and not letting anyone move around laterally by determining what people can look at.
He was keen to disclose his theory of a “network of one”, which he described as a person logging in and building a digital picture of you, and based on who you are and what context you’re in, determining what you have access to you get a list of whitelisted apps based on that and integrate with anything approved by those apps.
“So if you want to touch an Oracle server, what we built is a one-time encrypted tunnel from the user to that Oracle server and what we are doing is building a one-time dynamic firewall rule based on you and your context and it only exists for that one session,” he said.
“It connects users to the server and you cannot see anything else on the network. So we do that to the attack surface – could see what accesses I have, but this way I can only do a limited amount. We can tie it, time it and keep an eye on it.”
He concluded by disclosing some customer case studies in financial services and retail, and explained that Cryptzone has four main use cases: third party access as with Target; privileged users who have “God rights” inside the company and can go anywhere; understanding what the crown jewels of the company are and restricting access to them; and cloud.
The focusing of what is going on inside the network is a popular technology topic this year as businesses seek to reduce the amount of time that attackers are inside – the Verizon Data Breach Investigations Report has claimed that this is around the 250 day mark. If that is true, then Cryptzone’s new start may be at the right time.