Interview with SYS-CON TV at Cloud Expo: The Current State of Cloud Security

 

 

 

SYS-CON Media has been connecting technology companies and customers through a comprehensive content stream covering a myriad of subject areas including cloud computing and web security through various events for over two decades now. Cloud Expo is among their international recognized brands, and this year the 19th International Cloud Expo was held at Santa Clara, CA between November 1-3, 2016, bringing in 100+ exhibitors offering specific solutions and comprehensive strategies related to cloud computing, big data, Internet of Things (IoT), and DevOps. Cloudbric and Penta Security Systems were proud to be exhibitors at this year’s Cloud Expo. Below is the complete transcript of the interview SYS-CON TV’s Roger Strukhoff conducted with Jaeson Yoo, SVP of Business Development, about the current state of cloud security.

R: This is Roger Strukhoff with SYS-CON TV – Cloud Expo Santa Clara Day 2 in the year 2016. We are sitting right now with Jaeson Yoo from Penta Security, and he spoke yesterday.
So, tell everyone what you talked about yesterday, and then we’ll follow up on that a little bit.

J: Yesterday’s speech was mostly about determining from where web attacks are coming. There is a clear point of entry for web attacks. Everyone knows where it is. If we could get smart about inspecting what’s coming in through that “door” if you will, we could get not only a lot of security benefits but also develop a better way to do business.

R: Do you think maybe the companies are just not aware of how exposed they are? Or maybe they’re reckless and not thinking enough about it? Is the source of the problem with customers?

J: I wouldn’t go as far (as saying that the problem lies with customers), Roger. I think everyone cares about security but the amount of traffic that comes in through the web is so overwhelming and the kinds of attacks coming in are so diverse that it’s really hard to even think about taming that giant. But there are ways to do it – mainly by trying to figure from where the attacks are coming.

R: I have this thought that a lot of people don’t understand — just how many bad guys there are out there – I’m not saying they are naïve but attacks sometimes strike me as something I would never imagine.

J: Well, there are a lot “bad” people out there but the really scary thing is that you don’t have be to technically gifted anymore to be a hacker. You can find a lot of different ways to do low-level attacks. They are easy to execute and in the long run can be just as damaging.

R: What is your company doing about it?

J: We have so much experience and expertise in determining what is an attack and what isn’t and this web attack method has been employed to block the “bad” attacks and add a perimeter before they even have a chance to get into the network itself. By doing so, we can enjoy the openness of the web while simultaneously also enjoy a security level that hasn’t really been experienced by regular website owners quite yet.

R: How do convince your customers that you’re on the right side of the balance of openness versus security?

J: Reporting is really important to give them some idea of what kind of results they are getting so if they have an idea – out of the total traffic they have – how much of that is toxic traffic. Then, whoever is managing that infrastructure can decide to impose a plan on these sorts of customers because they are bringing in a lot of bad traffic to their infrastructure.

R: I’m trying to blame the customer but you’re not. You saying, “Look, there’s bad guys out there. There is malicious traffic.” And the scary thing to me that you just said is that it doesn’t require that much skill anymore to launch attacks. I saw in your graph yesterday – I remember there is a wide range of web attacks. Could you take us through a little bit of the range of attacks that companies face?

Purposes of web attacks graph from 2011 to 2015
From 2011 to 2015, Cloudbric analyzed the major web threats companies faced.

J: We see everything from large DDoS attacks but we also see a lot of stealth-based attacks for small costumers. This caught me off guard because why would an inactive small website owner be attacked? We found out that they are trying to gain administration credentials for that website so they can try it on different accounts. That is just one example of why an inactive personal unsuspecting Ms. Jones for example would be attacked on a regular basis. I think you can assume that if you have a website and it’s open to the web, someone has found it, and they’re attacking it every day. Our proposition is to block as many attacks as possible before they can do any real long-term damage inside.

R: How can people find you online?

J: You can find us at www.cloudric.com. You can sign up for free and enjoy our services right away.

R: Thanks a lot for joining us. Thanks for watching. For SYS-CON TV, this is Roger Strukhoff.