2017 saw a staggering number of data breaches and cybersecurity incidents across the board. From the WannaCry ransomware attack against the U.S. National Security Agency (NSA) and the HBO hack for ransom, to the massive Yahoo and Equifax data breaches that exposed hundreds of millions of customer accounts, this past year proved to be especially challenging for organizations and their cybersecurity teams. Threats to today’s enterprises and organizations have become ever more sophisticated, leaving businesses vulnerable to new attacks on the regular. And so businesses have no choice but to carefully monitor their networks and make real-time decisions in order to stay protected.
Fortunately, most of today’s CEOs and board of directors are increasingly aware of the business impact of security incidents, which is why Gartner predicts that worldwide spending on information security products and services will hit $93 billion in 2018. But improving enterprise security isn’t just about investing in the latest technologies. To protect the business and stay ahead of the curve, it’s crucial for companies to do the basics right, specifically monitoring and threat detection.
But traditional threat detection solutions do not possess enough to keep up with the increasing volume and complexity of cybersecurity threats. Therefore, it is important for enterprises to seek out modern solutions to keep up with the sophistication of security threats that plague the business landscape. ProtectWise, a network security startup, seeks to provide today’s enterprises with a modern approach to security — one that involves pulling information together automatically and presenting relevant data through an advanced (and futuristic) visual presentation.
SourceForge recently spoke with Ramon Peypoch, the Chief Product Officer at ProtectWise, to discuss the current state of cybersecurity and what enterprises must absolutely know to stay protected. Peypoch also talked about ProtectWise Grid, the company’s innovative security platform, and how it is transforming how enterprises handle complex threats.
Q: Please share with our readers a brief background on ProtectWise as well as the industries that can benefit most from your solution.
A: Security leader ProtectWise™ was founded in 2013 to provide automated threat detection and response across time for any network. The ProtectWise Grid platform delivers security entirely from the cloud and captures full-fidelity network traffic from enterprise, cloud and industrial environments, to create a lasting network memory.
Ramon Peypoch, the Chief Product Officer at ProtectWise
ProtectWise has hundreds of deployments with customers who have placed sensors all over the globe. Customers include global 2000 companies across virtually every industry — retail, finance, healthcare, government, energy, oil & gas, media, and entertainment.
Q: In recent years, security breaches have grown both in the number and the impact, while security talent and resources have stayed limited and stretched thin. So in your opinion, what is the best way for companies to address this gap?
A: The global cybersecurity talent shortage is projected to reach 1.8 million unfilled roles by 2020. A number of factors drive this — employers want entry-level cybersecurity candidates with highly technical skills to which the average student is not exposed, including incident response and security software development. Advanced certifications are required for roles that aren’t necessarily advanced, which deters workers who can earn an attractive salary and develop innovative technology in other fields without the burden of earning more credentials. In addition, the current state of the presentation layer is comprised of pie charts and lists of log files that are not instantly intuitive and arguably not a compelling recruitment tool. Finally, recent research shows the younger generations of talent are pervasively unaware of cybersecurity as a career choice.
We can begin to bridge the gap by providing organizations with more intuitive technology that helps them recruit, upskill and retain security staff while also making them more effective — better visibility into the constantly changing threat landscape leads to better protection against it.
ProtectWise developed The ProtectWise Grid to tap into humans’ natural ability to reason visually and spatially in order to solve critical problems. Through an advanced visual presentation, security analysts can intuitively and effectively manage and prioritize petabytes of data. Organizations using The ProtectWise Grid have said the visual interface makes job training easier, and has improved the efficiency and effectiveness their threat teams by allowing them to evolve their entire incident response process — for example, level-three team members can actually focus on level-three analysis instead of help-desk level work, which helps with employee retention and talent development.
Q: Keeping intruders and security threats at bay requires, first and foremost, proactive threat hunting. What exactly does the process involve, and what are some best practices that companies must adhere to?
Start with evangelism: Most executive teams are familiar with cyber threat response teams but perhaps less so with proactive threat hunting. Ensure everyone in your organization understands the important function threat hunters perform, and how it benefits the business.
Next, help analysts become threat hunters. Managers should keep their eyes open for junior analysts who exhibit interest or capacity to become threat hunters. Upskilling analysts into threat hunters also helps improve job satisfaction because the work is more challenging than performing the repetitive tasks associated with investigating threat detection system alarms.
Also, look at your technology. Make sure the products in your security architecture are working together so that your threats hunters have well-rounded security context that helps them become more effective at their jobs. Make sure the data and analysis from these products get fed into a unified body of correlated forensic evidence to provide better context, and that it’s retained for periods of time that are longer than breach detection windows. To facilitate this level of data retention, consider the cloud which costs pennies on the dollar and can store full-fidelity PCAP data for as long as needed. This enables the hunt for threats that may have started affecting your network months or years ago.
Q: Credit reporting agency Equifax has been under fire for its massive data breach, which dominated security headlines for weeks. If anything, the incident helps show that no company is immune to data breaches. In your opinion, what lessons can be learned from the Equifax breach? What can enterprises do to avoid being the next Equifax?
A: The Equifax data breach occurred when someone exploited a known security vulnerability in Apache Struts, a common Java framework in use at the company. When vulnerabilities in a software program become known, its creators release an update for their customers to patch it. An Apache Struts patch was released, but Equifax reportedly failed to install it.
The top lesson learned here is clear: Always install patches to keep bad actors from infiltrating your network through known vulnerabilities, especially since we can be sure these types of events will keep happening.
Q: Tell us about the ProtectWise Grid. What are its key features? How does it revolutionize the way enterprises handle complex security threats?
With ProtectWise, analysts can intuitively interact with petabytes of security data, which is a departure from traditional approaches that remove, limit or hide information within pie charts and log files.
Q: What unique advantages does ProtectWise Grid deliver over other similar enterprise security platforms in the market?
A: Traditional security products that perform packet forensics are based on legacy architectures and require expensive capital investment in hardware. These products feature limited data retention (days or a few weeks versus months or more for ProtectWise). The ProtectWise Grid performs automated retrospective analysis which enables us to create a perfect memory of the network, allowing analysts to go back and discover the previously unknown as new threat intelligence emerges over very long periods of time.
Q: The company recruited visual effects artist Jake Sergeant to create the interactive visual dashboard that appears to be straight out of a science fiction film. What inspired you to give cybersecurity a new look?
A: Our inspiration has always centered around changing how humans interact with security and enabling them to intuitively reason with petabytes of data. Humans reason visually and spatially to solve problems and traditional security solutions stifle this innate ability.
By innovating the presentation layer with a cutting-edge, Hollywood-inspired interface, we can revolutionize how organizations address complex threats while also providing a tool that makes it easier to recruit, upskill and retain security talent.
Q: In June, ProtectWise pulled in $67 million in new funding. With this backing and support, what can we expect from ProtectWise in the future? Is the company incubating any new product features or offerings?
A: In 2017, ProtectWise introduced Immersive Security, an industry movement focusing on radically new ways for more effective, efficient and proactive incident response. The ProtectWise Immersive Grid uses virtual reality, augmented reality and other immersive technologies to transform the network into a virtual cityscape for analysts to patrol, hunt and respond like never before.
Built on technologies familiar to the next generation of talent, The Immersive Grid is a powerful asset for overcoming the industry’s job gap and moving beyond the traditional tools that are insufficient in today’s complex threat landscape. We will begin introducing versions of The Immersive Grid next year.
About ProtectWise
Founded in 2013, ProtectWise offers cloud-based network security services that deliver pervasive visibility, automated threat detection, and forensic exploration. With the ProtectWise Grid, the company’s platform that harnesses the cloud, analysts have the ability to access real-time and retrospective alerting and analysis in an advanced visual presentation. ProtectWise is headquartered in Denver and is led by a team of security and SaaS industry veterans from McAfee, Palo Alto Networks and Symantec.