Thought Leaders in Cyber Security: Mike Baukes and Alan Sharp-Paul, Co-CEOs of UpGuard (Part 5)

Mike Baukes: Another perspective is, “Are they using ethical solutions? What’s the impact that these people are having on the environment?” Those are different types of trends that we’re getting to become conscious of. They could be hot topics in the future. A really good context in security is how people get used to the aesthetics of applications on their phone. When they walk into an enterprise using dated technology and systems, they often find it an abrasive shock. They’re expecting these smooth and fast processes generated by Facebook or Snapchat, but when they enter the workforce, they’re bogged down with these tools from a different generation, frankly. There’s a lot of opportunity in aesthetic design, security, privacy, and optimization. A lot of these people are immediately wired in expecting faster quality service. Business process management is going to undergo a massive change in the next 5 to 10 years. >>>

Thought Leaders in Cyber Security: Mike Baukes and Alan Sharp-Paul, Co-CEOs of UpGuard (Part 4)

Sramana Mitra: Let’s switch to the next piece of questioning. What do you see as emerging trends and open problems that you would recommend a new entrepreneur with expertise in your domain should be looking into?

Mike Baukes: One of the things that is becoming increasingly apparent is a lack of understanding of not only some of the abilities of third parties to create upstream impact into your business, but also more importantly, of the ability to transfer risk to third parties and the ability to acquire a type of insurance of some form. When you think of all those kinds of trends, these are things that aren’t going to stop. >>>

Thought Leaders in Cyber Security: Mike Baukes and Alan Sharp-Paul, Co-CEOs of UpGuard (Part 3)

Sramana Mitra: If I understood you correctly, you are not like the FICO score in that you’re providing the software to score but in an internal mode. The scoring is not a published scoring. It’s a score that the enterprise is using to audit and improve their own security levels.

Mike Baukes: We do both. The great thing about it is unlike a lot of the companies that may do partial external, they charge for it. We believe it should be a free service. It’s commodity data that, if you really know what you’re doing, the public should know. What’s difficult for organizations these days is to understand what they have internally. Taking that external perspective and really giving them an understanding of what their digital resilience looks like inside and then unifying that score is incredibly important. That’s what we do.

Sramana Mitra: In doing what you’re doing, what are you learning as the state of the union at the enterprises? What level of security are they at? What kind of vulnerabilities are you identifying as trends, so to speak? >>>

Thought Leaders in Cyber Security: Mike Baukes and Alan Sharp-Paul, Co-CEOs of UpGuard (Part 2)

Mike Baukes: When most companies think about their transformation effort from an analog process to a digital process, they really want faster speed for delivery of those development activities. The reality is that a lot of organizations have this massive skill shortage that they really need to transform their workforce to be able to take advantage of these newer solutions.

Unfortunately during the transitional period, we see a lot of people adopting these newer types of technologies without really understanding, not only the maintenance effort that’s required, but also what the effort that goes into them really is. Quite often, they are open-sourced or some variation of that. That actually requires foundational changes in the way that a business approaches a problem. >>>

Thought Leaders in Cyber Security: Mike Baukes and Alan Sharp-Paul, Co-CEOs of UpGuard (Part 1)

Just like your credit score, your security score is an important metric to track. Read on to see what’s happening in that realm.

Sramana Mitra: If one of you could give us some background about UpGuard as well as the two of you, that would be great to begin with.

Mike Baukes: We’re a company that basically focuses on making it easy to understand your digital posture and its digital resilience. I’m one of the Co-Founders, and I’m a Co-CEO alongside Alan Sharp-Paul.

Sramana Mitra: Are you both from the security space? What we see in the security companies is that the founders have been in the industry for a long time. >>>

Thought Leaders in Cyber Security: Manoj Leelanivas, CEO of Cyphort (Part 6)

Sramana Mitra: Lift yourself to the 30,000 foot industry perspective level. If you were to start a company in cyber security today, what open problem would you focus on?

Manoj Leelanivas: I would start with data. The issue right now is basically that there is too much data. People are struggling to find information from data. There is too much data out there and you don’t know what to process and what is meaningful for you. If I were to look at it with a blank slate, I would look at something that is in the boundaries of multiple industries.

Sramana Mitra: I’m asking you a question purely from a cyber security point of view. We have a huge Big Data coverage. Tell me specifically what is an open problem in cyber security that is worth following today. >>>

Thought Leaders in Cyber Security: Manoj Leelanivas, CEO of Cyphort (Part 5)

Sramana Mitra: There is a window before your system is able to figure things out when something may have gotten into the enterprise, but then you would know that something has gotten into the enterprise and do something about it. Is that correct?

Manoj Leelanivas: Yes. The beauty of it is that it doesn’t matter what the exploit is. You need to find out what the implication is. If somebody downloaded something by accidentally clicking on the site, it doesn’t necessarily mean that person is infected. If that person downloaded and opened the file, then that person probably is infected, but that doesn’t mean that something has happened in the enterprise. If now it’s propagating to a high-value target, it is not a millisecond thing.

We really are going out for these targeted attacks, which have a long dwell time. It takes almost a year for them to find the target. It took almost three months to actually become the real attack. These are the ones that are slow, sophisticated, and trying to go after your crowned jewels. They’re going after the intellectual property. That’s what we predict. If you’re a large bank, it could be the customer data or the financial data, which can have huge implications on the market. We focus on the ones that have dwell time, target you, and put you on the newspaper. That is what we focus on. >>>

Thought Leaders in Cyber Security: Manoj Leelanivas, CEO of Cyphort (Part 4)

Sramana Mitra: The example you gave about the propagated malware, does that mean that your system scans every ad that comes into the screen of any employee of your client enterprise?

Manoj Leelanivas: Yes, anything that is coming to an employee on any of the vectors. In this case, it’s going to a web page.

Sramana Mitra: It could be mobile as well.

Manoj Leelanivas: It could be a mobile as well. Let me just siphon off things into two different parts. One is say you’re on a Windows or a Mac machine and you’re doing web surfing or email, we can see that right there because it’s coming through the enterprise. If it’s the mobile device on WiFi, we see it through the enterprise too. For a mobile device that is completely encrypted that is not on the enterprise, we cannot see it. >>>