Techseen: When it comes to cybersecurity, there is no such thing as one size fits all. Do you believe this to be true?
Polak: I think there are several ways to look at this. One is that threats vary: some apply to almost any type of organization, some apply more readily to a certain industry (e.g. threats designed for the EPIC application only apply to hospitals and other providers), and some are designed for specific organizations, though they use generic techniques (e.g. spearfishing). So, you build security solutions that work broadly and can be tuned for specific variations of threats. Another way to look at it is that large organizations have more complex needs and larger teams, and can handle more than small organizations can. So, viewed this way, a product needs to have suitable functionality across the spectrum.
Techseen: Why is there a need to design different solutions for different industry sectors? Do cybersecurity companies believe in this notion?
Polak: This is more true for applications than for cybersecurity. Many of the security threats we see apply horizontally. For example, malware that steals your credentials via some Windows flaw will work just as well for a retailer as for a bank as for a hospital. Where it changes by industry is security at the application level, specifically around user activity within an application. The app used by a hospital to manage patient data is different from the app used by a bank to manage customer data, and you need to have understanding of the activity within the app itself. The key is to then link this app-specific activity (i.e. steal data) with downstream horizontal activity (i.e. get that stolen data out of the company).
Techseen: A recent study by a software research center claimed that while designing and developing the cybersecurity solution, companies often forget to consider the threats. Do you feel this to be true? And how can solution providers consider threats beforehand?
Polak: We think about this problem a bit differently, in that companies often forget to consider the customer. By that, I mean that companies build products in the lab, think it sounds great, and then it fails when it hits the real world. When we built Exabeam, we did it onsite with our early customers, so that we could verify assumptions in the very early stages. As a result, you get a much better picture of what works and how it will succeed or not succeed long before it hits the market.
Techseen: Where does uniformity in design come into play? Can uniform cybersecurity solutions be customized in any manner?
Polak: Design includes both experience and visual, and also data structure. The former two are tied to the problem the user is trying to solve. Firms build workflows and visual designs that are supposed to best support their specific problem. That’s different from data design, where data may need to be exchanged across multiple products, to be used for different scenarios. So, you need to solve for both use case and for data structure.
Techseen: Can large companies/enterprises create their own customized solutions if they wanted to? What lacks in these kinds of in-house solutions?
Polak: “I can just build it myself” has been a common response for a long time, for all sorts of infrastructures. Big firms hire smart folks, and these smart folks might take a look at a vendor’s product and decide they can build a bespoke version of it on their own. And while it’s true that these people might be able to get a good prototype into production, it falls apart a bit later, when that team has moved to a new project, and no one is there to update or maintain the code. If you look at the total cost of ownership, over multiple years, it is very difficult for a large firm to make bespoke security software work.
Techseen: Does a brand-name attached to a cybersecurity company really help in the long run?
Polak: Branding always helps, but security is interesting because it seems to split endlessly into new niches, each generating a new category of solutions. So, the goal is to solve a real problem, and to do it for enough companies that you are now a leader in a new, growing, and large category. A few years ago, McAfee or Symantec were the default security providers. Today, Palo Alto Networks is its own brand name. So, leadership evolves over time.
Techseen: You say that the deployment time and cost are important factors for a cybersecurity solution. Why?
Polak: Security moves quickly; new threats appear every day. So, if you have to spend six months getting your security solution running, you are in trouble. It will be seen as a science experiment, not a win. In terms of cost, while security budgets are healthy, they are obviously finite, so you need to be able to show value and to fit into a CISO’s budget.
Techseen: In the wake of WannaCrypto or EternalRocks, cybersecurity as a term has been really thrown up in the media and market. What, according to you, is the future of this industry? What is lacking and what steps can be taken to make solutions full-proof?
Polak: The biggest change in recent years has been the effectiveness of machine learning. Only a few years ago, you needed people to update rules, to guess at which types of attacks would come, and to create new rules or signatures. That approach has been broken, as it won’t keep up. The future will include smart humans using machine-driven analytics to keep up with changing attacks. If our time at Exabeam has proven anything, it’s that effective machine learning can transform the process of detecting and responding to threats.