Tell us about your role at Vectra and the team/technology you handle.
My role at Vectra is to guide strategy, come up with rough concepts based on that strategy and help turn rough concepts into actionable plans. That generally involves talking to security research (to form ideas), to customers (to pressure test the ideas), to data scientists and developers (to judge feasibility of building tech), and to user experience designers (to ensure the idea can be easily understood by end users).
What is the current state of IDPS technology in 2018?
IDPS technology is at something of a crossroads as legacy/signature IDPS has reached a dead end.
The IPS (without a “D”) use case has been annexed into the Enterprise Network Firewall market as all these firewalls include an IPS engine and already sit inline.
There is nearly universal consensus that the IDS (without a “P”) use case is poorly served by signature technology and that the future is about broader IDS coverage through the use of behavioral models. These behavioral models can clearly benefit from the application of machine learning and AI techniques.
Tell us more about Cognito and the AI-engine driving it?
Cognito has been constructed from the ground up with the single-minded goal of finding advanced cyber-attackers who have already established some foothold inside an organization’s network. To do this, Cognito uses both supervised and unsupervised machine learning approaches to detect cyber-attacker behavior rather than trying to recognize the exact tools that an attacker may employ at a point-in-time.
We collect a large set of metadata from organizations’ networks and augment it with key information from their logs to produce a unique dataset that gives insight into almost all attacker behaviors which utilize the network to accomplish a goal.
Where do you see the IDPS market moving between 2018-2020?
The IDPS market will continue along the trajectory of the past couple of years.
By 2020, we believe 70% of IPS use cases will be served by enterprise firewalls and the majority of the standalone IPS placements will be cloud-based (public or private). This will be the case even as the market for enterprise firewalls transforms based on micro-segmentation and becomes highly virtualized to meet cloud requirements.
The IDS use case will evolve to rely much more heavily on behavioral models – both ones are written in code and ones trained using machine learning and will utilize far fewer signatures.
Furthermore, the notion of a “network” IDS will blur as cloud and advanced attack use cases will force an IDS to inspect key cloud and authentication logs in addition to network traffic.
What are the major challenges to GDPR compliance? How do you prepare for it and offer technology for customers?
GDPR compliance requires companies to be acutely aware of whatever information they are gathering that is of personally identifiable, to protect this data with diligence and to promptly report any leak of the information. There have been compliance mandates before – PCI is a global regulation, HIPAA is a US healthcare related one – and these mandates give us a bit of a sense of how hard it will be to adopt new policies and procedures to come into compliance with GDPR. But unlike PCI and HIPAA, GDPR affects almost all companies and usually affects a much broader swath of their operations.
We try to help customers with their GDPR compliance by providing visibility into actions involving the assets that hold PII and alerting them of anything that looks like attacker behavior in the vicinity of these assets.
Cybersecurity is a field suffering from a staggering talent shortage. How can AI, and Vectra in particular, help solve the cyber skills gap?
The talent shortage is certainly real. Companies – particularly ones without deep pockets – are having trouble attracting and retaining cybersecurity talent. This often makes companies want to rely on managed-security-service-providers (MSSPs), but that just transfers the issue to the MSSPs, who have much the same problem hiring security architects and analysts.
Once we acknowledge the fact that, for the foreseeable future, this talent gap is the reality, AI can play a role in helping cover for some of the gaps. Taking Cognito as one example, we not only flag attacker behavior but also correlate the collection of behaviors we see over time, thereby removing time-consuming work and preparing as clear a storyline as possible for the security analyst. The analyst will still have to apply judgment, but the judgment can be applied to a well-crafted narrative rather than disjoint individual signals.
Would Chief Data Officers and Privacy Officers become ubiquitous positions for all companies to fulfill? What would be the role of CTOs in this disruptive ecosystem?
It’s hard to know precisely how companies will handle this new age of sophisticated cyber security attacks and stricter privacy protection mandates. We are certainly seeing a variety of job titles out there and also a variety of reporting relationships.
The title is not as important as the reporting relationship – when data/privacy officers start reporting to CEOs and spending time with boards-of-directors, we will know that the gravity of the situation has sunk in. I expect that CTOs will continue to provide deep technical expertise in service of many aspects of the business – including the cybersecurity and data privacy missions.
Anything else our readers should know about Vectra, Cognito or the future of AI in cybersecurity?
These are incredibly important times in the world of cybersecurity. While it may not be evident to outsiders, the technology stack that is being applied to solving cybersecurity problems is undergoing radical change. This represents an opportunity to solve problems that previously seemed intractable.
But, as is always the case, there are reactionary forces with an entrenched interest in maintaining the status quo who would like to quell the revolution.
The future is bright – now we just have to get there as quickly as we can.
Thank you, Oliver! That was fun and hope to see you back on AiThority soon.
Oliver Tavakoli is Chief Technology Officer at Vectra. Oliver is a technologist who has alternated between working for large and small companies throughout his 25-year career – he is clearly doing the latter right now. Prior to joining Vectra, Oliver spent more than seven years at Juniper as Chief Technical Officer for the security business. Oliver joined Juniper as a result of its acquisition of Funk Software, where he was CTO and better known as developer #1 for Steel-Belted Radius – you can ask him what product name came in second in the naming contest. Prior to joining Funk Software, Oliver co-founded Trilogy Inc. and prior to that, he did stints at Novell, Fluent Machines, and IBM. Oliver received an MS in mathematics and a BA in Mathematics and Computer Science from the University of Tennessee.
Vectra® is transforming cybersecurity with AI. Its Cognito™ platform automates cyberattack detection and empowers threat hunters from data center and cloud workloads to user and IoT devices. Cognito correlates threats, prioritizes hosts based on risk and provides rich context to empower response with existing security systems, reducing security operations workload by 32X. The company has been issued five U.S. patents with 14 additional patents pending for cybersecurity applications of machine learning and artificial intelligence. Vectra is headquartered in San Jose, Calif. and has European regional headquarters in Zurich.