Delivering Cybersecurity from the Cloud | Partha Panda from Cysiv

DISCLAIMER: Below is an AI generated transcript. There could be a few typos but it should be at least 90% accurate. Watch video or listen to the podcast for the full experience!

Partha Panda 0:00
It proved some implementation or it proves SOC implementation tends to be very complex and expensive, which keeps it out of bounds for a lot of the companies.

Alexander Ferguson 0:16
I’m excited to be able to chat with you today decisive on your homepage. It says Manage threat detection and response. And tell me as we get into this, what was the problem? You initially saw these said, I need to build a solution. How did that lead to what you guys have today?

Partha Panda 0:34
Alexander, Good morning. And thank you for having me with your with your show today. And yeah, so if I, if I look back to the genesis of sites of the company, we were, we were looking inside the sock and looking at what the customers were dealing with, inside a sock a security operation center, right? Cybersecurity is forefront now. Both boardroom conversation as sea level conversation, because this is a true risk. This is a real risk for most most companies. And as you can tell, especially after COVID-19, just the number of breaches a number of attacks keep keep rising every day. So a lot of companies are investing a lot of money in cybersecurity tools. But the effectiveness of cybersecurity tools, a big component of that is how efficiently are they being monitored and configured properly, right is somebody looking at what these tools are catching, and are these false positives. So basically making sense out of all the investment that these companies are making in buying the firewall devices, the IDS, IPS devices, the cloud security devices, the end user protection, and so on. And if you’re not monitoring them, then they’re half as effective. Right. So that’s where the role of security operations center is really important. And we noticed a few trends over the years number one was a key anchor inside a security operation center is sin, a security incident and event management technology. And these technologies have been around for a long time over 20 years now. And you know, as as it often happens, these technologies over the years have gotten caught a lot of baggage and fantastic, fantastic products, but the market, the customer is expecting a lot more out of this space. And as a result, and you know, when you’re really that big, and you’re near that sizable, it’s hard to innovate and keep pace with what the market is expecting. So since we’re not innovating fast enough, and that’s the reason why a different spaces came about, like, you know, sort or a threat intel platform, or you EBA these are all, you know, spaces in the cybersecurity business that that came about, because Sims were not stacking up. And we saw an opportunity. And from a customer standpoint, the complexity is now they have to buy multiple products, right? It’s very fragmented, and try and bring them all together, glue them all together to make it all work. And it’s expensive. It’s complicated. Finding people who are trained to make all this work is hard. And it the responsibility falls on customers. The other part that plays along is cybersecurity. Today’s a big data problem, right? There’s just so much data being created in an enterprise. And it’s impossible to throw people alone at the problem, you have to leverage the latest in data science and automation and, and help customers John through massive amount of data. We also observed that it through sim implementation or a true SOC implementation tends to be very complex and expensive, which keeps it out of bounds for a lot of the companies. And we saw an opportunity to democratize the concept of Sim and Salk and Pratt aren’t hunting for most companies out there. And there is an opportunity where everybody can get access to it. And last, but not the least, is just lack of cyber skill resources worldwide, definitely in us. But Worldwide, there is a massive gap. There’s not enough people that are trained, who our customers can find and train and retain. And we saw the gap. And our hypothesis when we came into this business when we started creating this product was we need to make this really simple for our customers simple in terms of how they consume it simple in terms of how they pay for it, and simple how in terms of the value this platform provides for them. So that’s what we did. We leverage the magic of cloud and data science and automation to bring to build a completely SaaS based SOC platform is security operation center platform. Think of this as kind of the next generation of the same technologies I was talking about. This platform is in the cloud it can ingest data at scale from our customer environments. And it does native ingestion from Cloud and network and endpoints. And all swans basically get all kinds of data in data science surance through all that data to find those interesting actionable incidents and alerts, and we automate the investigation process. So as a part of the platform, and at the end, we also have our experts who can take this finely filtered down set of alerts that they work with our customers on remediating that for their, for their, for them. And the goal, again, like I said, is a complete end to end platform make it easy to consume, as in there is nothing to install at the customer environment. It’s all SAS, we ingest data in the cloud, and then have the people support that the need to be able to leverage a platform like this.

Alexander Ferguson 5:57
Father can help me understand. What would your target market? What would they be using before they found you? And why would they say okay, now I want to switch? Or why would I want to add what you have?

Partha Panda 6:08
That’s a great question. So a combination, some, some of our customers didn’t use anything like we have customers with billions of dollars in revenue, who did not have a proper 24 by seven sock, and there is many out there who can because of resource limitations, budget limitations, they’re early in their journey, all kinds of reasons, right? There’s some who didn’t have anything now, they have access to something which is cloud and easy to consume. And in some cases, customers, the more sophisticated ones had a combination of on prem solutions. With cloud, a lot of people thrown at the problem, kinda old technology being used used inside the sock and really expensive to monitor and manage and complex and it it leads to our customers resources, cyber resources, not being able to focus on the high level items. So they are so deep in the in the weeds because of the constant flow of data. They struggle to keep up. And we hope to make that all easier both at the sophisticated customers where there is a platform which will do a certain percent of work for them so that they can focus on the on the on the heavy duty items. And then for everybody else who are not able to afford it for the complexity for the cost for deployment challenges, now we have a solution for all of them.

Alexander Ferguson 7:36
Are there cases where there’s other solutions that people are maybe using them where it’s just a SAS, or just a hardware solution that gives them the answers is where your angle coming in where you’re providing a managed service, then is that what is one of the differentiators?

Partha Panda 7:51
It’s a big differentiator for sure. As you can imagine, running your own infrastructure comes with its obviously pros and cons. But it has a lot of challenges, especially in a COVID-19 where the workforce overnight when distributed, right and there is no room where everybody can get in and run a sock. So now CIOs and CISOs, are increasingly asking the question, I had this infrastructure on prem, how can I move it to cloud so that I can be disruption proof? Right, it’s about making sure that there is business continuity and, and situations like pandemic or anything else does not disrupt my business, right? And then these questions are being increasingly asked at the CIO and the CIO level. So on one side, we see customers who have had supposed to get customers who have had strong on prem, integrated different products, solutions, now, they’re looking at something easier, but more importantly, moving it to the cloud. Like everything else. If you look at the last, let’s say, 20 years, we have seen a massive movement of compute and software to the cloud, right? You know, with the cloud platform providers, the computer has gone to the cloud, with the SAS providers, a lot of the software has gone to the cloud. Sox are now following that same path, if you will, the same trajectory. Now, SOC is all moving to the cloud. And our advantage is not that not only do we provide a platform, we also have the Managed Services piece of it as and we have our experts who work closely with our customers and partners. And that’s a huge differentiation because we have a platform, we don’t have to compete with other MSPs other MSPs can use our platform to over offer their services. And we have there if they need any help if not, you know they can they can be off and running on their own.

Alexander Ferguson 9:34
Here a bit more about the company itself when what year did it start?

Partha Panda 9:37
So we actually started this as a project inside a much larger cybersecurity company Trend Micro this was in December of 2016. So it’s been a while. We had a couple of really important luxuries I’ll say number one was we didn’t have to worry about immediately raising any money and finance because We were financed by by Trend Micro, which is the larger company, the parent company. And the second most important leverage that we had is we had access to the largest of customers and partners, who we talked to, as we designed this platform, we co designed it with them, we basically took the effort to ensure that what we are building is really useful in the context, or let’s call it a real world context and not something that we are dreaming it up, right. And so, so that’s how it started. And then once we kept building and in 2018, we got really excited with what we are accomplished in a very short timeframe. My co founder, Justin Foster was the CTO of sigh Civ Fantastic, fantastic person and a very accomplished executive, he was leading the charge in the in terms of having the team and create something we got really excited with what we had built in in summer of 2018, we were able to spin this company out of friend micro and run this as a standalone company. And then we raise finances early this year external investment from from venture capitalists, and we’re off and running.

Alexander Ferguson 11:13
So 2016, being able to get started already having that freedom to invest in research, but 2018 release is hit the ground running. And then an additional investment of the past few years. Tell me that some use cases of of clients that you have now of like, tell me walk me through of how he works with implementation? What What would a typical, then use case in play look like?

Partha Panda 11:37
Absolutely. So without naming the customer, I’m going to use the example of of a healthcare customer, as you can imagine, there front and center right now, because of COVID-19. There’s a lot of pressure on healthcare companies today. Hackers don’t sleep, they don’t worry about COVID-19. They’re they’re relentless, right. And in fact, the number of attacks just have gone up exponentially. And so split in healthcare is a big target, I’m sure you’ve seen the latest news around ransomware, targeting a lot of the healthcare providers. And so this is one customer that we that we’ve been working with. And they were they were dealing with the challenges, right, they were dealing with the challenges of not only keeping up with COVID-19. But on the technology side, they did not have a proper security incident and event management infrastructure, which means there was no place to collect logs centrally, and somebody will look at it right. And we are all about data data is key to our business, the more data we have, the better we can perform, right? And so our first step in any journey is to sit down and look at to a mapping of all the data, what do they have? Do they have cloud setup? What kind of cloud infrastructure do they have? What kind of on prem infrastructure do they have? What do they have on the networks? How about the segment, right? So look at kind of the whole network topology and look at the data sources that we can we can pick from? And then we take these data sources, and then we have a discussion around the use cases. So what does it what is the most important use case for our customers? Obviously, we have frameworks like mitre attack, which is such an interesting framework in a very important framework for, for practitioners to wrap their heads around, how do I come up with a with my defense strategy, right? You look at the microframework and say, am I protected for all these stages of an attack? And how do I prep? So that’s kind of our anchor as well. So we we look at the data, we look at the use cases that is important for the customer. And then obviously, we advise them along the way, in terms of our experience and what we have seen happening with their peers and other players in that same industry or, or whatever is topical at the time. And then come up with a plan on data ingestion. And like I said, we have near zero footprint, like we don’t need to really install this, anything on the customer’s environment. So this customer, we like totally zero, nothing, nothing installed. So it was a question of making sure that we are picking up the right data and the right data sources in a phased manner. And so that was the next step, making sure that all the data is fed in, and then it gets into kind of our platform, our SOC takes over. And that’s where the beauty of the solution is, at that point. Unlike a typical outsourcing model in the past where mssps come in and take make it more like a black box with the taking the data, they do their magic and then they throw over whenever they find something to the other side. Unlike that model, we actually work very closely with our customers. Our sock acts as an extended team of the customer CIO or CSO, the Chief Information Security Officer. So we worked really closely to ensure that we are, you know, leveraging the power of the platform, the expertise that we have in house with expertise like threat hunting, data science, threat research, all these expertise we bring in. And the power of data science and automation to the platform goal is to provide them 24 By seven monitoring somebody, not only taking the data, storing it for compliance, and so on, but actually, data science and people’s a combination of technology and people keeping a watch 24 by seven, right. And that’s key, just making sure that we are always watching it. And when we find an issue, when we find something of interest, we investigate, and we validate whether it’s actual incident or not. And if it’s an actual incident, we’ve worked with our customers to remediate and ensure that the gaps are plumbed. And that doesn’t happen again. And that’s kind of the model of how we go from step one to kind of step seven

Alexander Ferguson 15:49
is one of the biggest wins or for the CIO or CSO is peace of mind isn’t just the thought they don’t have to worry about anymore, or is it is it definitely more of I need someone to assist, would you get more people saying I just want to give it all to you so that you just tell me something happens and I need to worry about it then, or I have a team and I need you to come alongside so we can work together. What happens more,

Partha Panda 16:11
it’s it’s a combination, it’s a combination of both CIOs and CISOs. Do appreciate the platform and the expertise that we bring in. And it’s hard to, it comes from years of having worked in the field, and it’s hard for, like I said, our, it’s hard for our customers to hire and retain and train that talent, right they get. So this is this is really important for them. And at the same time, I know they’re really excited about the notion that we’re completely transparent, the platform, the data, everything is accessible to the customer, just like it is accessible to our own sock. So they can log in at any time and look at any report any dashboard, run any searches with our team, like it’s completely transparent in the love the transparency, right?

Alexander Ferguson 16:54
Visibility, visibility, like, that’s what’s very helpful versus a closed box. And you’ll just let me know when something happens, you can get in there, get your hands dirty, understand it, it’s not unable to be seen

Partha Panda 17:06
it got it. And, and Alexander What What else is important is your customers like that sense of ownership as well, right? Like they like to be involved. Because there is they may not have all the expertise, but there is significant expertise with our customers, they have the context on their environment, like I’ll give you an example of one of our customers, we suddenly saw a lot of traffic in the middle of the night. And we were like over, there’s something going on. So we started investigating, and we immediately reached out to our customer, and and the person responded back within 30 minutes and say don’t bother. This is just our coffee machine going up. It’s an IP based coffee machine, somebody must have switched it on. And it’s just going crazy trying to do whatever it does, right. And that’s I make this I use this as an example. Because we could have spent at least a couple of hours or maybe a little bit longer or just trying to figure out what this was. But this happened in minutes. And we were able to say okay, don’t worry about this. This is this is expected behavior. And this context came from the customer, we would have taken you know, a few hours to, to come to that conclusion. And that’s why I love this, this kind of tag teaming, teaming and working together, we take on all the responsibility, don’t get me wrong, we are responsible 24 by seven, but having that that that contextual help from the customers helps us be faster in terms of our investigation and response.

Alexander Ferguson 18:32
If you had to share a tip or an insight or just a thought of recommendation around this, this field to a CIO or chief security officer, what would you share any insight?

Partha Panda 18:48
Yeah, we have learned a lot along the way. As you can imagine, we came in with a vision of making it easy for our customers were our CISOs and making sure that they have access to platform and people right, that was kind of the vision and we wanted to make it very easy for our customers. Other thing we wanted to do was we wanted to make it very cybersecurity centric. In the past, most sim products started as compliance tools. And they were retrofitted to work in the security context, right. But we are as a tool for for a sock analyst. That’s how we like to describe over to. But for CIOs and CISOs, it’s important for for them to get an understanding of their risk profile. Because without understanding the risk profile, it’s really hard to have a conversation around what level of security you have. And and there are frameworks. I use the example of microframework because that happens to be a favorite of mine, but there are other frameworks and and using a framework as a guidance to look at your risk profile, and then taking and making sure that the CIOs and CISOs understand most of the do that it’s a journey you’re not going to boil the ocean on Day one, it’s a journey, you’re going to start somewhere. But you are going to be completely aware of where you are at in that South sock maturity journey, you start in Stage A, and you eventually go to stage F, or whatever the goal is. And we help our customers through that process, right? We help them figure out where they are. And we have milestones identified along the way. And it’s just that transparency, and that that importance for customers to sit down and say, and acknowledge that, okay, this is where we are. And let’s solve this first. And then we go to the next step, and we go to the next step. So that journey and journey is all around making sure that there is a complete understanding of their environment and the data we have, they and we have access to that we can use to take them along along the journey. And that also is a big assurance for CIOs and Chief Information Security officers. As in, we’re not asking for them to do massive investments and go from A to F all of the same day. It’s about starting somewhere and then making incremental investments to keep going down the path of the sock maturity journey.

Alexander Ferguson 21:11
Yeah, where can people go to learn more and what’s a good first step that they should take?

Partha Panda 21:16
I obviously recommend sites yp.com is a fantastic resource we have tons of content we produce a lot of videos we have a lot of blogs, we have some experts who are who I personally learned from everyday like Justin foster to be able to be with chief data scientist Brander our data scientists like we and bass over soft leader they’re always producing content that we put on our website, LinkedIn all over but you know, there are there are tons of content on the internet, like if you want to start, I highly recommend mitre framework is a good starting point. Just understand the different attack stages, and how do you deal with it. I also for those who are interested, there is tons of courses as well, which are available Sans and others will provide courses around sock management and monitoring. But so you know, that’s about keeping up and then starting to think about what’s in the future, right and keeping your fingers on that pulse. There is there is content all around which is which can be very useful as well.

Alexander Ferguson 22:17
That concludes the audio version of this episode. To see the original and more visit our UpTech Report YouTube channel. If you know a tech company, we should interview you can nominate them at UpTech report.com. Or if you just prefer to listen, make sure you’re subscribed to this series on Apple podcasts, Spotify or your favorite podcasting app.