Chief Technology Officer, Vectra
Gartner recently recognized Vectra as the only visionary for its 2018 Magic Quadrant for Intrusion Detection and Prevention Systems. To better understand Intrusion Detection and Prevention Systems and how they fit into a modern organization’s tech stack, we spoke to Oliver Tavakoli, CTO, Vectra.
Tell us about your role at Vectra and the team/technology you handle.
My role at Vectra is to guide strategy, come up with rough concepts based on that strategy and help turn rough concepts into actionable plans. That generally involves talking to security research (to form ideas), to customers (to pressure test the ideas), to data scientists and developers (to judge the feasibility of building tech), and to user experience designers (to ensure the idea can be easily understood by end users).
What is the current state of IDPS technologies?
IDPS technology is at something of a crossroads as legacy/signature IDPS has reached a dead end.
The IPS (without a “D”) use case has been annexed into the Enterprise Network Firewall market as all these firewalls include an IPS engine and already sit inline.
There is nearly universal consensus that the IDS (without a “P”) use case is poorly served by signature technology and that the future is about broader IDS coverage through the use of behavioral models. These behavioral models can clearly benefit from the application of machine learning and AI techniques.
Tell us more about Cognito and the AI-engine driving it?
Cognito has been constructed from the ground up with the single-minded goal of finding advanced cyber-attackers who have already established some foothold inside an organization’s network. To do this, Cognito uses both supervised and unsupervised machine learning approaches to detect cyber-attacker behavior rather than trying to recognize the exact tools that an attacker may employ at a point-in-time.
We collect a large set of metadata from organizations’ networks and augment it with key information from their logs to produce a unique dataset that gives insight into almost all attacker behaviors which utilize the network to accomplish a goal.
Where do you see the IDPS market moving between 2018-2020?
The IDPS market will continue along the trajectory of the past couple of years.
By 2020, we believe 70% of IPS use cases will be served by enterprise firewalls and the majority of the standalone IPS placements will be cloud-based (public or private). This will be the case even as the market for enterprise firewalls transforms based on micro-segmentation and becomes highly virtualized to meet cloud requirements.
The IDS use cases will evolve to rely much more heavily on behavioral models – both those written in code and those trained using machine learning, and will utilize far fewer signatures. Furthermore, the notion of a “network” IDS will blur as cloud and advanced attack use cases will force an IDS to inspect key cloud and authentication logs in addition to network traffic.
What are the major challenges to GDPR compliance? How do you prepare for it and offer technology for customers?
GDPR compliance requires companies to be acutely aware of whatever information they are gathering that is of personally identifiable, to protect this data with diligence and to promptly report any leak of the information. There have been compliance mandates before – PCI is a global regulation, HIPAA is a US healthcare related one – and these mandates give us a bit of a sense of how hard it will be to adopt new policies and procedures to come into compliance with GDPR. But unlike PCI and HIPAA, GDPR affects almost all companies and usually affects a much broader swath of their operations.
We try to help customers with their GDPR compliance by providing visibility into actions involving their assets, that hold PII, and alerting them of anything that looks like attacker behavior in the vicinity of these assets.
Cybersecurity is a field suffering from a staggering talent shortage. How can AI, and Vectra in particular, help solve the cyber skills gap?
The talent shortage is certainly real. Companies – particularly ones without deep pockets – are having trouble attracting and retaining cybersecurity talent. This often makes companies want to rely on managed-security-service-providers (MSSPs), but that just transfers the issue to the MSSPs, who have much the same problem hiring security architects and analysts.
Once we acknowledge the fact that, for the foreseeable future, this talent gap is the reality, AI can play a role in helping cover for some of the gap. Taking Cognito as one example, we not only flag attacker behavior but also correlate the collection of behaviors we see over time, thereby removing time-consuming work and preparing as clear a storyline as possible for the security analyst. The analyst will still have to apply judgment, but the judgment can be applied to a well-crafted narrative rather than disjoint individual signals.
Would Chief Data Officers and Privacy Officers become ubiquitous positions for all companies to fulfill? What would be the role of CTOs in this disruptive ecosystem?
It’s hard to know precisely how companies will handle this new age of sophisticated cyber security attacks and stricter privacy protection mandates. We are certainly seeing a variety of job titles out there and also a variety of reporting relationships.
The title is not as important as the reporting relationship – when data/privacy officers start reporting to CEOs and spending time with boards-of-directors, we will know that the gravity of the situation has sunk in. I expect that CTOs will continue to provide deep technical expertise in service of many aspects of the business – including the cybersecurity and data privacy missions.
What could you tell us about the future of AI in cybersecurity?
These are incredibly important times in the world of cybersecurity. While it may not be evident to outsiders, the technology stack that is being applied to solving cybersecurity problems is undergoing a radical change. This represents an opportunity to solve problems that previously seemed intractable. But as is always the case, there are reactionary forces with an entrenched interest in maintaining the status quo who would like to quell the revolution.
The future is bright – now we just have to get there as quickly as we can.
Thanks for chatting with us, Oliver.
Stay tuned for more insights on marketing technologies. To participate in our Tech Bytes program, email us at firstname.lastname@example.org