Adam Bennett, Red Piranha: “organizations tend not to understand where the risks lie”
With the pandemic causing a digital transformation, the frequency of businesses experiencing cyberattacks has only increased.
While the concept of working from home was highly praised by employees and became the new normal, the use of personal devices and networks left companies more vulnerable.
Since it’s not virtually possible to monitor each step of every employee working from home, investing in cybersecurity measures, such as Virtual Private Networks (VPNs) or security training services, is necessary.
That’s why we invited Adam Bennett, the Founder and CEO of Red Piranha – a company that specializes in cybersecurity. Our guest shared his views on effective cybersecurity measures and solutions.
How did the idea of Red Piranha come to life? What were your major milestones throughout the years?
Red Piranha was founded out of frustration. The problem with security and risk management is that leaders are continuously asked to do more with less. In the evolving threat landscape, we face more demand for service, and yet there remains insufficient technical talent, budget constraints, as well as a considerable disparity between GRC functions and technical operations. So, to solve this, we pioneered what has recently been termed a Consolidated Security Platform (CSP) solution, with the mission of providing enterprise-grade security and capabilities for everybody. We do it with Crystal Eye XDR and the mesh of integrated security solutions which support services and capabilities available through the security platform. The CSP model provides significant operational efficiency and security compared to portfolio approaches which don’t solve the issues of vendor sprawl that increases cost and raises the number of technical experts required to deliver, in many cases, weaker security outcomes.
Can you introduce us to your Crystal Eye products? What are their key features?
It’s really about the overlapping of solutions within our Consolidated Security Platform, Cyber Security Mesh Architecture (CSMA) that under the hood links 150 different systems that coordinate key functions that involve orchestration, eXtended Detection and Response (XDR), and Integrated Risk Management (IRM). What’s less apparent is the engineering of processes that facilitate what we call human-machine teaming. There is a lot to know and a lot of that know-how has been built into the products, but also into how they guide their use. This is the advantage of a single platform. It helps you make use of all the components without needing to assemble them all yourself. There’s a lot to know about a lot of things, like vulnerability management, threat intelligence, identity and access management, network segmentation, risk management and governance, which we deliver through our eCISO™ program, and yet the list goes on; firewalling, IDPS, secure web gateways, endpoint protection, data loss prevention, incident response, threat intelligence, digital forensics and more. These capabilities are all consolidated within our Security Platform, which is distributed across endpoints, and service edges both on-premises or in the cloud to allow organizations the flexibility to meet existing and future operational needs.
You mention removing boundaries in cybersecurity as one of your key goals. Would you like to share more about your vision?
The biggest problems today in cybersecurity are still budget and personnel constraints. By having this integrated service model, the platform itself allows for capabilities to be deployed across organizations to provide ready access to on-demand services. Academics are saying there are over 200 different roles in cybersecurity and this is only going to increase in the coming years, driving up the problem of budget and personnel for organizations.
We have 50% of midsize organizations worldwide still not implementing monitoring and incident response within their governance program. They might have some best-in-breed point solutions, but security needs to be end-to-end. It needs documentation, strategy documentation, technical implementation, as well as the measuring and monitoring of those controls. So, access to our experts allows for those capabilities to be deployed across organizations to give that immediate security uplift. Red Piranha doesn’t just sell a product and walk away; we are there throughout the journey that is security maturity.
How did the pandemic affect organizations’ approach to cybersecurity?
Realistically, the approach to security hasn’t changed. We still need to be dealing with our security policy management. We need to deal with awareness and education at the organizational level, which needs to be governance-driven. Once you have that strategy then you can begin talking about segmentation and the aspirations of zero-trust architecture. This along with risk-based frameworks allows you to set the right controls to effect real reductions to your attack surface and risk exposure.
The pandemic has only changed the operational stack, our holistic approach to cybersecurity remains the same. It's only which tactics we deploy to meet new objectives that change. The big one obviously is working from home. The growth in the remote workforce requires adopting decentralized approaches and related controls that manage access to information services. This requires good segmentation, monitoring, vulnerability management, and access control. There also needs to be some readjustment to policies as a result of new strategic solutions, which naturally incurs continued education for those using business services in new ways. Particularly, when they involve exposing corporate assets to systems and networks beyond the control of the organization.
Why do you think certain organizations are unaware of the risks they are exposed to?
There’s a big knowledge gap. IT teams are traditionally tasked with making things work. They are not tasked with locking things down and securing things, despite some being very good at that. The problem is the breadth of expertise required. With a worldwide shortage of cyber experience, it’s only large organizations with big budgets that can and are snapping up key staff, leaving the 90% unable to get the requisite personnel. And of course, that leaves big gaps where organizations can’t fully utilize the technology they have, let alone keep pace with the best practices.
What’s more, organizations tend not to understand where the risks lie which in turn becomes the biggest risk. The best thing companies can do is start with the strategy, assessment, and baseline. Key stakeholders and senior management need to be involved in this process and they need professionals. Access to the village, as we call it, offers organizations our breadth of expertise on-demand, and as needed, which gives them the resourcing they need to achieve the security assurance they’re seeking.
With work from home becoming the new reality, what are the best practices companies should incorporate to keep their workload secure?
This again goes to access control, making sure the operational architecture is set up in such a way that enables appropriate monitoring and identity-based restrictions to resources. There needs to be zero trust so that if something does happen, you can undertake the Threat Detection and Response (TDIR) process effectively, which reduces clean-up costs. But it’s better to be dealing with a breach rather than a disaster.
We really need to manage access by controlling it, especially so that work-from-home locations don't become attack vectors that enable attackers to make lateral moves into the corporate network.
Moreover, organizations need to maintain regular auditing to provide meaningful assurance and can adequately deal with even basic incursions. It’s no longer acceptable to believe that something might happen, it’s just that we need to be dealing with this situation as if it will happen.
In your opinion, what kind of cyberattacks are we going to see more of in the next few years? What measures should individuals implement to protect themselves?
Technically, this is always going to be a dynamic space. You know attackers are always looking to change the inputs to get the outputs they are after. There will always be new ways to attack. We need to be able to be dynamic in our structure so that we can defend against the shifting threat landscape resulting from new technology and manage new ways to exploit existing technology.
So, what kind of attacks are we going to see more of in the next few years? For some time now, we have seen a lot of noise around ransomware, but recently, we have seen a shift in Europe with Ukraine, and a return in conversation to Advanced Persistent Threats (ATPs). If we look at where and what to protect, protecting computer endpoints isn’t effective against ATPs as it is against ransomware – you need threat intelligence lead network detection and response to stand a chance against APTs – largely because they live off the land by using standard operating system call functions rather than detectable tools. This means that endpoint protection software is less effective and can even be exploited itself. Again, security goes back to having a holistic program that covers multiple controls on multiple fronts, and if organizations can do that, they tend to maintain a much stronger security posture despite unexpected shifts in the threat landscape.
Share with us, what’s next for Red Piranha?
We are growing as a company, we're now in nearly 50 countries, exporting to different places around the world. Red Piranha plans to grow again this year with a stronger footprint in the US with partner expansion in the Middle East and Asia, having grown from established offices in Australia and early expansion in Europe. We have also been working a lot more with defense both in Australia and overseas, and we are looking to grow those channels much further.
Through our platform, our customers are already able to cover a large portion of their base-level security controls. Furthermore, our integrated services can assist with implementing new controls and overall maturity. It's an exciting time for Red Piranha. There is certainly a growing market for the consolidated security platform approach which we helped to pioneer through our holistic philosophy. And what you must understand is as Gartner recently predicted, 70% of organizations by 2025 will have consolidated the number of vendors they use to secure their service edge to a maximum of three vendors. By 2027, 50% of mid-market buyers will be leveraging things like eXtended Detection and Response (XDR) and by 2024, organizations adopting a Cyber Security Mesh Architecture (CSMA) will reduce the financial impact of security by up to 90%. So yes, as a prime supplier of a Consolidated Security Platform, we are looking forward to the business, and understanding this is a big part of knowing where Red Piranha is headed.
Read the original interview.