The goal in cybersecurity is to be proactive rather than reactive.
Media 7: Hi Chandra, thank you for your time. What inspired you to pursue your current career path, and what were some of the key factors that influenced your decision?
Chandra S Pandey: I will talk about my Seceon journey because that is where I live and breathe every day. So, almost eight years ago, I was involved in another startup with an innovative team. We accomplished something that would typically take three to four years in just one year. We had a highly motivated team, but cyber security was a top concern for me, especially during my time at Juniper. It was evident that the industry was struggling, and we frequently witnessed major breaches occurring.
Most of the time, organizations were unaware that they had been breached, whether it was Home Depot, JP Morgan, Target, or Sony. They often learned about these breaches from external sources. The challenge was not insufficient budget allocation for cyber security. In fact, they would sometimes spend hundreds of millions of dollars, yet they still faced issues with timely detection and response to these attacks, as they were often successful.
Therefore, we decided to address this problem comprehensively and effectively. When I started this company, my goal was not merely to create an improved version of an existing product. From the beginning, our objective was to develop a platform that could proactively detect and automatically mitigate threats. Detecting threats alone was not sufficient because if you have to jump through hoops to stop something, chances are you have already lost critical information from your organization. That's why we embarked on this journey.
When we initially launched the company, many people remarked that we were trying to do too much, like seven or eight companies in one. And they were absolutely right. To do things correctly, we needed to consider the context, situational awareness, and complete telemetry. Some telemetry was readily available from our digital footprint, while others had to be created. We understood the enormity of the task, accepted the challenge, and decided to be the ones to get started, even though it was not a path many would choose. That's how we began.
After about a year of focused work, we successfully launched our platform. Our initial success came from the Managed Security Services Provider sector, which provided us with valuable insights to create an effective offering for small and medium businesses, as well as some large enterprises. That's how we got started.
M7: What are the most important lessons you have learned as an entrepreneur, and what specifically are some of the key lessons that you have learned over the course of your journey in cyber security domain?
CSP: That's a great question. As an entrepreneur, you have to expect that not everything will go as planned. Even though this was my third startup journey, I learned that many things may not go your way. Customers may not come automatically, even if you've fulfilled their expectations and delivered what you promised. However, there will also be unexpected opportunities that come your way, which you may not have imagined. It's important to keep your eyes and ears open and pursue those opportunities.
From my perspective, it's critical not to assume that things will go smoothly. You need to be prepared for challenges and bumpy rides. Additionally, always keep an open mind and be ready to pursue opportunities that may not have been part of your initial plan.
If you stay persistent and do things right, success will come your way. It's crucial to find the market fit for what you're offering. While some opportunities may come your way, others may not, especially since startups may face skepticism compared to established companies. However, remember that your innovation and capabilities may surpass those of bigger companies. With time, you can build your reputation and become a successful company.
Remain laser-focused on your goals, keep innovating, and the rest will fall into place. As mentioned earlier, expect setbacks and delays compared to your initial expectations. Longer journeys are more common than instant success. It's important to have the drive, passion, and a great team that shares your enthusiasm and dedication. Customers are crucial, so prioritize their satisfaction over quick profits. Building something for the long term requires a win-win approach that benefits everyone involved.
If someone suggests a win-lose situation, where one party benefits at the expense of the other, it's not a sustainable strategy. I always emphasize with my team the importance of creating win-win scenarios. If a business doesn't align with this principle, it's best to avoid it, as it won't last long and won't be beneficial for anyone involved.
M7: How does an Open Threat Management Platform differ from the traditional threat management solutions, and what advantages does it offer?
CSP: As mentioned earlier, an open threat management platform addresses the challenges faced in the cybersecurity domain. There is a proliferation of different cybersecurity categories, often driven by analysts creating new categories to match specific customer cases. Consequently, organizations end up with numerous security products, sometimes exceeding 200, resulting in fragmented silos of data and a lack of contextual awareness.
Integrating these tools often leads to noise and ineffective security posture due to the overwhelming amount of data and the difficulty in correlating and making meaningful decisions. Despite spending millions of dollars, organizations struggle to achieve effective threat detection and mitigation.
The second platform focuses on consolidating raw telemetry and generated data into a single context and situational awareness. By combining real-time and historical data with threat intelligence, machine learning, and dynamic threat models, meaningful alerts are generated, along with policies to eliminate or contain threats at an early stage.
Attacks require multiple steps and attempts to gather information, providing opportunities for detection and containment. By pooling various data sources, such as logs, telemetry, flow information, identity, applications, services, and processes, organizations can easily detect attacks in their early stages and take automated actions based on predefined playbooks or manual intervention.
This platform approach reduces the complexity associated with managing multiple products, significantly lowering costs and enabling security teams to focus on meaningful data and automated actions. The result is a more efficient and cost-effective cybersecurity solution that addresses the digital footprint with improved threat detection and response capabilities. Customers have reported a significant reduction in daily alerts, dealing with only a handful of actionable incidents.
Read More: ''It's very important that you are actively putting out content on the right outlets,' says Rohin Parkar
Content syndication has its advantages because it spreads the word, creates brand awareness, and so on.
M7: What are the potential risks and challenges associated with implementing Dynamic Threat Modeling and how can they be mitigated?
CSP: When examining the benefits of the dynamic threat model, certain environments may be exceptionally clean, necessitating prompt detection of relevant alerts for incidents that require investigation. However, in less mature cybersecurity environments, some noise may be present, allowing for the existence of multiple automated and manual accounts, logging, and other factors. In such cases, certain failures may be tolerated. This is where the dynamic threat model proves advantageous, as it goes beyond generating alerts in a single environment and demonstrates adaptability. By utilizing behavioral models to identify actions requiring immediate attention, the dynamic threat model proves effective, offering significant advantages.
As for disadvantages, they primarily arise when relevant factors are disregarded. However, the goal in cybersecurity is to be proactive rather than reactive. A comprehensive understanding of cyber security reveals two major domains: cyber hygiene and continuous real-time monitoring. The latter involves detecting and promptly mitigating threats, ensuring compliance and establishing control within the environment. Cyber hygiene encompasses concepts such as zero trust networks, firewalls, and web gateways, which have gained prominence.
Zero-day vulnerabilities and zero trust networks were initially discussed in 2016, with the concept of zero trust gradually gaining recognition. While ongoing discussions continue, cyber hygiene requires a starting point, which includes implementing firewalls, web gateways, email gateways, proxies, and establishing robust identity parameters. Expanding these parameters allows for continuous improvement in the identification process. Additionally, traditional zero trust network access (ZTNA) highlights the importance of trusting and verifying one's identity.
In essence, there are only two domains: cyber hygiene and continuous real-time monitoring. Our focus lies in the latter, where threats are proactively monitored in real time, and automatic measures are employed to prevent potential breaches. This approach ensures compliance with forensic and incident requirements. The goal is not to investigate past incidents successfully, but rather to possess the necessary data and capability to analyze any relevant activities. Ultimately, the aim is to adopt a proactive stance in response to the ever-evolving threat landscape.
M7: How can a company measure the success of their advertising efforts in the information security industry?
CSP: I will elaborate on how a company should measure the return on investment (ROI) of their cybersecurity spending. The ultimate goal of investing in cybersecurity is to improve the company's cybersecurity posture each day. After making the investment and implementing a solution, it is essential for the solution to include artificial intelligence (AI) and machine learning (ML) components. By applying a set of policies and procedures, your environment becomes more secure each day. The platform should also detect and address any exposed vulnerabilities.
The key point to consider is how your security posture improves daily, as reflected in the number and severity of alerts received. Your objective should be to become a more challenging target for attackers, particularly through endpoints that may not be within the same perimeter. Endpoints act as your perimeter, where potential threats enter. Therefore, it is crucial to observe significant improvements in security posture and the quality of alerts, indicating enhanced security and increased difficulty for attackers.
In shared access scenarios, compromises may occur, often due to leaked credentials in the public domain. Attackers are constantly evolving their methods and developing new tools to breach your environment. It is worth noting that attackers do not always need to create new types of malware to be successful in breaching an organization and stealing sensitive data. They can exploit commonly used tools within your organization's existing stack.
If your stack is exposed and an attacker gains access using leaked credentials, they can exploit the session, especially if they are working through the cloud. Without proper detection tools, they can utilize the same tools and access critical datasets that authorized users have access to. They can also employ scanning tools already present in the environment to monitor activities in real-time.
Therefore, it is important to assume that detection efforts should not solely focus on new applications or malware. The tools already used by your organization on a daily basis can be leveraged by attackers to carry out their activities. Data can be stolen during routine upload and download processes. It is crucial for your detection tools to differentiate between meaningful activities and those that are suspicious or malicious, taking appropriate measures to stop them.
Furthermore, it is essential to highlight a prevailing issue within the industry that often goes unaddressed. Relying solely on laws and regulations is insufficient. Awareness of an attack often comes after the file transfer has been completed. Without proactive monitoring and intelligence gathering from flow samples at short intervals, incidents may go unnoticed. This is a significant oversight in the industry. Merely acknowledging an attack as a ransomware incident when the data has already been exfiltrated is pointless, as the damage has already been done.
To address this, it is crucial to have the right set of solutions in place that can detect and take action as incidents unfold or before they occur. Detecting ransomware in progress and taking preventive measures before any damage is inflicted is crucial. Declaring an attack only after the damage has been done is ineffective, as it leaves little time to respond. Customers may become aware of the attack, but by then it is too late for meaningful action.
M7: What types of content are effective in the IT industry and how can they be used to engage the target audience?
CSP: This question is challenging. In the IT industry, people are exceptionally busy with a lot of work. They need to handle increasing amounts of content, applications, services, and processes, which often leads to being overworked. Additionally, there is a constant influx of innovations in the domain, requiring continuous learning. Therefore, it is crucial to engage them and facilitate their learning. We don't expect everyone to know everything, but our aim is to provide them with tools and visuals that enable quick learning and catching up.
Based on our observations, most people find it easier to understand and process visual infographics. Digital media, such as videos, also facilitates quick learning and easy reference. Some individuals may prefer written content, but the majority favor infographics or concise videos rather than lengthy ones.
The initial information should be presented in a concise and visually appealing manner, offering an overview. Subsequently, a more detailed write-up can be provided for those who wish to delve deeper into the topic. The goal is not to create lengthy documents but to make the content intuitive and understandable primarily through visuals. If achieved, it would be ideal.
Read More: Qualcomm’s John Kehrli says, ‘Our vision is to make all devices increasingly intelligent enabling them the ability to perceive their surroundings'
AI should be utilized for the betterment of society while avoiding actions that can lead to harm.
M7: How does your organization ensure that your diversity and inclusion initiatives are aligned with the overall goals and values of the organization?
CSP: That's a great question. I consult the team and discuss it in our All Hands meeting, which is focused on fostering diversity within our team. In the cyber security industry, and any sector for that matter, it is crucial to have a diverse group of individuals with different experiences and perspectives.
When we initially formed our company, we brought together professionals from various backgrounds, including traditional cyber security, networking, machine learning, AI, and big data. By integrating these diverse perspectives, we were able to effectively solve complex problems. If we had solely relied on individuals with a cyber-security background, we wouldn't have achieved what we have today. Therefore, it's imperative to consistently incorporate people from different fields and backgrounds.
Regarding diversity, it is important to consider factors such as gender, ethnicity, and other dimensions. We must actively seek individuals who bring unique perspectives to our team. Understanding different viewpoints is crucial in navigating the evolving landscape of our industry and effectively serving our customers.
Building an inclusive environment is a key priority for our company. We recognize that top-level interactions and understanding the contributions of different individuals greatly benefit us in addressing the ever-changing threat landscape and serving our customers. This fundamental aspect is critical as we grow and thrive as an organization. Failure to embrace diversity may lead to limited longevity, so it must be ingrained in our mindset and practiced daily. We openly discuss and communicate these principles within our organization, rather than merely documenting them in policies. It is vital to ensure that every team member is aware of and aligned with our commitment to diversity.
M7: What are some of the challenges that businesses face when it comes to information security content syndication, and how do you overcome these challenges?
CSP: It can be approached by 20 different organizations, where those 20 companies engage in syndication with similar types. So what ends up happening? The companies that acquire these potential customers are the ones you should focus on.
They reach out, and those customers express their lack of interest. So you should consider this aspect. It's not a 100% certain, as people sometimes seek content for knowledge, while others have already made a decision and want to explore other products to justify their choices and so on. That's what it is. However, content syndication has its advantages because it spreads the word, creates brand awareness, and so on. If you do well, the other aspects will take care of themselves. But if you need to improve, remember one thing: competition makes you better.
It's always better to avoid being in an industry with no competition; sometimes it's better to advise your customers to look into alternatives. Customers appreciate it when you bring something good to their attention. They should understand that when making a decision, they need to consider different options. They might not realize if they're getting a good deal or not. So it's always better to encourage customers to check out the competition and compare side by side. The human brain finds it easier to make decisions when things are seen side by side.
If you're only looking at something in isolation, it's difficult to decide because you don't know if there's something better out there. Therefore, having a comparison is always beneficial. So, many times, it's better to ask a competitor's customer to look into the competition. And if they can compare them, that's great. From the syndication point of view, as I mentioned earlier, it helps in the long run. Sometimes people may see it as a challenge because content is shared among 20 different vendors. And since the customer may have downloaded content from various providers, they might have already made a decision.
M7: What are some of the biggest challenges facing the IT industry today and how are businesses and professionals addressing these challenges at Seceon?
CSP: In the IT and high-tech industry, it's important to consider that things are becoming more complex with the emergence of new innovations. There has been a lot of talk about AI and its integration into our lives. We have not only discussed it but also experienced it firsthand for over eight years.
In the past, when discussing AI, we needed sufficient computing power, memory, and resources to put things into context and gain situational awareness. Now, these capabilities are becoming more prevalent in the industry. Eventually, automation will play a significant role in various tasks. Platforms will be developed to handle automation, and people will come up with solutions for specific contexts and situations. These platforms can process an enormous amount of data, even within our own product. By incorporating context and situational awareness, we can analyze the actions of billions of individuals in fractions of a second. This is the essence of AI in the industry, and it will bring forth significant efficiency improvements.
While machines cannot match human intelligence, humans will always be necessary. However, individuals will need to continually enhance their skills. It's not enough to engage in routine work that doesn't require critical thinking or learning. If a task can be automated and performed by a platform, it's crucial to consider it. Therefore, individuals must elevate their skills to the next level.
I believe this will be an exciting time with many positive developments. However, it's also essential to use AI ethically. We must avoid using it for malicious purposes, as it can cause significant harm. We don't want to contribute to global issues by allowing AI to be used unethically. Therefore, certain restrictions need to be in place to prevent such misuse. AI should be utilized for the betterment of society while avoiding actions that can lead to harm.
If I haven't mentioned it yet, my journey is not about being illustrious or anything like that. However, my advice applies to anyone, not just young people, who are starting something. Before I discuss the one thing I have learned, let me say this: anyone who creates something and experiences growth, even with the smallest of businesses, has engaged in entrepreneurial work on their own.
I deeply appreciate their efforts. Whenever I see them, I feel grateful that they exist because what they do not only benefits themselves but also creates opportunities for others. As you know, a significant portion, 90% to be precise, of the population works in small and medium-sized businesses. Therefore, think about it—the individuals who run those businesses require a substantial amount of knowledge and understanding.
They have to handle not only their work but also accounting, payroll management, ensuring employees receive their salaries on time, and balancing family responsibilities, among other things. Sometimes, they may even need additional funds. So, managing all of that requires immense dedication. That's why I have great appreciation for anyone out there running their own business. I always salute them and acknowledge that unless you have embarked on this journey yourself, you won't fully comprehend it.
Now, let me offer some advice to anyone who wants to start their entrepreneurial journey. Firstly, clearly define what you want to do and always consider the market fit for your endeavor. There must be a demand in the market for what you are trying to achieve. Once you identify the market and have confidence in your abilities, assess if you need a team. If so, assemble a strong team of trusted individuals. You don't need to micromanage each team member; instead, work together collaboratively for your collective success. That's what you need to focus on. So, avoid trying to oversee every aspect individually; instead, foster trust among team members and march forward together.
There will inevitably be ups and downs, but if you have a genuine passion for meeting market needs, nothing can hinder your success. It might be challenging at times and may take longer than expected, but success will come. Also, I would like to share a suggestion based on my own experiences - whenever you engage with someone, always ensure they are your customer. Each party involved should perceive a win in the transaction. Avoid entering into a one-sided arrangement where one party benefits and the other loses, as such relationships are unsustainable. Especially in today's world, where recurring revenue is emphasized, a single transaction won't suffice. You want to avoid being in a situation where the next transaction never happens. It should always be perceived as mutually beneficial because if you fail to create that perception, you might experience short-lived success.
So, my suggestion is to always seek a win-win situation. Don't attempt to make someone feel like a loser, and don't let yourself feel like one either because that mindset will hinder future endeavors.