Cyber-attackers are constantly innovating and iterating the techniques they use to target and exploit consumers and organizations alike. As a cybersecurity technology company, Cavelo is continually innovating to provide the best security defenses possible.
A Technology Advisory Board (TAB) is an important part of the innovation process. Participation and insights from cybersecurity leaders, practitioners and technology specialists, alongside industry leaders and regulatory authorities help calibrate a company’s offering across ever-evolving use cases and emerging security requirements.
This month Cavelo announced the formation of its TAB, with cybersecurity pioneer Eldon Sprickerhoff as its founding member. As the founder of eSentire, Eldon is recognized as a pioneer of Managed Detection and Response (MDR), a proactive approach to preventing and investigating security breaches. With more than thirty years of tactical information security experience and deep knowledge of regulatory requirements spanning multiple industries, Eldon brings a perspective that addresses one of cybersecurity’s most challenging arenas: attack surface management.
Managing Attack Surface Visibility
I sat down with Eldon to learn more about how attack surface management is changing, and how it addresses cybersecurity’s visibility problem.
James Mignacca (JM): You’ve lived at the forefront of cybersecurity innovation and on the frontlines of cyber-attacks. What’s the crux of modern cyber-defense?
Eldon Sprickerhoff (ES): The best solutions in InfoSec solve a visibility problem. When security teams lack a line of sight to raw data across a business’s critical systems, they can’t protect them from stealth or pervasive threats. In many modern organizations raw data is siloed across the legacy information security solutions that claim to protect it.
The perfect platform pulls together raw data and converts it to information across on-prem and cloud systems. The insight it delivers helps practitioners make appropriate decisions throughout the entire OODA loop process. Cybersecurity rigor is somewhat elusive; however, insight helps practitioners couch it in a way that’s outcome driven, with the outcome being visibility to mistakes or gaps and an ability to address them in a consistent, repetitive and methodical manner.
JM: Is the industry adjusting to close the visibility gap, or are new technologies complicating the tech stack?
ES: The industry is moving to close the visibility gap, but the reality is that many tech stacks rely on legacy technology that can't ‘talk’ to each other. Improved visibility is great, but there’s a need to divine insight from the interpretation of newly-visible data. The other challenge is that in many cases legacy technology is so siloed and embedded within an organization’s infrastructure that it complicates both ‘rip-and-replace' and integrated approaches to modernization. One example is file system security, which today is very much a standalone product. The same is true for vulnerability scanning.
In large enterprises, managing disparate solutions across the tech stack is difficult but manageable, because large enterprises have the teams and resources to run it all together. On the other hand, mid-sized enterprise and SMBs must try to manage all these pieces on their own, with little resources at their disposal.
The good news is that emerging technology has started to unite information across the legacy tools enterprises continue to rely on, while making enterprise-grade tooling more accessible to smaller organizations.
JM: Is visibility a broad issue, or is it relative to different sectors?
ES: At the end of the day attack surface management is a universal issue. But different sectors face their own unique challenges and barriers. The financial services industry is a bellwether — not only do financial service firms remain a lucrative target for attackers, but they continue to struggle with regulatory requirements and prioritizing security efforts to achieve both defense and compliance requirements.
Many sectors deprioritize security technology investment in a way — if it doesn’t make money, it is only viewed as a cost center. However, security is preventative and security champions inside organizations including financial services want to get ahead of it. Since 2012, the SEC has emphasized the importance of Registered Investment Advisors (RIAs) having inventory across both systems and data, but the fact that they're still talking about it today means that it hasn’t quite been fully accepted or resolved.
With Cavelo, regulated and high-risk industries not only get ahead of cybersecurity issues, but they also drive better security outcomes, all through a bundled and very attractive package.
JM: Attack surface management is arguably one of the greatest challenges in security today, thanks to cloud adoption and endpoint proliferation. Where do you see the market going?
ES: Data lives everywhere, which is exacerbating the difficulties in securing the full attack surface. Within the security technology market there is a unique opportunity to unseat some of the largest legacy providers in existence. It’s harder for larger, established providers to pivot capabilities to match emerging use cases, or figure out adjacents in new technology sub-categories.
Emerging providers like Cavelo are nimble and able to offer broader functionality. Specifically, Cavelo’s capabilities bring together previously siloed initiatives like vulnerability scanning, threat mitigation, regulatory compliance, and digital identity and asset management to support attack surface management at a competitive price.
The Cavelo platform is a very interesting product offering that I’m sure will upset some of the long-standing players in the field. We’re digging deeper into what is important, which is the sensitivity and location of data.
There are use cases across data governance, incident response and identity and access management (IAM) to name a few — by ensuring critical use cases are covered, customers can then use the Cavelo platform to fold in other important adjacent offerings including threat intelligence and modeling behavior tooling.
When you have a solid grasp on the organization’s data inventory and threat landscape these things become possible.