Thought Leaders in Cyber Security: Greg Enriquez, CEO of TrapX (Part 3)

Sramana Mitra: What kind of market uptick are you seeing in adopting a solution like yours?

Greg Enriquez: What we’re seeing in the market today is that deception technology is gathering the attention of sophisticated security teams. Recently at the Black Hat Conference, there were a number of workshops on deception technologies. What’s happening is, in the world of getting an active defense, security teams no longer want to sit back and wait to be attacked. They don’t want to look through thousands of alerts to determine it’s the bad guys.

They want to take a proactive approach and be a little more offensive about their defense. The benefit of something like a decoy is that we give high fidelity alert. If we’re touched, it’s pretty much a conviction. We know someone who shouldn’t be doing something has touched us. Instead of giving you thousands of alerts to sort through which one is bad, we give you very few alerts with high reliability that it’s something you should be concerned with. Our goal is to give the security teams more tools and information to make them more productive.

Sramana Mitra: When you talk to CISOs, there are so many different kinds of cyber security solutions that people are trying to sell to enterprises. There are so many angles that are out there. It’s one of the highest areas of innovation. What are you learning in terms of the CISO’s priority? What are their top concerns?

Greg Enriquez: I come from an environment where we dealt with hundreds of breaches every year. We often talk to CISOs after they’ve been breached or after they have situations where they’re either having to explain to the rest of the executives or having to understand the capabilities of their own team. What they often want is high-quality information. They don’t want just a bunch of data. They want to know who may attack me. Why have they attacked me? When and where will I see them? Anything you would want to know if you were in an environment where you’re vulnerable to attacks.

They don’t want tools that will give them a lot of data that they have to analyze or hire smart people to work with. They want tools and services that give them answers on how to stop the attack, or to limit the loss. It’s a business decision. A CISO has to make a decision on how much to invest versus what the potential loss or risk to business is. Whether it’s the Sony breach or Home Depot breach, what is the risk that your’e dealing with? What assets do you have to protect? How much are you willing to invest to protect it? They want productive tools, not more work. They want business decisions that help them invest their dollars wisely to make them the most secure.

This segment is part 3 in the series : Thought Leaders in Cyber Security: Greg Enriquez, CEO of TrapX
1 2 3 4 5