Thought Leaders in Cyber Security: Mike Potts, CEO of Lancope (Part 4)

Mike Potts: Going back to the insider threats, we’re seeing more investments going into the interior of the network to understand the nature of the insider attack. More than 50% of the attacks are beginning to emulate from the inside whether that is the user on the network who is maliciously or unknowingly doing things that he or she shouldn’t be doing, or the adversary actually logging on to your network because they have compromised credentials. That’s happening many times. Take Target for example. It was a result of a contractor who compromised their credentials.

We’re seeing a more important thrust of protecting the inner core of the network because that’s where the valuable data exists. It used be credit cards, but credit cards have short shelf lives and can be replaced. The information now that these criminals have access to and are seeking are the healthcare files, social security numbers, and personal information that have a much longer shelf life and leads to all types of extortion from a ransom point of view. You’re seeing what’s happening now with Ashley Madison and not only the effect on the business but also the individuals that have been compromised. We’re going to see more and more of that. Thus, the focus on protecting core assets on the network.

Sramana Mitra: What are you seeing in terms of applications of AI techniques including machine learning in this part of the ecosystem? I was talking to another cybersecurity company yesterday. We had a lengthy discussion on this topic. What is your read of this trend?

Mike Potts: There is a combination of machine learning and user behavioral characteristics that has taken place particularly from an IoT point of view. As we all know, the market now is in a disruptive space. Every device now coming to the network has some type of unique IP address to it. For example, the concern that that is bringing is, if you take this up to a healthcare concern, we have many healthcare providers that have blood pressure monitors and infusion pumps that have IP addresses. Those devices should only be talking to clusters associated amongst themselves and to the nurse’s station. There’s no reason that device should be talking to another device in another building. Part of what we’re doing is we’re able to identify those high-value assets and categorize the only assets or devices that those machines need to be talking to. More and more, that’s going to come into play with the interaction of these devices and what machine learning brings to the market.

This segment is part 4 in the series : Thought Leaders in Cyber Security: Mike Potts, CEO of Lancope
1 2 3 4 5