Thought Leaders in Cyber Security: Leo Taddeo, Chief Security Officer, Cryptzone (Part 2)

Leo Taddeo: Our approach is that it’s very difficult to protect user credentials, and so the philosophy behind the software-defined perimeter is not only to do a very robust authentication of the user through attributes on the machine and other verifiable attributes, but also to prevent that user from going beyond the resources that they have legitimate access to. That, in effect, prevents critical stages of every attack that we’ve seen in the last 10 years. The attacker needs to move from an unprotected part of the network into a more sensitive part of the network.

The way they do that is by compromising a network endpoint such as a user workstation moving inside the network through reconnaissance lateral movement and escalation of privileges. We bind the user to the resource and abstract the rest of the network from that user’s visibility, which means they can’t do reconnaissance. They can’t do lateral movement.

Of course if they can’t do that, they can’t escalate privileges which we think stops a great deal of the attacks. It’s very cost-effective. It’s very easy to manage compared to other tools. There are some competitors out there. We have Vidder. They’re in the same space but we feel that our solution is easier to manage and more powerful because of the features that we have including our digital authentication, the encryption that we use, and the way we manage the user interface.

We also have some conceptual competitors. Google has developed a similar approach to security in what they call BeyondCorp. Coca Cola has also approached this challenge in the same way. Some other major enterprises are developing their own internal solutions that mimic what we are doing. We provide a turnkey solution. If you’re not the size of Google or Coca Cola and you don’t have the resources to develop software-defined technologies to protect your networks, Cryptzone offers a turnkey solution in the form of AppGate.

You’re absolutely right. There are a lot of vendors out there with varied approaches to cyber security. The distinguishers will be who can provide cybersecurity at a lower cost with ease of management. The tools that are out there that are adding complexity to network defender’s jobs, they are going to have a hard time in the future. Budgets are getting tighter. It’s important to not only be effective, but to be effective and efficient from a dollar point of view and an IT staffing point of view.

Sramana Mitra: Great. You said you talk to a lot of Chief Security Officers in your customer base as well as in general. What are the top three issues that CSOs are struggling with right now?

Leo Taddeo: Great question. The top issue is demonstrating value for their cyber security spending. CISOs and CSOs are required to show that they are spending money wisely. While we are past the phase where companies are simply throwing dollars into security departments, I think we’ve turned a little bit towards deeper analysis into the efficiency of the tools and how much the tools really cost in terms of the number of full-time employees to manage the tools, and the actual security value that the tools are offering. I think the first issue that CSOs in general are facing today is demonstrating security value for the dollars that they are allocated.

This segment is part 2 in the series : Thought Leaders in Cyber Security: Leo Taddeo, Chief Security Officer, Cryptzone
1 2 3 4 5