With every passing day, it seems that enterprises become increasingly liable to fall prey to cybersecurity landmines, the number of which is steadily increasing.
Given this scenario, it makes sense that companies are now looking for preemptive ways to track the exposure of their digital assets in today’s distributed ecosystem, and SecurityScorecard Inc. provides such a platform.
“When people want to know about their credit risk, they consult one of the major credit scoring companies,” said Sam Kassoumeh (pictured, right), co-founder and chief operating officer of SecurityScorecard. “And when companies want to know about their cybersecurity risk, they turn to SecurityScorecard to get that holistic view of the security posture. And the way it works is SSC is continuously 24/7, collecting signals from across the entire internet, the entire IPV floor space, and they’re doing it to identify vulnerable and misconfigured digital assets.”
Kassoumeh and Bharath Chari (pictured, left), team lead of solutions marketing at Confluent Inc., spoke with theCUBE industry analyst Lisa Martin at the “Cybersecurity — Detect and Protect Against Threats” event, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed an objective scorecard system and its utility in combating security threats for the enterprise. (* Disclosure below.)
Threats abound, even when they aren’t immediately noticed
Even more dangerous to enterprises than the threats they’re used to realizing and combating are those that fly under the radar. Thus, using its rigorous, data-driven techniques, SecurityScorecard made stunning discoveries among the over 1.5 million organizations it evaluated, finding that around 50% of them had vulnerabilities exposed on the internet and 20% had more than 1000 vulnerabilities each, according to Kassoumeh.
“We’re in the business of really building solutions for customers,” he explained. “We mine the data from dozens of digital sources and help discover the risks and the flaws that are inherent to their business. And that becomes increasingly important as companies grow and find new sources of risk and new threat vectors that emerge on the internet for themselves, their vendor, and their business partner ecosystem.”
Data is the lifeblood of many of today’s real-time systems, and it drives SecurityScorecard’s technology as well, allowing for the platform to perform accurately and at scale.
“In order for us to accomplish this, the SecurityScorecard engineering teams used a novel combination of Confluent Cloud and the Confluent platform to build really robust data for streaming pipelines,” Kassoumeh explained. “The data streaming pipelines enabled by Confluent allow us at SecurityScorecard to collect the data from a lot of various sources for risk analysis. Then they get further analyzed and provided to customers as an easy-to-understand summary of analytics.”
Confluent’s role in the larger picture
Confluent purveys a platform wherein users access, manage and store data in the form of continuous, real-time streams. Other than security, use cases for the platform span corporate decision-making, service provision, optimization and network management.
“A really simple way to think about it is as a data streaming platform that is pioneering a fundamentally new category of data infrastructure that is at the core of what SecurityScorecard does,” Chari explained. “The key is really to collect data accurately at scale and in real time. And that’s where our cloud-native offering really empowers organizations like SSC to build great customer experiences for their customers.”
Alongside a sophisticated real-time data streaming pipeline, Confluent also helps organizations build real-time backend operations that operate at equally high levels, according to Chari. However, it still needs to be addressed how these pipelines connect with and facilitate enterprise cybersecurity operations at scale.
“As the need to protect the data grows, companies and organizations really need to effectively detect, respond and protect their environments,” Chari said. “The best way to do this is through three ways: scale, speed and cost. With Confluent, you can really gain real-time data ingestion and enable those analytics talked about previously while optimizing for cost and scale.”
At its core, the Confluent platform runs on open-source underpinnings with a rearchitected version of Apache Kafka helming things — for a completely new cloud-native experience, according to Chari. The platform removes the need for users to manage certain operational tasks when it comes to Apache Kafka. It also includes proprietary features, including role-based access control that allows users to securely connect to any data no matter where it resides — at scale, with speed and in real time.
The SSC/Confluent partnership shares a common vision, according to Kassoumeh.
“They understood some of the pain points that we were experiencing on a very visceral and intimate level,” he said. “And for us, that was really exciting … to have partners that are there saying, ‘We understand your problem. This is exactly the problem that we’re solving. We’re here to help.’”
Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the “Cybersecurity — Detect and Protect Against Threats” event:
(* Disclosure: SecurityScorecard Inc. sponsored this segment of theCUBE. Neither SecurityScorecard nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)