In less than two weeks, the 20th annual Cybersecurity Awareness Month will kick off in an effort to raise awareness about the importance of cybersecurity. Now, more than ever, data protection has evolved as interconnected systems and networks become increasingly more complex and as the threat of ransomware evolves.
It was those challenges — and the holistic approaches to cybersecurity that are emerging to address them — that theCUBE, SiliconANGLE Media’s livestreaming studio, was watching for on Sept. 14 during the “Cybersecurity” AWS Startup Showcase event. The event saw theCUBE analysts talk with many companies currently innovating in the cybersecurity landscape, some of which are showcasing cutting-edge products that may shape the future of digital security.
Insights during the event were provided by theCUBE industry analysts John Furrier (pictured, left) and Lisa Martin. They discussed solutions various companies are working on that could help to solve some of the pressing cybersecurity issues facing the world today. (* Disclosure below.)
Here are three key insights you may have missed:
1) Real demands are emerging around data and AI.
In a world where data is the new currency, organizations must be aware of the various cybersecurity threats that come into play in that environment. It’s a concern, even if you’re a major player, such as Amazon.com Inc. with its Amazon Prime Video service.
From a security perspective, the company’s goal is to make sure that streams stay available no matter what, according to Brian Lozada, chief information security officer for Prime Video & Studios at Amazon. That means being aware of threats on the horizon, including that of artificial intelligence, which requires a diligent approach.
“It can’t be something that it’s a broad stroke that’s just going to help you solve a problem,” Lozada said. “You really need to do diligence on the particular problem that you’re solving across the stack, what AI solution or tool you want to throw at that problem [and] how you’re going to apply it in your build and remediation phases.”
For Securiti Inc., a company that specializes in software for managing privacy, it’s important to safely deploy generative AI in a business environment. The company’s data control center is intended to combine security, privacy and governance, according to Rehan Jalil, chief executive officer of Securiti.
“Enterprise data sits in a very pristinely done, different apps, under different entitlements, under different security provisions,” he said. “If you give this data to the models without having all the controls in place, that’s not going to fly. To enable generative AI inside the enterprise, you basically need constructs in the guardrails to know that it’s being used safely. That’s what the company is all about.”
Right now, many enterprises are in the midst of migrating its data to the cloud. But data sprawl is a real thing, and Baffle Inc. offers solutions in a couple of different ways, according to Ameesh Divatia, co-founder and chief executive officer of Baffle.
“We make sure that we work very closely with data discovery vendors who can find data that is sensitive. We have ways of integrating with these vendors so that the data itself is very clearly understood to be sensitive,” Divatia said. “We can protect the data as soon as it’s created.”
Partnerships also come into play, including that of Amazon Web Services Inc. and Cribl Inc., which are working together to redefine cloud security and transform enterprise cybersecurity. The partnership, with its capability expected to include predictive response and remediation in the future, has a huge impact when it comes to Amazon Security Lake, according to Ryan Orsi, worldwide head of cloud foundations partners at AWS.
“Amazon Security Lake, it’s a purpose-built data lake, specifically for cybersecurity style logging and telemetry,” Orsi said. “It can accept sources from within your AWS accounts, other environments outside AWS, on-premises, and it standardizes it into a single sort of logging format on the Open Cybersecurity Schema Framework. We’re seeing partners like Cribl step up and really make that ingestion process, no matter where the logs are coming from, a whole lot easier.”
Here’s the complete video interview with Brian Lozada:
2) Ransomware is a serious threat, but solutions are front and center.
It’s become a constant refrain: When it comes to ransomware, the question is not if a company will be hit, but when. With that in mind, various showcase participants outlined their plans to fight back, including Halcyon Tech Inc., which was founded in 2020 with a mission to defeat ransomware.
For Halcyon, the battle against ransomware means employing a mindset that failure is inevitable. The startup offers a self-described “world’s first cyber resilience platform” designed to defeat ransomware with tools that prevent intrusion, disrupt attacks and then reverse the effects of ransomware if an attack is successful.
“And doing it safely, doing it efficiently and doing it quickly, because in most of these scenarios with customers and prospects we’ve helped is that downtime isn’t, ‘Oh, our employees can’t be productive.’ That downtime is, ‘I’m losing $2 million a day in revenue,’” said Kris Lamb, chief product officer of Halcyon.
Elastio Software Inc., meanwhile, uses reverse engineering to better understand increasingly sophisticated ransomware. There are several areas at play within the company’s core technologies, including its deep inspection, data integrity engine and ability to finally detect ransomware, malware and corruption inside data, according to Najaf Husain, founder and CEO of Elastio.
“That’s not an easy thing to do. When you think of some of the other solutions, where they talk about anomaly detection, that’s a much different value proposition,” he said. “We’re inside that data and looking for very specific ransomware and malware, and we can prescribe exactly what we find. We’ve spent over the last three years reverse engineering over 1,800 ransomware, so we know what they look like.”
In the end, what to keep an eye on is for when data becomes dangerous, according to Ed Casmer, founder and chief technology officer of Cloud Storage Security, a company dedicated to solving the security and compliance challenges surrounding data storage in the cloud. For Casmer, he would start by considering all data dangerous.
“But there are three particular cases to that. One is when the data is unknown, another is when it’s riddled with issues, payloads, you know, malware, and another is when it falls into the wrong hands,” Casmer said.
Here’s the complete video interview with Kris Lamb:
3) Through all of this, compliance is key.
When it comes to trust around data, there’s no question that companies need to ensure compliance and security is safeguarded. Thoropass Inc. looks to offer a platform that enables businesses to set up controls, collaborate with auditors, and execute and sustain programs to generate the required documentation and reports, according to Aman Bhatia (pictured, right), vice president of customer experience at Thoropass.
“In many ways, proving your compliance with important security frameworks is now the currency for doing business,” Bhatia said.
Another company with its eye on these challenges is Secureframe Inc., which aims to use artificial intelligence to simplify InfoSec compliance. The core mission is to do that for businesses of all sizes, according to Ruoting Sun, vice president of product at Secureframe.
“We believe that a lot of the simplification happens through automating the work that needs to be done,” Sun said.
Vanta Inc., meanwhile, also provides compliance audit support, which has emerged as a key area of focus for enterprises. The company believes that tackling the evolving regulatory landscape shouldn’t mean that compliance and security should be bolt-ons.
“We are really excited about trust management, and the way we’re helping startups build trust in an increasingly complex world. It’s our bread and butter … a great example of that over at SlapFive,” said Stevie Case, chief revenue officer of Vanta.
Of course, when it comes to cyber sprawl, exploitable threat gaps can manifest. That’s why JupiterOne Inc. has taken a contextual approach to security and compliance.
When it comes to compliance, companies should see it as a positive consequence of top security practices and policies and not a cybersecurity goal all by itself, according to Sean Catlett, general manager for EMEA at JupiterOne.
Here’s the complete video interview with Aman Bhatia:
To watch more of theCUBE’s coverage of the “Cybersecurity” AWS Startup Showcase event, here’s our complete event video playlist:
(* Disclosure: TheCUBE is a paid media partner for the AWS Startup Showcase “Cybersecurity” event. Neither AWS, the sponsor of theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)
Your vote of support is important to us and it helps us keep the content FREE.
One-click below supports our mission to provide free, deep and relevant content.
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.