Cybersecurity has always been a concern for IT departments worldwide, but is becoming increasingly prominent to everyday consumers as well as boards and executives teams. The threat of cybercriminal activity shows no signs of abating, and every day the news brings to us information on yet another breach, yet another scam, yet another way that criminals have electronically stolen data, vandalised information systems, held a company or individual to ransom, and more.
Rapid7 chief product officer Craig Adams has been in cybersecurity a long time, and previously worked directly in threat intelligence himself. Adams was responsible for founding Akamai Australia, before moving on to Rapid7 where, he says, the platform is unique in giving customers full command over their attack surfaces.
Adams was in Australia visiting customers and took time from his busy schedule to speak with iTWire. "Our customers are bombarded with threats," he said. "Every organisation is concerned they don't have full visibility over their envornment and struggle with prioritisation at scale and the concern of missing threats."
|
|
It's a serious problem. While we used to speak about "protecting the perimeter", what is the perimeter in a hybrid multi-cloud era? Adams explains so many businesses in the world today cannot identify their full environment. Gartner says only 17% of organisations can identify 95% of their environment, while "the things you don't know are probably the weakest part of your environment," Adams said.
"You can't protect what you can't measure," he said. Which is why Rapid7 has sought to hone in on this problem. In every organisation, everywhere in the world, technology teams are bombarded with security alerts. "There are tens of thousands of new exposures," Adams said, "and you want to be notified of anomalous behaviour but end up drowning in alerts."
"How do you provide detection and response in that environment," he asked.
Here's where Rapid7 comes in. "The unique aspect of Rapid7 is its visibility, detection, and response at scale measuring exposure, and in a cost effective manner," Adams said.
Let's drill into that. "In security there's always something new to worry about," Adams joked. "One tool tells you something but not everything. You have to take a step back if you want full control and visibility."
"No one tool does everything, no one tool tells you the definitive source of risks."
But - Adams said - "if you can combine and aggregate all the tools then you have detection and response that will scale."
And combining and aggregating is what Rapid7 does. "We're unique in this. Rapid7 will monitor Microsoft, CrowdStrike, Sentinel One ... everything," he said.
"All the customers I meet with, whether Government or private or public, are looking at tool consolidation," Adams said. "In the security industry we've hit peak tooling - in some organisations they have 35, 55, even 65 or more security tools."
"The notion of having separate bespoke tools has forced customers to be system integrators and for IT and security teams to have knowledge over such an incredible stack."
While here in Australia, Adams helped lead organisations look at how they can cost-effectively consolidate their security providers without removing efficiency. It's where Rapid7 specialises, gaining control over your entire attack surface, and monitor for exposures at scale. "We're unique in our ability to do that," Adams said.
Like everyone, Rapid7 is embracing AI. In fact, when iTWire asked Adams if AI has a place in security tools, he replied, "the biggest risk of AI is not using AI."
Attackers are already using AI to be more efficient and effective, he explained. So trying to protect your organisation with all the same old traditional methods and processes can well be your organisation's largest security risk.
"We've been really aggressive in using AI to help identify true threats in an environment. Most security teams spend most of their time on benign alerts instead of malicious things. One of the greatest use cases of AI is to remove the hay and find the needle. It can give you the greatest impact."
While ChatGPT has caught the world's imagination, "it's a big mistake to associate AI with chatbots," Adams said. "I'm not sure Clippy is the answer to our cybersecurity problem," he joked.
Instead, "organisations need AI-powered solutions where AI is built into the tool, versus simply 'click here to use AI'."
"We've focused on using AI to help teams focus on things that take human effort, by removing the things that don't," Adams said. Here, Rapid7 provides AI-powered application security as part of its base product. It eliminates a sizeable number of security alerts that otherwise customers would need to deal with by themselves.
Here's where Adams sees the biggest customer value of AI - "when AI guides you where to focus, and removes things to help you get that time to focus."
In fact, Adams said, there's a real multiplier effect too. "The biggest threat to organisations when it comes to AI is not using it. With AI we can perform auto-remediation and provide an initial investigation and position to the things that require human investigation."
"All cyber teams jump for joy when we say we're removing all the things that are benign, and let them focus on the real stuff," he said.
It's not only customers; Rapid7 eats its own dogfood as the term goes - it uses the product itself. Uniquely, Rapid7's own security operations team sits unde Adams' product organisation. "It's unheard of; security and product are usually separate," he said. "Security vendors are notorious for creating a hammer and saying its magic but the hammer creates problems. By putting security and product together it makes us listen. We design products for our own use case and it's made Rapid7 a leader in the extended managed detection and response space."
As an example, "people tell us having a vendor manage a single space of telemetry is helpful, but what's more helpful is having all the data across all the things together in one place. That feedback came from inside Rapid7. Our customers benefited from having a security product set that was built for and by users of the product itself. No other cybersecurity company is structured this way."
Meanwhile, Rapid7's security operations centre can see where incidents are happening "in the wild for our 11,000 customers" and continuously trains its AI models on these threats to model at scale "not simply lab data."
"We're pretty aggressive about constant training and retraining," Adams said.
Whether you are a Rapid7 customer or not, Adams has advice for you to safeguard and maintain the integrity of your systems.
First, start with a clear, unbiased view of your security posture. "Look at all the tools, and look at the attack surface," he said.
Secondly, assess the exposure that you have across your environment, whether cloud, on-prem, identity services, etc.
Third, then begin listening and looking at your detection and response tools. You need the first steps, though; if you only look at your tools you are unaware of where you aren't protected. Some tools might cover different aspects of your security posture, and so you have multiple dashboards to monitor.
Of course, Rapid7 can combine all this data to give a comprehensive view of your posture, by aggregating from all your security tools in one place, and prioritise where you are exposed.
And for the beleagured security and IT managers, Adams said, "we have this built in, so you can focus on innovation."
