ESG's Jon Oltsik talks with with Karim Toubba of Kenna Security about SOAPA and Cybersecurity. This is part 2 of a 2-part series.
Read the related ESG Blog: SOAPA Video with Kenna Security (Part 2)
Jon: Welcome back to our SOAPA video with CEO Karim Toubba from Kenna Security. Welcome back, old friend.
Karim: Thank you, sir.
Jon: So let's start with something that I'm passionate about, that I've written a lot about, and that's cyber security skill shortage. What are you seeing out there and how do you address? If I'm the CISO, I'm gonna ask you, "Well, how are you gonna help me address this?" How do you answer that question?
Karim: Yeah, there has been a lot written, yourself included, and candidly probably one of the most vexing issues that most organizations are dealing with in a substantive way today, the skill shortage and also specifically the type of skills that the people require. And as you know, that's larger by the proliferation of so many technologies and the fact that you then have to certify all these people against those technologies. What we typically say and what we typically see is that the tipping point of organizations being overwhelmed is largely by all the data they have to manage from all those systems.
Karim: And so our general position is, you can no longer put people on the problem of sifting through millions of pieces of data to drive intelligence and drive action that's gonna increase efficacy. You need to put compute and algorithms behind a subset of that that will, A, in turn increase the fidelity and efficacy of the actions you're taking, but B, also solve the shortage problems. So it's really sort of killing two birds with a one stone, if you will.
Jon: Okay. So what I'm hearing and what I know from talking to you before is machine learning, artificial intelligence is at the heart of what you do. Very confusing area for people so give me some more color. What do you do and how do you do it?
Karim: Yeah, yeah, one of the many buzzwords in this space, unfortunately, which is always vexing from a buyer perspective. Very simply, what we do is we have vast amounts of data that we process through a machine learning algorithm, specifically supervised learning engines that then today allow us to very quickly determine risk that's calculated mathematically and remediation. That's the heart of what we do. What's interesting about it is what the future holds. We believe, and you'll hear a lot about that from us in early part of 2018, we believe very deeply that there is an opportunity to leverage machine learning as a way to begin to predict vulnerabilities and how they're gonna be compromised before the compromise even happens. If you step back, it turns out that there're many, many attributes and common things that happen in the world of vulnerability full stack from network host all the way to application, that you can apply machine learning to and really begin to understand what the probability is of an exploit based on what attackers are doing. And I think that's probably one of the most interesting area in the application of machine learning to solving a real world operational problem.
Jon: Yeah. I mean, you're hitting on one of my theories for 2018 and that is, machine learning is a helper app. And so you can...if you get enamored with machine learning on its own, that's probably not good. But if you look at how it can help you get to something like data analysis, it's a good thing.
Karim: Without a doubt.
Jon: So a big part of SOAPA is integration. Talk to me about what you integrate. So I've got all of these existing tools... One of the other things I'm gonna say to you as a buyer is, don't sell me something net new, sell me something that makes what I have already better. How do you answer that?
Karim: Yeah. I mean, what we basically say is, "Look, we integrate with what now is 28 different types of technologies. These are different data sources that already exist to create the layer that gives you that level of fidelity through the lens of risk to drive remediation." And what happens today when we walk in is, most organizations are actually living in the platform of vulnerability scanner, sometimes multiple, living in a platform of a static and dynamic application scanners, the pen testing platforms that they use both third party and internal. We come in, we take all that data, we normalize it, and then we allow them to drive the actions from there. And as a result, it really unifies the organizations across the board to be able to do that. What's interesting about integration is everybody's got an API, as you very well know. And APIs, you know, sometimes can vary from vendor to vendor which always creates certain challenges for scale.
Jon: Yeah. And what you just said is kind of the Zen of SOAPA. It's, let's standardize the API, let's standardize the data formats, but let's take all that data and make it usable instead of looking at it one off. So with that in mind, what do you see is the future for SOAPA, which really is about integration of all the data, making it actionable, and making the actions programmable?
Karim: I'll go back to a point I made, I think, a little bit earlier. I think one of the most interesting elements of SOAPA today versus the future is the distinction between taking the data, doing the integration, and driving a remediation path in the interest of solving a problem that exists today.
Karim: With the objective of driving remediation and increasing efficacy and the efficiency of the organization. I think the promise of SOAPA in the future, as you extend the reach of the data sources that you pull in is, how do you get ahead of the curve, right? Today, what we find is the overwhelming majority of organizations are actually reacting to problems, right?
Karim: They deploy the ever-increasing onion, they layers of security from network to endpoint to application, and they're typically reacting to fires, they're typically reacting to attacks. Now, they're using more advanced techniques to do so, which is very exciting, interesting, and drives efficacy. But the truth is, the idea of SOAPA and a unified bus of communication of different sources of information that come in in an integrated way really allows you to the apply technologies like machine learning in the fullness of time to really move into the area of, "What can I do if I'm gonna spend 10% to 20% of my security operations and IT operations resources to do things before I get attacked? What are the things that I can do that can protect me the most before an event actually occurs?" And I think SOAPA is critical to being able to unify that information to drive that kind of intelligence.
Jon: Well, that sounds good. Here's to a big year for SOAPA in 2018.
Karim: That's right.
Jon: Give me some. Boom. All right. Well, thanks very much, Karim. And stay tuned for more on SOAPA in 2018 and beyond.