Bringing Identity to the Era of XDR
Today, protecting “the who” is just as important as “the what”. Cybersecurity is getting personal.
For the past 20 years, I’ve dedicated my professional career to the field of cybersecurity. It lives at the center of technology, digitizing society, government, commerce, individual rights, creativity, and the future. For most of this time, I’ve worked with the world’s largest enterprises to help secure “the what.” Let me explain.
The fundamental technology shift that impacted my life was the Internet. I vividly remember a world pre-Internet: everything was human-powered. You called a travel agent to book a flight. You went to the library or a bookstore to locate a book. You learned in a classroom with a live teacher (or you missed school altogether). You read the newspaper to learn about what was happening in the world. You called someone and spoke to them to find out what job they were in and if they were looking for a new career. And you used a map to go from point a to b. The Internet changed everything. What we did stayed the same, but how we accomplished life’s tasks changed massively. The Internet era fueled the cybersecurity market, creating urgent need for securing “the what”.
Let me share my personal journey. My first step in cybersecurity was protecting the “what” – the Internet and how organizations wanted it used. I joined a web filtering firm and grew my career there. As a sales rep, I helped organizations make this new Internet a safe and managed medium for their employees. My teams and I sold this technology to companies and public organizations alike for a decade, yet the Internet was changing rapidly.
The Internet in this period became the ultimate playground for attackers. A new breed of criminals was born into the world. Instead of breaking into your house through the window or gaining access to a bank vault, this new generation of criminals used the web and its connectivity capabilities for access, theft, destruction, and misinformation. Cybercriminals learned how to weaponize webpages, files, email, and more, taking the digital connectivity that created so much good – and used it for evil. The first two decades of the new millennium transformed the very definition of security: it now included the digital dimension. Devastating, headline-grabbing hacks, one after the other, taught me that securing the Internet wasn’t enough. It was time to secure the device.
Securing every device that could connect to the Internet was the next chapter in my career. Securing devices was the new “what” for me. How we access the web fundamentally changed during this time: from clunky, slow, and complicated desktops to lightweight, portable, powerful devices. As a tech enthusiast, I’ve bought, tried, and used nearly every kind of computing device along the way. My journey in securing these things took me to several exciting places.
Advanced Network Security: A Short-Lived Cure
As I became more involved in the emerging threat landscape of the modern Internet, I moved to one of the largest cybersecurity companies in the world. They had made a series of acquisitions, including one that was highly interesting. It was a stealth startup that had taken appliance-based sandboxing technology and fused it with a novel way of static file analysis. This was a way of eliminating antiquated and ineffective antivirus signatures, detecting never-seen-before malicious executables – without any human intervention. Unfortunately, this was an on-premise, on-network only approach. The problem was computing devices were becoming mobile; they were off the protected corporate network as often as they were on it. Realizing that the idea was great but the architecture was already obsolete, I left the large vendor for a startup that was solving this very problem. It was the world’s first signatureless antivirus software, one that could run directly on a laptop or desktop – and work on or off the network.
Next-Generation Antivirus: Unfinished Business
At this iconoclastic company, we were on a mission to prove that not only was legacy antivirus ineffective – it was dead. From the ground up, I built a global go-to-market organization with the sole focus of replacing legacy AV with a new kind of technology which we coined “next-generation AV.” AI replaced signatures making this new “next-gen AV” predictive and incredibly effective. It was fulfilling and fun to succeed in securing the “what” – at least for a time. We secured devices: the technology worked, the team was terrific, and we won – not only against our competitors, but more importantly, against the adversaries. But the threat landscape shifted. A new class of malware called fileless attacks changed the threat landscape once again proving the age old adage that “nothing is 100% effective”. Radically improving protection efficacy was progress, however, these new types of attacks evaded the system. The market increasingly turned its attention to what NGAV was missing. Again, we hadn’t fully succeeded in protecting “the what.”
EDR to XDR: “The What” We Needed
It was time for EDR – endpoint detection and response – something that would fully secure “the what” – the device. I wanted to empower customers to protect against fileless attacks. In SentinelOne, I found an innovative company with the right technical foundation to solve this problem. I joined SentinelOne in 2017 because the technology was capable of prevention, detection, and response across all attack types – both file-based and fileless. It had the differentiation of being automated, shrinking the time between detection and response. It was time for a new kind of security, one that was instant, machine-powered, and autonomous. We took EDR beyond the Windows endpoint to a new world of “whats” – we took our platform to Mac and Linux, servers, the cloud, Kubernetes containers, mobile, IoT devices, and to data. We pioneered XDR – extended detection and response – with a platform that prevents, detects, and responds enterprise-wide. Securing “the what” is critical and a never-ending pursuit, but the era of XDR proves it’s finally possible.
Securing “The Who:” Why Attivo Networks?
More profoundly, over the past few years, “the what” coexists with a new reality: how and where we use technology is vastly different from before. And cybercriminals took note: with devices becoming much more protected, compromising “the who” became a focal point of getting to the device. And with more and more of our lives, access, and privileges accessible by password, I saw this need become a critical part of the XDR era: securing “the who”.
Identity is the new attack surface forming today’s organizational perimeter. We and our devices are constantly on the move. They must be kept malware-free and kept accessible by the right users at the right time. Securing the “who” and “what” have now become of equal importance in today’s digital era.
Today, the enterprise’s crown jewels are users. People use devices to access applications, cloud services, databases, websites, and more. Unsanctioned or compromised access has serious ramifications. Devices, networks, and data assets are just a click away with credential and Active Directory access.
Identity protection is now necessary. The new way we work and access data demands securing users and devices. We’ve witnessed supply chain attacks such as Kasaya and other breaches that involve Active Directory succeed in gaining unauthorized access. Every cybersecurity practitioner remembers the Zerologon vulnerability, leaving most organizations exposed. In addition, directory and identity system misconfigurations are too common, creating even more significant security gaps than code vulnerabilities themselves.
Our acquisition of Attivo Networks unifies identity security, identity infrastructure assessment, and cyber identity deception into our pursuit of securing “the what” and “the who.” Today, a comprehensive security program needs to do both. I couldn’t be more excited to welcome the Attivo team and their customers to the SentinelOne family.
On a personal note, I’m excited to combine securing “the what” and “the who.” I started this post by saying cybersecurity moves fast. From the invention of the Internet to today, we’ve made a lot of individual and societal progress: it’s time for cybersecurity to become personal. It’s time to protect “the who” and “the what” simultaneously. Why? Cybercriminals have brought the fight to identity. It’s now personal. And we’re here to help you and your people win.
Leave a Reply
Want to join the discussion?Feel free to contribute!