Security pros need more and better visibility into their cloud networks
In this Help Net Security podcast, Kevin Sheu, VP Product Marketing and Marcus Hartwig, Senior Product Marketing Manager at Vectra AI, discuss the Vectra superhero survey from Black Hat USA 2019, which provides insight into the current cloud adoption and top-of-mind concerns of attendees.
The people surveyed were a mix of CISOs, security researchers, security architects, security operations center personnel, and network operations center staff.
Here’s a transcript of the podcast for your convenience.
Good morning everybody and welcome to this discussion with a couple of folks from Vectra AI. We’re now a couple of weeks out from Black Hat and there are some interesting results that came from it. I felt like this year was different from all the previous years and it’s reflected in a survey that we conducted at the Vectra booth this year. My name is Kevin Sheu. I am on the product marketing team. We thought we’d have a discussion around what those results look like and what some of the implications are. And with me is Marcus Hartwig as well. Welcome Marcus.
Marcus: Hey, how’s it going Kevin, nice to be here.
Kevin: I’m really looking forward to this discussion about some of the insights that you found. Maybe first things first. How about a little bit of background on what were some of the questions that were asked, who filled it out, just so that everybody has some context.
Marcus: These were the people visiting our booth and we had pretty much similar questions as last year to try and get a baseline, and get a feel for how people feel about what they’re missing in terms of visibility into their network, what their challenges are as they move to the cloud. We also included a couple of questions on superheroes which we thought was fitting with our imaging and the brand that we have here at Vectra.
Kevin: Why don’t we start from that and let’s have some fun first. Tell me a little bit about those superhero results. If we just start with which Avenger would you most like to be.
Marcus: This is a question we had last year, and it was pretty interesting. Last year, the majority wanted to be Captain America. No, they didn’t, they wanted to be Iron Man. And this year they all wanted to be Captain America, which was interesting. I’m not sure if that actually reflects upon what Marvel movies are being showcased throughout the year, and I did some background digging on that. It turns out the movies that have been released are not heavily focused on either Captain America or Iron Man for the last year or so.
Kevin: It’s probably a sign, maybe it’s just a natural evolution of taste.
Marcus: So, Iron Man was tied for second place with Deadpool this year. But Captain America was overwhelming the most popular Avenger.
Kevin: And you also had a question about what super-hot powers would be the most useful in your job role. What did that look like?
Marcus: This one was interesting if you’re a Marvel fan. Vast majority wanted supernatural intelligence, which is of course not something that you commonly associated with Captain America, but either way that’s what people are looking for.
Kevin: On a more serious note, as we think about supernatural intelligence and artificial intelligence, that was also a hot topic. Generally speaking, I think anywhere that you look you see AI splashed across banners everywhere. And unfortunately, I think we’ve kind of reached a point where AI is now a confusing term. Most kind of laugh at it as just a marketing term.
What’s your thought there and what were some of the perspectives as people were coming through the booth?
Marcus: It is interesting, right? We’re seeing a lot of tractions on AI as a concept. There is a discussion there. Are we talking about AI specifically here or is this just ML dressed in an AI robe, so to speak? But yes, definitely a hot topic for people.
Kevin: I think a lot of times whether it’s useful or not, is a matter of what you’re asking out of your ML/AI. I find that some of the most useful cases are the ones where you just need some help gathering a lot of things together. So, automation can really help. I know that in security, in a lot of cases, automation has a really strong place whether it’s a matter of orchestration or whether it’s just a matter of being able to automate a lot of the tier-1 triage that you often have to do manually. I’m not sure if you see something very similar.
Marcus: Absolutely. And I think this ties into just how hard it is for companies to get good professionals in any role and company. Hiring is very hard and there’s a shortage of educated people that can take these roles. Anything that you can do to try and automate and leverage the menial tasks and surface the more interesting stuff to your more common employee is of course valuable.
Kevin: In fact we had a customer come by and made a really good point, ML’s most powerful use case is often where there’s just a lot of data that you have to make your way through. One of the better examples that we see, of course, for us is how do you necessarily take all this massive amount of data and make sense of it as in fact behaviors, and then determining whether it’s good or bad behaviors.
Marcus: It’s not a good use of time for people to sift through that, so if we can get that to be automated in some way that’s of course important. But on the flipside, we want to make sure that the stuff that is being surfaced is actually valuable stuff that needs to be looked at and not just noise and regular anomalies. There have to be something tangible there for someone to dig into.
Kevin: I think the other topic that came up quite a bit either at the booth but also reflected in the survey as well is cloud, and cloud means a lot of things to a lot of different people. What did you find in your survey?
Marcus: We’re seeing a wide adoption of cloud, of course, not surprisingly. We’re seeing that a majority have almost completely moved more than 50 percent of the workload to the cloud at this point. So, we’re seeing a wide adoption of people moved to the cloud.
Kevin: What are some of the challenges that folks called out as they’re moving to the cloud?
Marcus: It’s the visibility. They feel like when they move their stuff to the cloud, they lose a lot of visibility that they had for the stuff on-prem. They have the tooling and they know how to look at stuff in their own network. But once they start moving out things to the cloud they lose that visibility.
Kevin: It’s interesting because, very often as you think about cloud, it’s such a different world, the nomenclature is different, deployment models are different. But even how you make use of the underlying infrastructure is different. I find that that also reflects itself into how you have to think about security.
Marcus: Absolutely, and security in the cloud is a new and hot topic for people. If you think about it, most of the people who do security work in their own network, they are familiar with the on-prem tooling and so forth. And we’re seeing double shifts here, we’re seeing that a lot of the DevOps and people, are the people who are not concerned with security in the in-house network. They are now responsible for security in the cloud, which of course clashes.
Then just the sheer amount of news and updates that get deployed into the common cloud providers makes it very hard even for seasoned security professionals to keep abreast with what’s going on, and being up to date with all the changes that keep happening in their deployments.
Vectra’s Cognito platform: Intelligent, AI-driven threat detection and response for native and hybrid clouds
Kevin: I think this is a place, this is an area where Vectra’s keen to being able to give extra visibility for folks that are trying to secure their cloud workloads. I know that there are recent announcements for both Azure as well as AWS. Maybe I’ll speak to Azure, Azure native integration via the V TAP, in order to capture all the traffic across their different instances. And then for AWS, Marcus, I think you might be closer to that one.
Marcus: Yeah, same thing there. We’re getting availability of that data and we can tunnel that into Vectra to do the same type of analysis as we already do on the on-prem network for.
Kevin: Great. I think that concludes most of the information that we wanted to chat about as part of this discussion today. Should you want to know more about how you might be able to use things like machine learning for network visibility, or how you might get better visibility into the cloud, feel free to reach out to a Vectra representative or visit Vectra.ai.