We may like to think that the tools we use online and the sites we visit are safe, but that's not necessarily the truth most of the time because there are either security flaws built within them, or there are human errors that expose us all. Dan Hubbard is a man who has worked as a security engineer for a good chunk of his life, so he's quite familiar with all these.
Hubbard is the CEO of Lacework, a company that handles automated, end-to-end cloud security, working to deliver continuous security at scale. Before coming to work at Lacework in 2017, he also worked at CTO, a company that was acquired by Cisco, Websense, a company that had an IPO of over $1 billion, and IBM, who everyone knows.
We had a chat with Dan Hubbard about cybersec dangers, AI and machine learning and their role in keeping us safe, and more.
TechNadu: Let’s start worth you telling us something about yourself and your path so far. How did you end up as Lacework CEO?
Dan Hubbard: Over the last 25 years, I have had the pleasure of working with some incredible people in the tech and security community. Early in my career, I was intrigued by the cybersecurity field, the community around it, and the constant challenge of defending in a very dynamic changing environment.
Prior to being the CEO at Lacework, I was the Chief Product Officer and before that CTO of Cisco Cloud Security, CTO OpenDNS and CTO of Websense.
Major technology architecture changes and innovations have always been a part of my journey. I believe that great security transitions and large markets are formed on the heals of major tech transitions, large addressable attack surfaces, and signs of changes in tactics to said technologies. At Websense, it was all about the Web as an attack vector and Web 2.0- and at OpenDNS, it was about ubiquitous connectivity and SaaS.
At Lacework, we are focusing on what I call the next wave of cloud or IaaS / PaaS. This is arguably the largest transition we have seen in a decade and represents major challenges for security. What interested me in Lacework was a combination of timing this major architecture transition and market opportunity, an incredible platform, and the team.
TechNadu: Lacework is clearly not the only cloud security tool on the market. What sets your products apart from your competitors?
Dan Hubbard: The approach that Lacework uses is defined by our underlying technology. This, more than anything else, is what differentiates us from other security vendors. Where most security solutions are based on rules, the Lacework platform applies machine learning for anomaly detection and vulnerability assessment of an organization’s entire IT environment -- on-prem, virtualized, cloud, containers, and anywhere the data lives or transacts. Lacework also provides visibility across the entire build-time to run-time continuum, so that vulnerabilities and issues in applications can be detected as they are being developed so they don’t bring those issues into a deployed environment. Overall, Lacework recognizes that security is not a single thing to be solved, but rather, it’s an approach that is most effective when it provides the most visibility coverage and the most accurate understanding of normalized behavior.
TechNadu: As far as threat detection goes, how has the year been so far? Have companies protected by your tools seen more attacks than they have in the past? Are things getting worse?
Dan Hubbard: I’d prefer not to reveal details about our customers’ security situations, but I can tell you that our customers, which span a wide variety of verticals, sizes, geographies, and IT infrastructure approaches, have been very open with us about how they have a far better understanding of the threats in their environments, along with more context that gives those threats meaning.
TechNadu: What do you see as being the biggest dangers in terms of cybersecurity nowadays?
Dan Hubbard: The environments that organizations are creating are becoming increasingly complex. Some of this is intentional - there are solutions for every departmental and vertical need. In other cases, it’s a factor of organizations responding to changing technology capabilities that they’ve wanted to take advantage of, or perhaps because they are in the midst of some level of transformation. When the technology footprint grows, data lives in increasingly disparate sources and it becomes harder to identify how it’s being used and who is accessing it. Getting visibility into what’s going on, and then being able to make sense of it in a security context is not possible with human effort, and most tools are not even equipped to handle it. So, what happens is that organizations simply rely on what the CAN see as a proxy for what is happening across their entire environment, and this gives them a false sense of how secure they are.
TechNadu: AI and machine learning are playing a growingly large part in security tools nowadays. What are some things you wish you could use these for in the coming years?
Dan Hubbard: I’m really proud that we are able to deliver continuous real-time anomaly detection and behavioral analysis, all enabled by machine learning. With this technology at the core of the Lacework Complete Security Platform, customers are capable of monitoring all event activity in their cloud environment, correlate activity among containers, applications, and users, and log that activity for analysis after containers and other ephemeral workloads have been recycled. This monitoring and analysis trigger high-fidelity, automatic alerts. Behavioral analytics make it possible to perform non-rules-based event detection and analysis in an environment that is adapting to serve continuously changing operational demands.
TechNadu: In terms of security, if there was one thing organizations should pay attention to in the next 6-12 months, what would it be?
Dan Hubbard: As more organizations move workloads to the cloud, they are going to become enamored with speed and agility. I foresee more organizations adopting a DevOps approach to application development so they can take advantage of speed in their ability to build and deliver solutions. A result of this will be a much greater focus by organizations on the build-time element of their IT discipline; in order to get the results they want, they’ll need the visibility and anomaly detection across the entirety of their technology operations.
What do you think of what Dan Hubbard had to say? Drop us a comment in the section below the post and share the interview online so others can read it too. Follow TechNadu on Facebook or Twitter for more tech news, interviews, reviews, and guides.