UPDATED 12:36 EST / AUGUST 06 2018

WOMEN IN TECH

This cyber warrior is revolutionizing data protection for a digital future

Data is arguably the most valuable tool in the modern enterprise arsenal, and its transformative nature is creating the need for overhaul at every level of business operations. Data-powered innovations like artificial intelligence and machine learning are driving revolutionary technological developments throughout the market and expanding the impact data has on individual businesses, as well as an increasingly cloud-connected network.

The amount of available data and pace of ecosystem expansion are creating limitless opportunities for growth but also new risks as these transformations threaten to outpace the modernizations in security efforts necessary to protected performance. The prevailing security tenet has long been regulation through restriction, but in a market so rooted in connectivity and accessibility, security needs a digital transformation of its own.

“As we move to a digital business where the actual data and services associated with the data become the business, you’re not talking about how to restrict access, you’re talking about how to appropriately share access,” said Barbara Kay (pictured), senior director of security product marketing at Extrahop Networks Inc.

A tech security leader with experience providing protection through companies like McAfee Inc. and ExtraHop, Kay has guided businesses through the industry’s evolving security needs for over a decade. Now, she’s leveraging that expertise to transform security through a data revolution.

Kay sat down with Peter Burris (@plburris) for a CUBEConversation at theCUBE’s studio in Palo Alto, California. (* Disclosure below.)

This week, theCUBE spotlights Suzanne Frey in our Women in Tech feature.

Reconsidering cybersecurity risks

Kay was brought into ExtraHop as part of its transition from a network performance-centric company to one with a mission of optimizing in cybersecurity. While the company has been supporting customers in their security needs for years, the market shifts around data prompted ExtraHop to take an active approach to security innovation using the automation power and insights at its disposal.

“We knew how important it was to help the people in the Security Operations Group be more effective, get to the root cause, and get on with life more quickly,” Kay said.

ExtraHop’s holistic security strategy includes not only reactionary fixes, but preemptive solutions that strengthen overall data processes. The vast potential promised by digital transformation comes with the risk of security vulnerabilities, and the threat of breaches like those seen at Equifax Inc. and others looms over companies eager to modernize.

“We’ve seen the kind of scorched-earth attacks; all that stuff has people really worried, and the network traffic zone is an area that has been underserved in terms of security interest,” Kay said.

Increasing digitization creates more opportunities for breach, as does a network weakened by the many endpoints that enable the connectedness today’s market relies on. Whether internally or among outside partners, the business-critical data that powers all systems must be protected to ensure functionality and security throughout the entire network.

“It used to be that the model for protection was you loaded up your end point with a bunch of defenses, [but] so few devices now are ready to be managed with an agent. You can’t control those endpoints the same way we used to. We have to think differently about the problem,” Kay said.

Even 10 percent more data accessibility can result in a net income increase of $65 million for the average Fortune 1000 company, but that accessibility cannot come at the cost of openness to malware. “Your employee database, your customer database, the web server, the data store, the app server — you need everything to work together and stay working. For those devices to interact with things, they have to use the network,” Kay said.

Automating data protection

In order to combat these adapting threats, ExtraHop employs the use of investigative insights derived from the contextual data collected via machine learning. Metrics and metadata extracted from the network’s rich data is sent to the cloud, which then uses models that are designed for security to extract behavioral implications.

“You have to be thinking about the nature of the interaction rather than the explicit data point. Machine learning is a great way to extrapolate and understand the bigger landscape of things, and ExtraHop is hitching that machine learning engine to this rich source of contextual data,” Kay said.

This level of protection isn’t reserved for the enterprise, according to Kay. With companies of all sizes operating within the same network, even small to midsize businesses must take an aggressive approach to optimizing security.

“It isn’t necessarily about size; it’s about your perspective on security. If your services went down or your databases were stolen, how crippling would that be for your business?” she asked.

Enabling visibility for greater trust

With a career spanning over a decade, Kay is well-versed in the industry’s ever-changing cybersecurity needs. Kay’s journey began with her consulting firm Secure By Design Group, which she created to assist information security companies in expanding reach and better supporting customers. Before joining ExtraHop, Kay lead security operations at McAfee and developed the company’s automated security platform.

Throughout her career, Kay has worked to bridge gaps in both security and communication to create more effective processes between disparate network factions. At ExtraHop she’s working to get in front of the new issues resulting from the industry’s data explosion, as well as resolve the collaboration issues that stem from finger pointing following the discovery of security issues. While measures like the 72-hour disclosure window mandated by the EU’s General Data Protection Regulation are meant to assist in the resolution of a compromised data incident, Kay said that these ultimately hurt overall security efforts.

“Seventy-two hours is just not that much time when something really complicated has gone on. That’s why we see serial disclosure events. Then every time you have to re-report your experience, you degrade what little credibility you had. That’s really going to damage our industry,” she said.

Looking ahead, Kay is focused on creating greater overall accountability processes that will help businesses and customers feel secure.

“[We’re] trying to find a source of truth that lets you [see] what’s actually going on. The faster you can do that and feel good about the conclusion you got to, the more successful, the more confident, and the more able you are to move forward,” she concluded.

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s CUBE Conversations. (* Disclosure: ExtraHop Networks, Inc. sponsored this segment of theCUBE. Neither Extrahop nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU