Billions have been sunk into the data security market, and cloud leader Amazon Web Services Inc. continues to reassure its customers that cloud security is “the highest priority.” It offers services such as Security Hub. But despite the extreme focus on protection, no one is relaxing on security watch just yet.

“I can assure you that cloud security is not solved,” said Jesse Rothstein (pictured), co-founder and chief technology officer of ExtraHop Networks Inc. “Despite record spend year after year after year, we still continue to see record numbers of compromises and data breaches that are published. I think cloud security in particular remains a challenge.”

Rothstein spoke with Stu Miniman (@stu), host of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, and guest host Justin Warren (@jpwarren), chief analyst at PivotNine Pty Ltd., during the AWS re:Invent event in Las Vegas. They discussed the state of cloud security and why visibility is so critical for modern solutions. (* Disclosure below.)

[Editor’s note: The following content has been condensed for clarity.]

Miniman: You can’t remove security from the discussion of cloud. It is one of the top issues. What’s your take on the current situation?

Rothstein: There’s a lot of energy there and I think a lot of attention; people recognize it’s a problem. But we’re dealing with massive cybersecurity skill shortages. It’s very hard to find people with the expertise needed to really secure these workloads. We’re dealing with more sophisticated attackers. I think in many cases, attackers with nation state sponsorship, which is scary.

ExtraHop’s right in the mix here, and we focus on network detection and response. And, of course, it wouldn’t be a modern-day security offering if we didn’t leverage very sophisticated machine learning to detect suspicious behaviors and potential threats. This is something I think we do better than anybody else in the world.

Warren: Can you walk us through what the machine learning aspect of ExtraHop actually does?

Rothstein: Machine learning allows us to recognize behaviors. And behaviors are very important, because we’re looking for post-breach behaviors and indicators of compromise. The attack surface is absolutely enormous, and there are a million ways that you can be breached. But there’s actually a relatively tractable set of post-breach behaviors that attackers will do once you’re compromised.

So, what we’ve done is we’ve built the machine-learning behavioral model so that we can detect these suspicious behaviors. And because detections alone are completely insufficient, ExtraHop is built on top of an entire analytics platform so that you’re always one or two clicks away from being able to determine if something requires an incident-response scenario.

Warren: One of the themes that we had from the keynote yesterday was transformation. Do customers need to just transform the way they think about security?

Rothstein: Yes and no. Customers who are used to a certain set of on-prem toolset, tool chain can’t necessarily just shoehorn that into their public-cloud workloads. But on the other hand, I think that public-cloud workloads have really suffered from an opacity problem; it’s very difficult to see what’s going on. It’s hard to sift through all those logs; it’s hard to get the visibility that you expect. And I think that the cybersecurity toolset, tool chain, has been pretty fragmented. There are a lot of vulnerability scanners, there are a lot of, kind of like, API inspectors and recommendation engines.

But I think the industry is still really trying to figure out what this means. So, I’m seeing a lot of innovation, and I’m seeing a rapid maturing of that cloud-security ecosystem.

Miniman: So, the last question: What would you like to educate the marketplace on that maybe goes against the common perception when it comes to security in general, maybe network security specifically?

Rothstein: Network security is a fundamental capability and a fundamental source of data. I think organizations pay a lot of attention to their log files. I think organizations do invest in protection and prevention.

But the ability to observe all of the network communications, and then the ability to detect suspicious behaviors and potential threats, bring it to your attention, take you through an investigative workflow, make sure that you’re one click away from determining whether this requires an actual incident response, and in some cases take an automated response. I think that is a very powerful solution and one that drastically increases an organization’s cybersecurity posture. So, I would always encourage organizations to invest there.

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of the AWS re:Invent event. (* Disclosure: ExtraHop Networks Inc. sponsored this segment of theCUBE. Neither ExtraHop nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE