Cybersecurity is a complex challenge. Here are companies looking to provide innovative solutions
There’s no question that organizations are facing challenges in cybersecurity that are more complex and more pressing than ever before.
To kick off 2023, asset visibility and security company Armis Inc. found that of the more than 6,000 security professionals surveyed globally, 24% said their organization was underprepared to handle cyber warfare. The striking news continued as the year went on. In April, big data analytics company Splunk Inc.’s “State of Security” 2023 report indicated that 52% of organizations have suffered a data breach in the past two years, an increase from 49% in 2022 and 39% in 2021.
In March, the United States government launched its National Cybersecurity Strategy, with a stated goal of building a more resilient future while publicly noting the important role cloud computing plays in that journey.
By June, cloud computing giant Amazon Web Services Inc. said it had goals aligned with that strategy, noting the shifts mentioned.
“The strategy calls for a shift in cybersecurity responsibility away from individuals and organizations with fewer resources toward larger technology providers that are the most capable and best-positioned to be successful,” wrote Mark Ryland, director of the Office of the CISO for AWS. “At AWS, we recognize that our success and scale bring broad responsibility. We are committed to improving cybersecurity outcomes for our customers, our partners and the world at large.”
To reach those goals, some of the responsibility will likely land on various companies currently innovating in the cybersecurity landscape, some of which are showcasing cutting-edge products that may shape the future of digital security. Some of those companies will be present during the “Cybersecurity” AWS Startup Showcase event on September 14, an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. (* Disclosure below.)
That event will take place just weeks out from the start of Cybersecurity Awareness Month. With all of those developments in mind, here are some of the companies looking to provide innovative solutions to cybersecurity challenges that you should be aware of.
Considering new developments
Generative artificial intelligence is one of the hottest topics today. But it doesn’t come without risks, especially when it comes to data integrity. That’s why the right data controls are necessary, according to Rehan Jalil, chief executive officer of Securiti Inc. The four main areas to focus on? Model safety, data usage, prompt safety and regulations, according to Jalil.
Regulatory bodies are expanding globally, but the question remains: Why is explainability so crucial when organizations are using AI models? It has to do with the fact that this area remains like a “black box,” according to Jalil.
“It gives you an answer based on the prior knowledge and prior data that you have fed to it. But you don’t often know why it’s saying so,” he said. “As humans, we are trying to be very predictable with technology. Let’s say if this were a regular database. If you store some data, you run a query, you get a very predictable answer. But that’s not true for these kinds of neural nets.”
Why is that important? It’s because users must be able to trust the data and know that there isn’t any bias contained within it, according to Jalil.
“Just like you can take some things out of your brain, you can take the nets out of these. It’s called LLM lobotomy. That’s happening, and more and more is going to happen,” he said, adding that his company has learned that what large companies want to have is a data command center.
En route to becoming a large organization, which involves scaling up and acquiring more customers, companies must often see their cyber assets sprawl and become more intricate. That’s why companies such as JupiterOne Inc. believe anything that is software-defined, in addition to physical assets, should be defined as a cyber asset.
“That’s anything your business needs to operate its business and to be able to transit customer information to your customers,” said Sean Catlett, general manager for EMEA at JupiterOne. “But those are also things that are hyper-complex.”
That’s because when you think of how those are built today, it’s out of massive lists of information that are pulled out of source systems. They’re the configuration management databases of the past, according to Catlett.
“Our approach is really to modernize that, connect them and make those into contextual pieces of information around what those assets do for the business, and then how they can be secured more effectively,” he said.
Concerns about compliance
In today’s increasingly complicated cybersecurity environment, compliance has become a key concern. Enterprises have been positioning themselves to remain competitive, profitable and free of vulnerabilities — something that Secureframe Inc. saw as posing some concerns.
“Typically, you’d have to take hundreds of screenshots just to prove, ‘Hey, my AWS S3 buckets are fully encrypted.’ There’s always been better ways to do this,” said Shrav Mehta, founder and CEO of Secureframe. “All these cloud security services have APIs. Most of the business systems that we have today have ways to collect this evidence automatically in a way that’s more concrete. We thought, hey, this is a great opportunity to introduce everyone to Secureframe.”
While Secureframe has been seeking to automate several manual compliance operations in favor of a more streamlined approach — with a goal of abstracting away many enterprise compliance bottlenecks — Thoropass Inc. has sought to deliver a “TurboTax-like” experience for accelerated enterprise compliance.
About four years ago, Sam Li, co-founder and CEO of Thoropass, was running a fintech company in the Insurtech field. Things were going great, until the company started talking to companies about their compliance posture.
“Do you have an information security policy? Do you have a SOC 2 audit? Can you answer those 400 questions in Excel. We were a 12-person company in SoHo crunching code every day. We didn’t have all of those,” Li said. “I started out and said, ‘OK, let’s bite the bullet. Let’s get a SOC 2 audit, which is one of the most popular compliance frameworks here in the States.”
But six months later, the company still didn’t have the report. Realizing those information security best practices were very important, Li realized that he wanted to build an informative compliance program.
“At the same time, five years ago, there was [a drastic] lack of tools, software solutions and good audit solutions for me to do that,” he said.
Out of that emerged Thoropass, a TurboTax-like experience, he explained. It’s intended to help companies set up compliance for the first time, accelerate their program, build out, automatically collect and verify evidence and demonstrate compliance to enterprise buyers or partners alike.
Vanta Inc. also provides compliance audit support, which has emerged as a key area of focus for enterprises.
“Vanta, ultimately, is a tool that gives you an automatic way to prepare for your SOC 2 audit or your ISO 27001 audit — or insert a long list of dozens of standards we’re working on here,” said Rob Picard, security lead at Vanta. “The standard itself is not a list of controls, but what we can do is we can provide you that list of controls … and we can say this is what you need to do to get started here.”
The road ahead
With Cybersecurity Awareness Month quickly approaching, and with cybersecurity concerns front of mind for organizations globally right now, innovative solutions will need to emerge to alleviate the pressures of the complex concerns on company radars. In addition to the companies mentioned above, other innovators also have put forward solutions.
Take cybersecurity startup Halcyon Tech Inc., which in June announced an integration with security orchestration, automation and response company Revelstoke Security Inc., with a goal to enable customers to make security operations teams more efficient.
There’s also Elastio Inc., a cloud-native platform designed to safeguard data from risks posed by ransomware, app failures or storage security flaws. The company announced an oversubscribed $18 million Series A investment led by Venture Guides, with participation from Bain Capital, in June.
Other innovators include Cribl Inc., a vendor-agnostic observability pipeline, and data security platform startup Baffle Inc., which in June launched an updated version of its platform designed to automate data protection across an enterprise.
The road ahead is a complex one, and one that will likely see various innovators leading the way. Those solutions amid a new cybersecurity age will be explored during the “Cybersecurity” AWS Startup Showcase event on September 14 at 10 a.m. PT. on theCUBE.
(* Disclosure: TheCUBE is a paid media partner for the AWS Startup Showcase “Cybersecurity” event. Neither AWS, the sponsor of theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One-click below supports our mission to provide free, deep and relevant content.
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.