• Garrett O'Hara

    Garrett O’Hara is the Principal Technical Consultant at Mimecast having joined in 2015 with the opening of the Sydney office, leading the growth and development of the local team. With over 20 years of experience across development, UI/UX, technology communication, training development and mentoring, Garrett now works to help organisations understand and manage their cyber resilience strategies. When not talking about the cyber security landscape, data assurance approaches and business continuity Garrett can be found running, surfing or enjoying the many bars and eateries of Sydney's Northern Beaches.

    Comments:0

    Add comment
Garrett O'Hara
Content

Lee Weiner leads Rapid7’s emerging products teams and the development of their cloud platform. Lee and Gar cover a range of topics and recent innovations in the sector including vulnerability management, misunderstandings on SIEM and SOAR, and what the world of SIEM and SOAR will likely bring i.e. big data, behaviour and threat analysis, and also the productivity bumps we can expect.

Content

The Get Cyber Resilient Show Episode #52 Transcript

Garrett O'Hara: Welcome to the Get Cyber Resilient podcast. I'm Garrett O'Hara. And today I'm joined by Lee Weiner, Chief Innovation Officer at Rapid7. Lee was a web developer and a sales engineer in Cybersecurity. He moved into product development, product management, and ultimately product leadership. These days, Lee is the guy who leads Rapid7's emerging products team, and also leads the development of their cloud platform. Lee and I covered a lot here, vulnerability managements, misunderstandings on SIEM and SOAR, what the world of SIEM and SOAR will bring. So Big data and the behavior and threat analysis, and also productivity bumps that we can expect. There's lots here, so let's get over to the interview.

Welcome to the Get Cyber Resilient podcast. I'm Garrett O'Hara and I'm joined today by Lee Wiener, the Chief Innovation Officer at Rapid7. How are you doing today, Lee?

Lee Weiner: Good, Garrett Good to be here. Thanks, for having me.

Garrett O'Hara: Yeah. It's awesome to see you. We've crossed paths many times over the years, so it's, it's lovely to get to catch up with you. but also really looking forward to the conversation. You're East coast of the U.S, right?

Lee Weiner: Yeah. Yeah. I'm here in, outside of Boston, Massachusetts. Yeah. I mean, last time we saw each other, I think I was in, I was in Australia and, and the weather was, was, was probably a lot better than it is here right now. So-

Garrett O'Hara: A little bit warmer. I won't show you on the webcam, what it's doing, so it's, it's pretty nice today. We're in that beautiful shoulder season where the humidity is starting to drop blue skies, beaches just out the window, yeah it's, trust me, it's, it's okay here. [laughs]

Lee Weiner: Yeah, the snow is, the snow is almost gone. It's, there's just a little bit left, but, it's, we're hopefully starting to turn the corner.

Garrett O'Hara: Good times. Hey, but here's a question for you, I'm seeing a lot of snowmobiles over in the East coast of the U.S, is that a new thing? It seems like a bunch of people are getting into it.

Lee Weiner: Yeah. I don't know if it's a new thing. I think, I think more people are doing it because there's this desire to, you know, be outside more because of the pandemic, it's safer with, you know, your, if, even if you have a friend or two you want to get together with, so I think there's more people kind of venturing into the outdoors. And yeah, snowmobiling is becoming, a little bit, I, I think it's, it's definitely picking up. my sister actually, and her family went snowmobiling this winter and yeah, it's, it's definitely picking up.

Garrett O'Hara: Very cool. Yeah. So, you know, spring's and roundabouts. We don't get to do that in Australia. So, you know? So Lee, I, I'd love to hear, obviously we know each other. But for the audience, you're, you're sitting as the Chief Innovation Officer, so obviously senior leadership in Rapid7, in a fairly well, non-global company in cyber security. What was your journey? How did you get to, to where you are today?

Lee Weiner: You know, I started my career back in the mid '90's, building, web applications, right. It was the beginning of the web and, you know, I, I, I was focused on, I worked with, I worked for a publishing company that was bringing, content to the web, right. It was, it was, it was actually a lot of fun. That's kind of how I started my career in technology. And then I, I worked in, for some vendors in cybersecurity, mostly in, originally in a sales engineering capacity, which was great to work with customers and understand the problems they were having.

Uh, but that led me to want to kind of get focused on the product side. And so I moved into product development and then product leadership and product management, and eventually into kind of general, product and engineering leadership. and it's been, you know, it's been great. You know, for me, my, you know, passion around it has been, you know, the space and the problem and, you know, how do we, how do we really help our customers through this challenging dynamic that they continue to be in?

Garrett O'Hara: Yeah, absolutely. And, and challenging is definitely the key, the keywords there. What, what does a Chief Innovation Officer do? Like, so day-to-day, you know, responsibilities. It's, you know, it's, in my head, cybersecurity is such a rapidly evolving space that the, the weight of innovation, I'd imagine weighs heavy, or maybe it doesn't, but I'd love to hear like what the role is.

Lee Weiner: You know, I really focused on how do we bring new things to life at Rapid7? so, you know, I work, I work with our, kind of emerging product groups that are trying to solve new problems for our customers, and lead those teams, to really help them kind of hone their product market fit and then get the solution into the customer hands and then, you know, scale it from there. I also lead the development of our, our cloud platform broadly. So we've got a platform that I'm sure we can talk about, but it, it weaves together our, our products for our customers to give them a better experience. So I lead that.

Um, so it's really around, you know, as you said, you know, we've got to continue to invest in innovation to solve this problem. Because the attackers are definitely innovative, right?

Garrett O'Hara: Mm-hmm [affirmative].

Lee Weiner: And so we as defenders, we need to innovate, as well obviously, and we need to do that better and more effectively than they are. so that's really what I'm focused on, to helping us to here at ref. So-

Garrett O'Hara: And you guys do a lot, right? You've got a solution set that covers so many different areas of vulnerability, risk management, threat detection, app security, sec ops. And w- when I think about organizations like yours, there's obviously lots on offer and lots of things that you can help with, but also there's limited built. You can put, so, I mean, that's risk management, you get X, you know, finite amount of dollars, and you've got to go spend them somewhere. What's your take on that? Like, I've got a limited budget, budget, where do I start?

Lee Weiner: Yeah. Well, you know, it really depends. You're, that's the answer you, you probably would expect. But it does really depend right? On where the customer is in their journey. You know, I think for us, we want to meet our customers where they are, right. They have, they've got a problem and, and, you know, we're here to help them solve it. So, you know, look, some of our customers come to us and they're, you know, maybe earlier in their maturity stage and they are just getting started with cyber security, and cyber security program.

And, you know, one of the things you want to do right out of the gate is you want to get visibility into your environment, and things like vulnerability management really helps you there. Right? And so some people start with us there and they, you know, they, they kind of start, building that program up. And then from there, maybe they want to go detect and respond to threats. Right? And so we've got a SIEM solution for them there. And you know, then maybe as they migrate their infrastructure to the cloud, they want to think about cloud security. So for us, it's really about like, where are you on that maturity curve, right?

It's less about, you know, where can you get the biggest bang for your buck? I mean, you know, again, I think it, it does depend on, the organization and just kind of where they are and, and how we can help them. but yeah, so, you know, and, and again, we try to work with them to continue to help them evolve, and then they can, they can consume more of our solutions or, you know, or they can stay with the solutions they have. We try to be quite, open and have a diverse ecosystem as, as, as you know.

Garrett O'Hara: Yeah, no, I definitely get that. And I suppose, you know, organizations size dependent, resource dependence, it's gonna have a pretty big, and material impact on how far along a security maturity, maturity journey they will be. Like, how do you see that stuff play out in terms of small to medium, to larger enterprises? And, and the context for that question is, some of the supply chain challenges that are happening, we're, we're kind of all tied together. Right? And you know, what happens at a small sort of organization that feeds into a medium sized organization or organization maybe as a supplier and, or right in to enterprise, like we're all tied together. Right. So how we all do security matters? Like, what's your take on that as far as helping those smaller organizations?

Lee Weiner: Yeah. So we absolutely want to help organizations advance their security for really any type of company. Right? And, and to your point, I think one of the things that, one of the things that's happened right in the last two, we've been doing this right for a while. And if you look at the last 10 years, especially five, six, seven years ago, there was a lot of focus on the larger organizations. Because frankly, you know, look, there's a lot of, talent there. There's a lot of budget there. And so vendors were, were building for a lot of that. And that makes sense. I, I get it.

But I think as we've, as we've seen the last seven, eight years, these threats have been more, pervasive to a lot of different kinds of companies, right? Whether it's retail companies or healthcare companies, manufacturing companies, and some of those organizations to your point, they don't have as big of a team. And so, you know, for us, we are really focused on how do we make those kinds of teams more productive? Like how do we make them more effective? They might have, you know, 10 or 15 people on their security team, whereas, you know, a larger company might have a few hundred.

So how can we kind of power those teams with more, you know, tools and technologies that enable them to be more productive? but I think on the, onto your point about the maturity cycle, you know, as we know, there are large companies that aren't as mature as they want to be. Right? Size isn't a good proxy always for maturity. and I think, you know, we'll continue to see that. And I think, you know, again, we, we continue to focus on how can we, how can we help companies of all types? We have very large customers and we have a lot of mid-sized customers and some smaller ones. And so, you know, how do we really, how do we build and design for that, that broader, uh, that broader impact for the broader market opportunity?

So, yeah, maturity is... we talk about it a lot and, yeah, I don't think size is a good proxy for it, for sure.

Garrett O'Hara: Yeah. Definitely agree with you on that one. So in, in terms of collaborations, so one of the things we're seeing a lot of in, and here, I'm thinking in those smaller organizations where they're looking for wins through technology, because they can win through people. they're too small, like maybe can't pay for the head counts, and even if they could have the time they, they can't find the people. we're seeing a fairly large shift in the industry towards like how to, how win with technology. And here I'm thinking about integrations, point solution integrations, you know, threat Intel sharing and to SIEM, into SOAR.

Um, taking some of the workload away from security analysts so that, you know, SEIM is doing it and SOAR is doing it. You know, obviously you play heavily in that space. I, I'd be keen to kind of get your thoughts on how that plays forward in the future.

Lee Weiner: Yeah. Yeah. Look, I think, you know, if you look back at, at, you know, history, you'd say the kind of the early phase of SEIM 10 years ago was really focused on compliance, right? I need to comply with, with there regulation, you know, whether that's for things like PCI or Sarbanes-Oxley or various other regulations, you needed to audit certain activity, you know, privileged user activity, cardholder data, access to heart, card holder, things like that. And so SEIMs were really structured for that.

And then what happened was we saw this right in 2012, 2013, 2014, the threat landscape evolve. And I think a big part of that evolution has been the use of technology by companies. So companies are now using their, their use of modern technology has really scaled, right? If you think about mobility, you know, 10 years ago, then you get into the era of software as a service, applications, maybe six, seven years ago, and continued now, and now you're going into cloud infrastructure.

You know, all of that technology is great for innovation. It's amazing for innovation, for, for employees and for companies, but it brings a level of risk for security professionals, right? And they're, they're kind of blinded by that, or they can't, they don't get the visibility into that, that they want. And so I think what, what happened a lot in that kind of six, seven years ago, was people were trying to apply old technology, old security solutions to new technologies. And it just, you know, we created a lot of noise. People had challenging triaging alerts, you know, they couldn't find that signal.

Um, and so what, you know, what we believe going forward is look, we need to build analytics that really enable security professionals to, you know, get their job done. I mean, we can't give them 10,000 alerts a day. That's just, that's non, productive. And so how can we create more effective analytics and effective, you know, automation within that that allows them to kind of, you know, get to the 50, 100 Lords that they really need to investigate, and then how can we make those investigations more effective for them?

And so that's really where we think this is really heading towards, which is a much more analytic driven system. You know, we've got to look at behavioral analysis, threat analysis. that's a big part of that. And I think, you know, to your point, you need more data, you need more context around that, right? I mean, this, this is becoming a really like, I don't know, like to use, like, the cliche is like, it's a big data problem. Right?

Garrett O'Hara: Yeah.

Lee Weiner: But it is a big data problem.

Garrett O'Hara: Yep.

Lee Weiner: I, I think that's the other thing that we saw too, is like a lot of the, the accessibility of these solutions hadn't really been for a 5,000, 10,000, even a 10,000 person company, right. There were for the larger companies, because think about all the storage and compute you had to bring in to run these kinds of things. Right. And so now, you know, if you can deliver that using cloud technology, we, we do that, right. A company that can't manage that, can't operationalize that on prem, well, they can definitely use cloud infrastructure to do this.

And so I think that's been a big shift too, which it just opens up the usage of these kinds of solutions to more of those kinds of mid size organizations or mid maturity organizations. Right. and I think we'll see more focus, you know, I mean, 10 years ago, security technologies weren't built for usability, right? Now we're seeing a lot of usability being built in.

Garrett O'Hara: Yeah. As it shouldn't be. Yeah. It, it just seems like there's a bit of a leveling happening through cloud. And the ability to scale at a point where like the economics to service data storage, processing, all those things. Like at some point it, it, it almost becomes a, a sort of a finance conversation rather than security conversation, because you, you get to a point where you really can service that stuff on prem or do it yourself. You know, really those larger companies will, here's a question. Do you see that kind of distilling or, you know, stratifying into a few very large players, because as you kind of rolled time forwards, you know, those economics play at, and, and it gets harder and harder and the, the points are getting smaller and smaller, like how do... where does that go?

Lee Weiner: Well, I think it's interesting. You know, I think the, the thing that we have to remember right is that domain expertise in this field really matters. Right. So in other words, do, do you understand the threats and the behaviors, and the attacks that are happening in the environment? Right. And so for us, you know, we put a ton of time into research. We've got a bunch of analysts that look at this stuff all the time. And so we can build analytics that are purpose-driven for that problem space. you know, I think that's separate from the data problem, right?

Garrett O'Hara: Mm-hmm [affirmative].

Lee Weiner: To your point, you've got to collect the data, kind of process the data and you got to store the data, but you also have to analyze it. I think that's where a lot of the value, needs to be delivered. and you know, again, will be delivered, to your point. I think it's great. I mean, data democratization could actually be really good for this space, right. Because it could make it easier for people to access that information. And then really the value will be well, how well can you analyze this for me? And, you know, so that's where we spend a lot of our time, and our focus.

Garrett O'Hara: And, and on the analysis side of things then, so you sort of get into the com- competition around, who's got the best algorithm and, and people. How do you see that play out in the future in terms of the importance of, you know, who's got the best, essentially data scientists and people who can write amazing algorithms to do the analysis? And then do we get to a point where we don't need people? I, I suspect we don't. I feel like there's always going to be a, a, a bit of supervision needed there?

Lee Weiner: Yeah, yeah, yeah. I think supervise... well, you know, it's interesting when you talk about AI, because people talk about AI with security a lot. I think we're a little ways away from that, but I think machine language, I mean, machine learning, sorry, machine learning is, is definitely, you know, is being used, to your point, but is there typically, models that are, are, you know, require yeah, human, analysts to develop and build those things. so I think we're, I think we're in a place where, you're right.

So I think the, the analytics will matter and who, who can have the better approach to the detection and the analysis will be in a good position though. I think one thing we should, again, one thing we should acknowledge is that you need to understand the problem, right?

Garrett O'Hara: Mm-hmm [affirmative].

Lee Weiner: Like this is, uh, the, I think the depth and the complexity of the problem of how do you help, you know, how do you detect threats and respond to threats is, you know, it's fairly deep. And so that kind of, are you willing to dive into the problem and to think about the problem deeply and understand it? Work with customers, you know, do the research on the threats, do the research on the types of attacks are happening and really understand that deeply. So I don't think the algorithm owns your point will, will necessarily win, but the, the depth and the understanding of the problem will be critical.

Garrett O'Hara: Yeah. And, and those problems based on stuff that was happening kind of last year, some of the bigger stuff that hit in, in kind of December, you know, that felt like a change to me. I dunno how it felt to you that that was, that was really interesting times, you know, sort of December, January, probably with the two months that stood out in my mind is feeling very different and very big in terms of the world of cyber security. And I think, you know, at this point, most people are well aware of it. And, you know, it's, it's, it's sort of being talked about quite a lot.

But what are your, and I hate using this word predictions because, you know, it, it just seems like crystal ball nonsense, but like, you know, in your space and where you live, you're obviously talking to customers log, you're thinking about innovation. So you... to your point, you're thinking deeply about the problems that we're going to see. Crystal ball, like what, what are your predictions in terms of where the stuff goes, attacks, attack was?

Lee Weiner: I think, I think the thing that's interesting that we're seeing this threat activity, these levels to your point that, that's happening. I think a lot of it, will, I think, I think you'll see a continued evolution. And I think as companies, again, as companies themselves are, are using new technologies, the thing that I think that will happen is how will the, how will the threat landscape evolve around that? Right. So, you know, as cloud infrastructure is adopted more and more, you know, I think we're going to see, threat activity be focused in that, in those kinds of environments going forward, obviously more so than we have in the past.

And I think, you know, the, the, the beauty of things like cloud infrastructure is that you can innovate really quickly, right? I mean, it's phenomenal. but as companies need to think about how they govern and control that environment and gain visibility to that environment, I think that's going to be an area where, we're going to continue to see, you know, both innovation from the, from the tech economy, which is great, the technology providers, but also we just have to be aware of what, the threat actors can do and, and how they can, use that as a vector and we have to provide visibility and analysis into that environment.

I think, I think we're going to see, we're going to see a lot, a lot of activity there. And I think some of the stuff we saw last year is somewhat indicative of that though. probably not all the way there, but I, I think we'll see that.

Garrett O'Hara: And I mean, those larger texts, you mean, you've sort of talked a bit about how that's kind of changing the world of cyber, but as a, as an individual and with innovation sitting on your shoulders, like, presumably that's stuff that changes your thinking, and then, you know, I don't know. Did your shifting, di- did your thinking shift over December, January or was it like, oh, hang on? Or-

Lee Weiner: Yeah, I mean, I think, I mean, look, I think, you know, as a third party, risk has always been a, has always been an issue for, for, companies and something we have to think about. I think, you know, is there, is there more of, a th- the, these kinds of things raise awareness for these kinds of things, right. And application security is part of that too, right? you know, as companies look to more third-party vendors for applications and for infrastructure, you know, we need to think about how does that, you know, how do you think about risk around that. And so I think, I think it kind of showcases the need for some of these things raises awareness for them.

You know, I don't know if it's, you know, it, it definitely to your point, the magnitude and scale of it, you know? Sure, was maybe a little different. I think that the core fundamentals of it is a lot of the core things that we've been, you know, as an industry been focused on. Right. You know, again, how do you understand, you know, gain visibility into your environment? Understand the risks on your applications? And, and, and manage the, the threat activity that can get there. And so, you know, I think, it shows that the ecosystem is diverse and complex and that, that can create opportunities for these kinds of threats.

Garrett O'Hara: Yeah. No, definitely. A, a little bit of a change tuck here, maybe, you know, in your role, you get to travel a lot. And this before we started recording, you know, we, we were sort of talking about, Belfast and Dublin and your time in Sydney and, you know, you're, you're kind of a jet setter Lee, you get, you get around. Be very keen to hear somebody who gets to kind of, smoke jump into these different cities in the world of cyber security. Have you seen themes or picked up any sense of maybe cultural, have culture plays into thinking about cybersecurity and, and maybe even maturity in terms of different regions?

Lee Weiner: Yeah. Yeah. So I definitely would love to get back on an airplane and go to some of these places I'm looking forward to that for sure. Um-

Garrett O'Hara: The beaches of Sydney await. [laughs]

Lee Weiner: Yeah, exactly. It'd be great. I think, yeah, I think you're right. So, so there's definitely, I think there's a couple dynamics we, you, you wind up saying. One is obviously the regulatory environment, right?

Garrett O'Hara: Yeah.

Lee Weiner: That I think does influence a lot of, you know, policy and cybersecurity, initiatives. Right. And so you saw that with GDPR right, and AMEA. these things have been, you know, we, we've, we've, we've seen obviously some activity there in the States. We have some variety of privacy laws that have also kind of created some, increased focus there. But there are, you know, that, that's one aspect of it. The other thing that I think you see which is interesting, is that there are some parts of the world where they might be more aggressively looking at different and new technologies, right.

So, you know, in your neck of the woods, as an example, I've always found Australia to be very cloud forward, right. That there's a lot of cloud infrastructure being deployed in Australia. and it's almost like a, like a, like a skip over, over some of the, technologies from five or 10 years ago. Like, "Hey, let's just, let's just migrate our infrastructure to the cloud." And I think, you know, that, creates a need for, well, how do you think about cloud security? How do we think about, you know, cybersecurity programs that are built for cloud environments. And so I think that's been interesting in, in certain parts of the world, as well.

And then I think, you know, I, I, I think when, when you, when you look at, to your point about cultures and attitudes, you know, I think there are certain environments where there's been more priority around security and privacy, right. certain countries in Europe that have had more priority around this. And so they tend to take it a little bit more seriously. now the other thing you'd say is that the maturity of companies in certain regions of the world might be a little bit different, right. Some regions maybe aren't as mature from a cybersecurity standpoint, whereas like if you go to, you know, you know, parts of the UK, that might be more, more, mature. So yeah, it definitely varies for sure. I think, you know, we see that.

Garrett O'Hara: What are your thoughts, as you were talking to you that you just sparked a question in my mind, you mentioned the kind of regulatory requirements in any particular region. And, you know, one of the things I've heard conversations about is even within countries. So if I look at the U.S where different States will have different privacy legislation and the burden of compliance becomes significant, and if you're a global organization, then it's not just the States, the individual States in the U.S it's the countries you're operating in, like that, that just seems like we need to, have a solution because it's sort of, it's opposite to what we, once, you know, it's not gonna have a good outcome for security, if it's so complex, people are failing compliance.

Lee Weiner: Yeah. Yeah. I think you're right. Yeah. So I think, I think to your point, we need to get better at helping people automate their compliance programs. For sure.

Garrett O'Hara: Hmm.

Lee Weiner: Like there, there's, you know, I think compliance is, is an important part of security. it does not necessarily equal security, but it's an important baseline that people need to implement it. And there are some great things to come out of it. Right?

Garrett O'Hara: Yup.

Lee Weiner: but there's also a lot of mundane tasks associated with it. So how can we bring automation to that, right? To make it easier for people to comply with various regulations and to your point, it's only getting more, more diverse. I think the other thing that's interesting, somewhat related is like how people think about data sovereignty. You know, now the data is much more, it's moving around a lot more.

Garrett O'Hara: Hmm.

Lee Weiner: Dat sovereignty definitely plays into this, as well, you know, we have our cloud platform is in five regions around the world. and the main reason for that is just for data sovereignty, right? Some people don't want their data in a different region. And so I think that also companies have to figure out how they're going to, how they're going to think about that.

Garrett O'Hara: Yeah. There's a lot going on there. You mean, you mentioned the automation of, you know, figuring out the compliance status, and I think there's something about standardization. One of the things is, an observer of so many of the different, standards and, you know, requirements is that this huge overlap. So you, you ended up doing essentially the same work over and over again, you know, with efficiencies because there is overlap and you can do mapping from one control set to another, et cetera. But it feels like surely we're at a point where we could just all agree, "Hey, globally, let's just figure this thing out." And if you get that, then you know, these are children certifications or control sets, et cetera. I don't know. Is that... am I just an idealist? I feel like I am. [laughs]

Lee Weiner: Right. I mean, to your point, I mean, the diversity of the, of the regulatory environment, even in the States, you know, California is different than, you know, Massachusetts. And so there's some federal, kind of umbrellas over that, but it, it is, it would be great. I think, I think we're a ways for that. You know, I think we'll, I think we'll continue to have, you know, some diversity there.

Garrett O'Hara: This is it we're, we're recording video for the audience and, and Lee's expression says more than words ever could, as I asked that, as I asked that question. [laughs] let, let's pivot a little bit again, if that's okay. And, you know, one of the things I'm particularly interested in and, had a conversation just before we started, where I was actually talking to one of your customers who's having a, a, a very excited and, and positive conversation around the outcomes that they were getting farm SOAR. And, you, you know, it's one of the things that I think as an industry we're, we're pinning a lot of hopes on, in terms of stress relief and lowering meantime to detect and respond, and just ultimately better risk management within organizations.

You're in it. I'd love to get your take on maybe some of the misunderstandings, 'cause I definitely have a perspective on this, but I'd love to hear your take on maybe some of the, the bigger misunderstandings around the world of SEIM and, and SOAR in general.

Lee Weiner: Yeah, yeah, yeah. So I think it was SOAR, I think one of the big misunderstandings is like, hey, you've got to tackle this really big problem and automate something really complex to get value. And you don't. You can op- or you can automate something really simple, right? So an example might be as alerts come into your SEIM, you just want to get some enriched, information around maybe threatened in, threat Intel, like, you know, call out to us, right Intel system and enrich that alert with and the right intel. And so that's actually not a complicated, you know, it's not a complicated for the analyst really, but on a volume basis, if you can automate that, you know, three, four or five minute exchange, you have to have to go get that.

I mean, that could, that can save a lot of time. So I think that's one of the, one of the... and there's, there's, you know, there's other examples maybe, things like the quick, if you want to automate maybe, deep provision in a user, it's not that complicated probably for an analyst to go off and deep provision that user in something like, active directory or whatever they're, whatever they're using. But if you can just press a button, you know, again, that could save you 10, 15 minutes. So I think there's some really small wins there, that you can get.

I think the other thing is that, you know, what we're seeing is a lot of customers that want to, you know, they, they start with their, th- this, the place to start. I think a lot of people do is they, they take their security operation center and find some things they want to, they want to automate. And I think that makes total sense. There's again, there's a lot of analyst activity in the SOC. And so that's what people are focused on, but there are other places to apply this, right. So you could apply it, vulnerability remediation is an example, where you could apply it.

And I think, I think the, probably the last thing that's, that, that I'll say about this is that there's a lot of, there, there's maybe some misconception that like automation means that the, the end user loses control of the process. That's not true either. You know, we, and you know, the, the way that, at least our products is bells, you can have human interactions there, right? So you might want to tee up an approval where you might want to send a note to Slack that allows the analyst to say, you know, yes or no. And so you don't have to automate this whole thing end to end.

It can, there can be multi-step workflows that again, save you a lot of time. So, you know, at the end of the day, what we see with this technology is those that implement it, you know, they can save, they can, they can take, you know, maybe 20, 30 hours a week from an analyst and will allow them to work on more strategic things. And that's really the benefit. I think, you know, we gotta, we gotta continue to focus on this area because I think it's, it's, you know, it's, it allows small teams to act like big teams.

Garrett O'Hara: Yeah. And I definitely get that. And, but today we were talking before we started to recording a, a webinar for [inaudible 00:31:48], it's a local security, kind of association here. One of the national ones with, one of your colleagues did, David Coleman. And the example that we run through in that case was, you know, kind of responding to a phishing attack. And, you know, when you played at the potential steps for somebody to deal with that manually, you know, the estimate was 75 minutes. So now it's a little bit of a finger in the air, depending on the organization, it's probably plus minus.

Um, but with automation and to your point, it's not like fully automated necessarily end to end, but you can bring that down to, you know, single digit minutes. And then as you scale that over, you know, days, weeks, months, all of a sudden, that's a huge, huge impact to where, you know, [FT Utila 00:32:26] is sitting within the organization. And they get to do better work. And, and there's a human side to this in my mind where they're paying the, you know, very intelligent, smart people to do meaningful work. And then they spend so much time repetitive tasks where they know exactly what's coming next, and the next steps, but it's not, I don't know, I don't do that job, but I'm suspecting on the hundredth time you've responded to, you know, a phishing attack.

It's not meaningful exciting work, because you know exactly what the playbook is and you kind of wish the machine would just come along and do it, and do it for you.

Lee Weiner: Yeah, no. I think you're right. I mean, look, I think it is, it is about... because, you know, there's this question about like, "Hey, well, if we could automate everything, maybe we don't need security analysts," and that's just not true. I mean, there's so much work for cyber security professionals today that are like, that currently is never ending. And so if we automate a portion of it that just needs a data analyst to your point can go work on, you know, more, more impactful, more strategic work.

And you're probably right. Like, look, job satisfaction probably increases too. I would, I would think, which I think, I think helps a lot. Yeah.

Garrett O'Hara: Yeah. And, and retaining employees in, in sort of a, what's, what's a very competitive market for talent. anything, anything you can do, you know, beyond the foosball tables and pizza, you know, let's get, let's get automation going on. here's the, here's maybe a huge question. Well, what do you think, in terms of like a security challenge that you don't think is getting the attention that it deserves?

Lee Weiner: Yeah. I mean, I think, I mean, I do think SOAR is one of them. I do. I think that there's, I mean, I guess, I guess more programmatically, like the, the organizations that really think about SOAR, and automation in a, in a, in a progressive way, in a more, evolutionary way. I think that we definitely there, there's plenty of them out there, but I think we need to see more of that, and more focus on, you know, how do we, how do we think about our... you know, and I guess part of it is like you have to sit down and think about your process and your workflow.

And so you've got to actually do the work to understand that. Which by the way, it benefits the security program, because now you're documenting these things.

Garrett O'Hara: Hmm.

Lee Weiner: And then you can figure out how to apply automation to it. So it takes a little bit of work upfront, but the benefit that you get from that is substantial, you know, like any other planning or management you get out of it. You know, because a lot, I mean, the challenge of the reality of it is, is we know like a lot of security pros are firefighting every day. And so, you know, you kind of have to take a bit of a step back, say, "Okay, let's map out our workflows and our processes build our playbooks, and then let's just run these more repeatedly. And then of course it's tweaked them and, and, and look at them and, and, evolve them."

And so, I think that's, I think that's one area. I mean, I do think this notion of... there's, there's a lot of, I think, you know, thought around cloud security, but I think the thing that we need to consider is like, well, what is that? How, how does that change the way that's secure... How does, how does cloud infrastructure change the way security programs work? Right, because the nature of the cloud is that it's a femoral, it's dynamic. I mean, it's very different than traditional infrastructure, even, even virtual infrastructure.

Because the ability both for a developer or an operator to quickly spin up an instance and deploy an application is, you know, instantaneous. and you know, that obviously has its challenges. The other thing about it though, that's great is that you could take that same attitude towards security. I mean, the cloud, if, if you're deploying infrastructure on the cloud and you're building a program around that, back to the automation implement, automation is pretty inherent in cloud infrastructure. So think about what we could do with cloud infrastructure and a well-run security program.

I mean, you could really minimize the attack surface, right? You could really automate a lot of the remediation of, you know, somebody opens a storage bucket to the world. You can automate that immediately, and you can build all of this in, and, and if you think about developer operations, engineering, and security engineering, all working together on that program, on that, on that, you know, approach like it could be, we could, we could, you know, we could get ourselves into a situation where cloud infrastructure, if run well and secure well, it could be, could offer us more opportunity than legacy ever could have.

Garrett O'Hara: Yeah. Interesting point. So here's where riffing on what you've just said there. And, and probably specifically around the storage bucket stuff. You know, generally configuring and getting those things spun up, there's a million different configuration options. They have dependencies and, and sort of impact, impacts on each other. Do we get to a point where that automated spin up of those services becomes almost a com- you know, community-based thing where does best practice and that best practice can be automated into the provisioning of services. So, you know, it's almost like open source best practice security through automation?

Lee Weiner: Yeah. I think you... I, absolutely I think we'll see that. I think the other thing we'll see is as, as organizations look at, as they use things like, you know, Terraform, cloud formation templates to deploy their infrastructure, you can look at all of that before it gets deployed.

Garrett O'Hara: Right.

Lee Weiner: And you could... in fact, it could be simulated of like, okay, well, what could happen if, if we deploy this environment and then the, the, the engineer would know, "Oh, I guess I can't do that. I need to change the setting." But your point, yeah. I mean, look, I think, you know, the community is actually quite strong in this area generally.

Garrett O'Hara: Hmm.

Lee Weiner: And so I think with things like Kubernetes, it can get stronger. Right? And you get to a more standards based approach. and I think we, we definitely could see some really interesting, evolution there as well. So I think, I do think cloud security, well, it's talked about a lot. I think when you really think about the opportunity that it presents the security industry, it's, it's actually quite, it's quite, you could be quite optimistic about it. Yeah, there's work to be done. Don't get me wrong.

But if you think about how we can automate that environment, and what it could mean, you really could put a lot of guard rails and controls in place where, you know, you could still let your, your engineers innovate and you can still let them, you know, build while putting these things in place that we've much more automated, which, you know, we know when applications, when there's flaws found application, applications going to fix those is a lot of work after the fact. If you can do that before the fact would make a huge difference, right?

Garrett O'Hara: Yeah. No, definitely. And you almost start getting into maybe digital twins, you know, or you, you build a digital twin in the environment to your, your vulnerability analysis and, and look at the implications and risks. Yeah. Like, sorry, my, my brain is spinning now because you, you've got me thinking, which is a good sign, you know?

Lee Weiner: But you can definitely do that. I mean, [inaudible 00:39:23].

Garrett O'Hara: Yeah.

Lee Weiner: Like, and again, 'cause you can, you can spin this infrastructure up in, you know, seconds or minutes, it doesn't, it's not like, "Oh, we got to go rack and set a new servers."

Garrett O'Hara: Yes.

Lee Weiner: It's, you know, we can just, we can test this stuff really easily. So I think that is, if there's something to be optimistic about without I think again, look, we have to stay ahead of the attackers and we've got to make sure that we're looking at those threats, but there's a real opportunity for defenders in this environment.

Garrett O'Hara: Yeah. So last question, Lee. we, we give you a magic wand and you know, it's good for you to get one spell and you get one wish, or a genie in a lamp, whatever, whatever your chosen magic format is. What's your one wish for cybersecurity?

Lee Weiner: Well, I mean, I think, and there's, I probably talked a little bit about here. I, I do think that there's, you know, the continued focus on innovating to solving the customer problem, like realist, like let's all really focus on the, on how we solve this problem for the customer, the security professional. Right? And I think that, you know, really focusing on, you know, really helping them, you know, do their jobs, like let's really think about what they're doing and how they're doing it. And you know, that's definitely something that we do at Rapid7 for sure.

Um, and we, we, we talk a lot about it internally and with our customers, but my wish is like, we really need to understand that they're, 'cause they're the ones on the front lines, they're the ones that have to deal with every day. Right? So for people like us that are a vendor, we just need to understand their problems deeply and really, really solve them. So I, I really want, you know, I hope that the rest of the industry follows that, frankly.

Garrett O'Hara: Yeah. Look, I, I feel like we've entered, an age of collaboration, not to sound like I'm wrapping my arms around the world with, with love, but it does feel like that. I, I, I see myself having a more and more conversations with other vendors. We took at a technical integration level, had to serve customers level. And it sounds cheesy. And I know we're both in vendor lands, so it's, you know, maybe people are a little bit suspicious, but that's the reality. The conversations we're having in the background is, "Hey, you guys, in Rapid7 or Netskope or other, other companies out there, like how do we work together? You know, these, these customers, these organizations have problems. If we go in together, what can we do that we can't if we go in separately?"

But it feels like, yeah, I don't know. There, there is that sense of, and I'm going to riff on your hope. but that sense of like, we really are all in this together, like vendors, government private enterprise, the customer, you know, and that's, I think that's where ultimately, we do our best work.

Lee Weiner: Yeah, no, I think, I think you're right. I mean, look on the, the ecosystem is, and the security ecosystem is very diverse and there's good reason for that, right. There's innovation, that needs to happen and, and new companies come along and solve new problems. But I think for, for, to your point vendors like us, we have to be very open to that ecosystem. Right? We have to be supportive of that ecosystem. you know, we understand that our customers use different security solutions and we need to, we need to be able to integrate with them, for sure. And that is, you know, that's definitely a big focus for us, you know, regardless of what they have, we want to be able to work with it.

Garrett O'Hara: So with that Lee, we'll, we'll wrap here. I really, really appreciate, you taking the time. What you do is late for you there, I'm guessing. 'Cause it's very dark outside in, in the background there.

Lee Weiner: That's okay. It's been great. I, I appreciate it.

Garrett O'Hara: It's been a, it's been a pleasure to catch up with you and really appreciate the insights. Thank you.

Lee Weiner: Yeah. It's good to talk to you again. [silence]

Garrett O'Hara: Thanks so much to Lee, for that conversation. Great to catch up with him. And as always, thank you for listening to the Get Cyber Resilient podcast. Jump into our back catalog of episodes and like, subscribe and leave us a review. For now, I look forward to catching you on the next episode. [silence]

Tags
Principal Technical Consultant

Garrett O’Hara is the Principal Technical Consultant at Mimecast having joined in 2015 with the opening of the Sydney office, leading the growth and development of the local team. With over 20 years of experience across development, UI/UX, technology communication, training development and mentoring, Garrett now works to help organisations understand and manage their cyber resilience strategies. When not talking about the cyber security landscape, data assurance approaches and business continuity Garrett can be found running, surfing or enjoying the many bars and eateries of Sydney's Northern Beaches.

User Name
Garrett O'Hara