Vulnerability management, surface visibility is imperative for modern CSOs: Gerry Sillars

Skybox Security imparts huge advantage to organizations over the attackers by delivering advanced vulnerability and threat intelligence, says Gerry Sillars, APAC Chief at Skybox Security. 

Skybox Security is accelerating its footprint across the globe including in the fast growing APAC region. Cybersecurity management and analytics company Skybox is also expanding its regional distribution ecosystem through resellers, system integrators, and managed security service providers.

IDG had an intriguing interaction with Gerry Sillars, Vice President Asia Pacific at Skybox Security, who is responsible for increasing hiring in APAC to further support the needs of customers and build on the company’s foundation of business.

Edited Excerpts

First up, are CISOs and CSOs safe in 2019, if not why?

We’re all aware that the number of vulnerabilities and the amount of exploits continue to increase. The amount of breaches and breach attempts are on an upward. The amount of regulation globally, and extra rigor placed on CISOs in the security organizations is increasing as well. So, they’re no safer than they were last year.

The challenge that everyone has is they’ve got too few people. And there’s a massive problem around educating youth, resources and get them to speed in this industry. They’ve got more technologies that are typically standalone and they’re not connected. 

I don’t know any CISO that feels completely confident and hence state of visibility becomes important from a defense perspective, whether it’s IT or OT or IoT. With attacks continuing to grow, an organization’s ability to address the challenge is two steps forward, one step back all the time.

5 Key Takeaways on Security World: Gerry Sillars, Skybox Security

1. CSOs are looking at reduction of risk from security vendors

2. Increased integration of IT & OT as they become more connected will become crucial

3. Organizations typically are still nervous about acquiring a new SaaS solution  

4. You need to have ultimate visibility of your environment and risks.

5. CSOs should focus on holistic cybersecurity management 

The attack vectors have expanded though IoT, wearables, multi cloud, and GDPR is further compelling CSOs towards a strict data privacy posture.

GDPR was assigned on the basis for people to own more responsibility for the security of data in general.  And potentially huge penalty looms in case of its violation. Everyone faces the issue of having many different parts including a framework, new technologies and the ability to adapt to new IT environment.

We have developed IT for many financial institutions that has dozens of different monetary authorities, separate standards and they’re all based on the same effective principles. From a broad set of guidelines and rules, anything that starts to drive some form of uniformity like GDPR does help the industry in entirety.

Skybox Security’s extensive portfolio includes its core - vulnerability management solutions and visibility tools, cloud offering and other solutions. With breaches becoming more invisible - originating from anywhere, what is the company’s new value proposition?

I do view Skybox as a software technology, as an analytics tool.  CISOs and the security professionals in an organization have more tools across the silos of information. Our value proposition is stitching together the whole bunch of those technologies and provide actionable intelligence. Vulnerability management is a process we articulate to the CSOs on their security strategy as a preventative tool to close the gaps in that environment and update them on the attack vectors to their key assets.  

The security policy management piece - compliance automation, the provisioning, etcetera is witnessing many requirements as people start to rely on standard processes with ticked checkboxes, and automatically most of things getting done.  Thus, visibility in context becomes much more meaningful. And there’s a lot of intelligence behind the context with punching data by helping very large institutions, understand how to protect the key data by locking down the access to those assets.

Are CSOs or security professionals lazy to run vulnerability management much often than usual period or as needed?

I don’t think CSOs are lazy or laid back, but someone has do those scans regularly with the colossal volume of information. There aren’t many organizations that can do constant scans. Another aspect is trying to get smaller windows and greater volume of data at the same time while scanning client infrastructure.

In large enterprises, CISO typically work on the vulnerability scanning piece. However, the fundamental information resides potentially with applications group, infrastructure group that sends feeds of data to people. There’s always an initial willingness for a vulnerability management scan but after the scan how can people actually react, how can we take systems offline? We remediate vulnerabilities through other means to help their cause.

Where does Skybox’s niche solution stack up in CSO’s priority list of security arsenal of email security, IPS, firewall?  Do you have different buying influencers at the customer end?

It’s not high enough on the list for most I would admit. People have advised organizations to take a risk assessment approach to vulnerability in their minds.  We spend time trying to educate the market on the importance of moving away from just checking a box to actually managing risk. Our USP is stitching together tens of thousands of sometimes over 100 different technologies. It can be time consuming and also it leads to bunch of different stakeholders. 

From a vulnerability management aspect, CSO is the champion of leading that initiative.  For security policy management, more often it is a network security or network operations.  

A typical GTM for Skybox is sell to the CSO. We’ve been guilty historically to be too generic, with the messaging, but with customer meetings in recent past, we have gauged that our portfolio caters to different stakeholders at the customer end across security, network and LOB. Skybox marketing team is building the persona of that individual (buyer) and it’s the individuals that we now sell to – be it CSO, CIO or network team – as an example.  

Have all offerings or solutions by Skybox been cloudified or have a cloud version?

Organizations who started early are increasingly moving mission critical workloads to the cloud.  A lot of work is done at our end to ensure our technologies have the same capability and functionality in the cloud as they’ve got from on prem perspective.  Organizations typically are still nervous about, potentially acquiring new solution that is SaaS.  We may at some point will work with service providers or MSSP program to offering technology as a consumable model to our customers.

Today, Skybox software can set physical appliances and virtual appliances as a cloud instance.  We deal exclusively through channel partners, and we’re certainly enabling service providers to provide - file or management as a service, whether it’s vulnerability management as a service, essentially using our technology.  

Vulnerabilities have exploded in terms of numbers and insider threat too is not slowing down. GSISS global Survey by IDG and PWC show over 50% of incident sources are employees and ex-employees. How do you tackle this humongous problem?

Again it’s all about access to information and we’ve got ability to define as many factors as the customer wants in their environment.  So, some of them will be from a disgruntled insider, or from an internet hacker. We’ve got some very large financial organizations as Skybox customers.  For example, some have defined over 100 threats on a daily basis. 

Our technology is very easy to understand from the perspective of where the data is attached.  More importantly how they will block these indirect attacks. People inside the organization can still do things as efficiently as people outside the organizations can do. We educate the companies and CSOs understand the potential internal threats to their company.

A typical GTM for Skybox is sell to the CSO. We’ve been guilty historically of being too generic with the messaging, but with customer meetings in recent past, we have gauged that our portfolio caters to different stakeholders at the customer end across security, network and LOB. Skybox marketing team is building the persona of that individual (buyer) and it’s the individuals that we now sell to – be it CSO, CIO or network team. 

Information security is a super-hot market in terms of IT investments powered by M&A spree and mushrooming of startups. Who are your friends and foes in the industry?

That’s a great question because, we are noncompetitive with almost everyone in the marketplace as we integrate with all the platforms, from a patch management system, scanning systems as well as IT and OT. And cloud vendors, firewall management vendors, network devices, ITSM solutions. 

The challenge, however, for everyone is competing for the same x amount of dollars extensively from the CISO and their organization. We ensure to be in the stack at number one, two or three by highlighting our importance to CSO around visibility, vulnerability, network security. We do a whole bunch of over-the-box integrations with ServiceNow, Spunk etc. who all are our natural allies.

What mega industry trends will increase business for your company in near future?

The continued adoption of clouds won’t be unplanned model like The Wild West as companies will explore security first and that is certainly a significant growth area.  Companies will tend to explore the cloud environment on protecting the assets. And the increased integration of IT and OT as they become more connected will become crucial. 

The modern breaches will emerge from different attack vectors, varied geographic expanse on an ongoing basis like fish tank breach in casino in the US in 2017.  It’s incumbent to adapt to the constantly changing and rapidly evolving market for CSOs, us and the industry at large. 

CSOs today are looking at reduction of risk from security vendors.  The appetite for the exposure to vulnerability is now zero and the appetite to potentially take an assessment is higher than in the past. They don’t mind too much of detail around paying as they want to patch immediately or do something to mitigate the risk. 

Pitch Skybox Security if I were a CSO of a modern organisation. 

A CSO is struggling with a bunch of different challenges - not enough people, not much visibility of the environment, emergence of cloud, among others. You need to have ultimate visibility of your environment and a visibility of where your risks reside.

Skybox Security has the ultimate tool to give companies an ability to visualize that environment to protect the key data assets powered by the actual intelligence. My humble advice to C Suite would be to stop wasting time on their vulnerability management piece as Skybox technology enables CSOs and security professionals take a seat on the company’s board with holistic cybersecurity management and analytics back in their IT Infra.  

Copyright © 2019 IDG Communications, Inc.

Download CIO's Roadmap Report: Data and analytics at scale