Interview: The State Of The Cybersecurity Landscape

John Grancarich is the EVP of Strategy at HelpSystems. Grancarich is driven by a goal to improve people’s work lives through technology. Prior to joining HelpSystems, he founded Product Fuse, an enterprise software consultancy focused on helping businesses build and implement successful product strategies. He has also held roles as a web developer, database administrator and computer forensics engineer. In his current role at HelpSystems, Grancarich leads the growth and strategic direction of the company’s cybersecurity and automation products.

At RSAC 2022, we spoke to Grancarich to discuss how the changes in the way businesses engage with digital services have impacted the threat landscape, the benefits of holistic versus disparate security tools, and how automation, upskilling and outsourcing can make security teams’ lives easier.   

Could you give us a brief overview of HelpSystems, the solutions that you offer, and your typical customers?

Yeah, absolutely. HelpSystems was formed in 1982, so we’ve been around for quite a while. The initial focus of the company had been automation, but when I joined a few years ago we saw an opportunity to bring automation into cybersecurity, to help automate some of the routine, repetitive, high volume tasks security teams have to deal with today.

Today, we  focus on the two broad product categories of infrastructure protection and data security, and have a combination of products and services, or products and managed services. Our customer base is around 30,000 worldwide, with roughly half of those in the mid-sized range and the rest spread between small and enterprise. So, mostly the company is built around the mid-sized market. We serve a huge variety of industries. Our number one industry is finance, followed by government, defense, tech, and some related industries such as healthcare as well. And we’re in 18 countries around the world in about 30 different offices.

Over the past couple of years, we’ve seen huge changes in the way organizations work and engage with digital services. What are the main cybersecurity challenges that you’re seeing facing organizations today?

I think one of the key changes that we’ve seen that has contributed to the cybersecurity challenges is how organizations architect and manage their IT infrastructure. So,  if we rewind back to 10 years ago, there was this concept of a network perimeter where an organization would, essentially, build a digital wall or fortress around all of their assets. And as long as that wall was fortified, the organization would feel pretty confident that it was properly defended.

But with the rise of SaaS applications and the incredibly diverse variety of tools and technology organizations now use, that wall is gone; the perimeter is completely gone. So, now organizations are managing all of this technology across all these different platforms, on premises, cloud—all different types of deployments. And each of those different technologies comes with its own set of risks. 

So, in the past, where a security team may have only had to protect one wall, now they’re protecting all sorts of different domains and areas and types of assets. And with each of those different areas to protect comes a different set of threats. For example, we see a lot of phishing attacks but it’s not just phishing anymore—phishing has evolved into vishing now—voice phishing. So, the criminals are getting smarter there. They’re going to just keep adapting their techniques and strategies and be as opportunistic as they can to trick people into doing what they want them to do.

So, we’re seeing this incredible diversity and growth in the types of threats that there are, which is making it more challenging than ever before for security teams to understand what all those risks are and protect against them.

HelpSystems offers a huge portfolio of cybersecurity solutions. How important is it for businesses to take a layered approach to security, and should they be looking to implement multiple solutions at different layers from one provider? What are the benefits of this for improving security resilience?

What I really want to start with is what we’re seeing just in terms of how many providers an organization typically uses. From what we’ve seen in our research, about two thirds of the average midsize or enterprise company today are running 50 or more security products. A third will be running 100 or more. It’s a broken model, it’s unsustainable. Despite that, there is a reason for it. I think it goes back to your question, which is that they’re looking for comprehensive protection across a range of threats.

We see multi-layer security as being crucial to cover all these different varieties of threats—that’s our role, that’s what we offer. But what we’ve also chosen to do is not try to be everything to everybody across cybersecurity. It’s just too complex, too dynamic. Yet within the two specific areas of infrastructure protection and data security, we want to be the best in the world. I don’t think it’ll ever be a one vendor security relationship. It’s just too dynamic and too fluid. 

If you look at the entire cybersecurity landscape, whether it’s products or services or some other type of solution, by our count there are over 4,500 companies in the world today offering some level of solution. That’s an insane number. What we want to do is help organizations use fewer of these. We would get them down from, say, 50 to 10, or just something much more manageable, because we don’t think that the cybersecurity skills gap for 3 million job openings is ever going to get filled. But what we can do is make it better for today’s cybersecurity professionals by bringing more of these solutions together into a more usable, single experience.

Do you imagine that more cybersecurity companies will be extending their portfolios to offer a more holistic platform, or can we expect more acquisitions in the cyber space?

Yeah, I think based on the conversations I’ve had here at RSA, it will be more of an acquisition focus. We’ve had a number of companies, approach us here at RSA who want to explore a partnership or outright an acquisition with HelpSystems. And so, there are really only two options available to a company; they’re going to raise more money, or they’re going to get acquired, and with the way the market is evolving now, I do think we’re moving to a period of consolidation. That 4,500-vendor number is not sustainable, and these companies are feeling the pressure.

There was a period of time in the last couple of years where it was relatively easy for any company to acquire funding. The capital markets are changing right now just due to the strain in the economy. So, we will likely see a lot more acquisition in the next six to 12 months is my guess.

One of the key challenges that we come across today is the need for automation in security, especially when it comes to managing alerts and automating remediation of suspected threats. How does HelpSystems help organizations to solve alerting and remediation challenges?

When we look across the entire HelpSystems portfolio, we have well over 150 different threat intelligence and data feeds today. They range from bad IP addresses to malicious URLs, whatever it might be. We’re bringing all of those together into something we’re calling the Threat Fusion Center. It’s not something that a customer interacts with, it’s going to sit in the background. And what it’s doing is basically curating all of our threats into various types of categories. And then each product we have can inherit this information and customers can use it to identify threats much faster than ever before. 

We recently acquired Alert Logic. Alert Logic is our managed detection and response (MDR) offering, our managed services offering. It’s now using the Threat Fusion Center to basically bring bad URLs into its intrusion detection system, which is something you could never do before. We released this to 3,000 customers a couple of weeks back, and automatically those customers are seeing not just a list of what bad URLs we blocked, but they can’t even visit those URLs. So, that’s us automating and alerting processes and making it simple for customers to protect themselves against those threats.

Offering that managed service enables businesses to outsource some of the resource they need. How important is it for businesses to be able to outsource that talent, versus cross-training or upskilling their employees?

Yeah, that’s a great question. I don’t think it’s “either-or”; I think it’s an “and”. And the reason I think that is, if you look at some parts of our portfolio, like infrastructure protection, we have vulnerability management, plus penetration testing, plus red teaming. Those three tools together enable the existing security teams to get better at what they do to develop their maturity over time. And you know, in the case of a red teaming tool like Cobalt Strike, those are for the most sophisticated operators, you know, the professional penetration testers.

So, we’re going to continue to empower the teams to get more done and to develop a higher set of skills.

All of that said, we can’t get past the fact that there are still 3 million cybersecurity openings around the world. To combat that, we want to help security teams to accomplish more through automation and automated alerting, but also where they do need more resources, we can be an extension of their team. And one of the things that we have found is rather than say, we’ll replace your team, it’s really about how we can augment what you’re already doing. What we find is that a lot of these teams have a great strategy in place, but they don’t have the people to execute it.  We can work with them on that strategy, and we can help them with the detection and response side of things. So, it’s a great way to develop a partnership with customers and help them execute their strategies that they’ve already got, but just don’t have the resources to actually get done.

Finally, what is your advice to those reading this article who are looking for improve their organizations resilience against cybersecurity threats, what are the best first steps to take?

I think there’s an opportunity and a need for organizations to have an internal discussion around how to think about risk. There are just so many different options for solutions that you can look at, but if you think about how a business is structured, not everything is created equal; not every piece of data is created equally, and there are going to be more important risks to the business and more important assets that have to be protected. So, instead of just always thinking of tools first, let’s have the risk discussion.  We work with a global apparel manufacturer, who was having a challenge with their designs being created in the United States, and then transferred over to China for manufacturing. They were being intercepted on the way to China, and so counterfeits of their designs were hitting the market. That was their number one risk. So, when we have that kind of conversation with a customer, we can zero in on protecting those design files. I do think there’s an opportunity here for organizations to understand what those key risks are. There are so many threats in cybersecurity tech—we’re never going to stop them all, but we can do a much better job of knowing what to protect first.

Thank you to John Grancarich for taking part in this interview. You can find out more about HelpSystems’ infrastructure protection and data security solutions via their website.

Expert Insights provides leading research, reviews, and interviews to help organizations make the right IT purchasing decisions with confidence.