John Grancarich On The Evolution Of The Threat Landscape, Supplementing Teams With AI, And How HelpSystems Became Fortra
John Grancarich discusses Fortra’s four-pillared approach to security, the benefits of consolidating your security stack, and how we can expect the threat landscape to evolve in the near future.
“Complexity” is the word currently on everyone’s lips when it comes to cybersecurity. Environments are complex to manage, security tools are complex to use, and attacks are becoming increasingly complex. Part of the reason for this complexity is that threat actors are consistently looking for, and finding, new ways to evade defensive technologies.
“There’s certainly no shortage of challenges in cybersecurity. And one of the things that we see a lot from our customers is that it’s difficult to just navigate the complex landscape that’s cybersecurity today,” says John Grancarich, the EVP of Strategy at Fortra (formerly HelpSystems).
John is responsible for the growth and strategic direction of Fortra’s cybersecurity and automation solutions. Prior to joining Fortra, John founded enterprise software consultancy Product Fuse, and held web development, database administration, and computer forensics engineering roles.
In an exclusive interview with Expert Insights at RSAC 2023, John discusses Fortra’s four-pillared approach to cybersecurity, the benefits of consolidating your security stack , and how we can expect the threat landscape to evolve in the near future.
You can listen to our full conversation with John on the Expert Insights Podcast.
Tackling Complexity With A Four-Pillared Approach
One of the biggest challenges that IT and security teams are facing is complexity. As businesses move their digital environments to the cloud, their security teams must learn how to use new tools and processes to secure those environments and meet compliance requirements. On top of that, the cybersecurity skills gap shows no signs of being filled.
“Customers are constantly feeling like they’re on their heels,” says John. “There’s a lot of noise, uncertainty, and risk. One of the big challenges they have is knowing where to focus their finite amount of resources, so they can get the most benefit for their business.”
Organizations need to take a multi-layered approach to security to ensure they have visibility over all layers of their environment, but it can be difficult to know where to start. John says that organizations should focus on four key areas: data protection, infrastructure protection, security awareness training, and managed services. Splitting security into these four areas, John explains, enables businesses to cover all bases, while directing their resources to the areas that need it the most.
“In data protection, we’re focused on a few different things: data loss prevention, data classification, and secure collaboration. Data is the key asset that an attacker looks to compromise during an attack, so we help organizations figure out what their critical data assets are, how their data flows, and then we apply security controls to better protect their data.”
“The flip side of the data side of it is infrastructure. All that data is flowing through various systems, servers, and devices, so we also have a part of the business focused on securing that infrastructure itself. This includes things like vulnerability management, penetration testing, and red teaming.”
“Then there’s the human element. No matter what kind of controls we put in, people are going to make mistakes. That’s where security awareness training comes in, to address the human element and enable companies to better identify what an attack looks like.”
“The last part is around managed services. It’s no secret in cybersecurity that we have a scarcity of skilled individuals to do the work. It’s not an easy sector to get into, and you can’t just bring somebody new and say, ‘Here you go, go ahead and defend the company.’ Because of that, we’ve looked for ways to help augment what a security team might do. That’s where managed services come in. We enable customers to outsource or augment their existing teams, so they don’t have to take all that burden on themselves.”
Consolidating Tools And Vendors
In an attempt to reduce the technical complexity that today’s cyber landscape presents, many businesses are looking to consolidate their cybersecurity tools so that they can manage and secure multiple layers, via a single, unified platform. Some organizations are taking this a step further, by choosing to use tools from a single security provider that offers multiple services, rather than investing in tools from multiple providers.
“On the technology side, having multiple tools from a single provider enables interoperability between the solutions,” says John. With one provider behind the technology, different solutions are more likely to work together and communicate findings thereby improving management, visibility, and security.
“We have a lot of different threat intelligence sources across different products. But because we own all the intellectual property and data, we’re building the Fortra ‘Threat Brain’, which is a piece of technology that’s going to bring all this intelligence together in a single cloud service. So, when we get intelligence from Customer A, our Customers B, C, D, and E can also leverage that same intelligence and spot threats earlier and sooner.”
Aside from reducing the complexity of management and improving integrations between tools, utilizing solutions from a multi-platform provider can also provide more consistency in terms of customer experience, support, and finances.
“When you work with a company like Fortra that has a broader platform, you get to work with one support team across a broader range of products. The benefit for the customer is consistency,” says John. “One of the things we hear from customers, when we look out at the competitive landscape, is sometimes the technology is good, but the support maybe is not that great.
“So, we’ve invested a lot to make sure that our service and support model is unified. Whether they’re working with us for infrastructure protection or data security, it’s the same support experience across the portfolio. At the end of the day, we manufacture and distribute technology, but we’re in the business of trust. The more that we have that trust in place, then the more that we can serve and operate.”
Augmenting Human Intelligence With AI
In recent years, threat actors have begun carrying out increasingly sophisticated, multi-vector attacks, in which they combine multiple different attack methods for a greater chance of penetrating their target organization. This creates a lot more noise for security teams to comb through, before they’re able to identify and remediate an attack—and it’s something that we can expect more of, says John.
In response to this, in the face of the cyber skills shortage, we need to utilize new technologies such as AI and ML to augment our security teams.
“The way to combat [more complex attacks] is through machine learning and artificial intelligence, and augmenting and amplifying what a team can do,” John says. “If we can’t grow more professionals, we have to find a way to take the professionals that there are and 10x or 20x them.”
“The most pervasive problem we have right now in security operations is we have too much noise, and not enough people that just sift through the noise. So, I think that how it’s going to manifest itself. We will see a very strong application of machine learning helping the analysts to determine what the noise is they’re seeing, and what they should be paying attention to. And that will enable those teams to scale far better than we ever have before.”
Preparing Today For Tomorrow’s Challenges
There are a few ways to prepare for the complex attacks that businesses will continue to face as we move beyond 2023, says John. The first is to make sure you’re able to defend yourself against the four main threats that we’re seeing today: credential theft, phishing attacks, vulnerability exploits, and botnets.
The second is to start using the new and emerging technologies that are available to us.
“Use some of this newer technology, like AI and ML, to amplify what you’re doing. Run some experiments internally, even if it’s pilot projects or POCs. For 10 years, the industry has been talking about the fact that we need more people—we have to start shifting the conversation from hiring more people, to taking the people that we have and magnifying their abilities. And I think that’s the way to do it.”
Listen On Spotify:
Listen On Apple Podcasts
About Expert Insights
Expert Insights provides leading research, reviews, and interviews to help organizations make the right IT purchasing decisions. You can find all of our podcasts here.