Sign up for my newsletter to see more interviews with the biggest names in cybersecurity.
This week I got the chance to speak to John Bruce, the Cofounder and CEO ofResilient Systems. John has argued that there are an abundance of security companies that provide detection and prevention capabilities, but very few that tackle the crucial task of responding to incidents once they occur. Now that companies must assume that they have already been breached and that they will be breached in the future, response capabilities are essential for a strong security program. John and I discuss the primitive methods that some corporations are still using for incident response and more in the interview below.
I think that the way that you’re portrayed in the media is that you provide the workflows necessary for incident response. Is that the right way to think about your company, and what does that actually mean?
There’s the way that the media sees us and then there’s the way that customers actually use us. We do provide workflows, but we also automate a lot of the processes involved in incident response. We bring together the technology, people and processes that allow organizations to mount an effective response to an incident.
Could you explain the difference between your security, privacy and action products and how they work together?
Security: The security product helps organizations respond to security threats such as DDoS, malware and other attacks.
Privacy: Wherever there is a compromise of personally identifiable information, the privacy product describes explicitly to the users what their obligations are and to whom. The product will also detail the legal and contractual obligations that they are faced with.
Action: The action product allows companies to interface bi-directionally with their different technologies already in place across their infrastructure. They can ingest data to be better informed then invoke actions to be taken automatically. All from within the platform. Think of it as a way for them to interact with the world.
What’s the process like for companies that don’t have a product like yours, to respond to incidents? What are they using right now?
Everyone has something; you have to have built some kind of capacity to deal with incidents. Most folks are using homegrown tools or spreadsheets or case management systems, but it varies with the scale and complexity of the organizations. Financial firms for instance, have more advanced capabilities. In any event, when we talk to most folks, most of them don’t realize that something like this exists.
Since you guys started several years ago, companies like DFLabs, Hexadite, and ID Experts have sprung up. What are the core capabilities that these players share and what are the differentiating factors between them?
It’s probably better to ask them than me. As the market begins to grow, along comes competition and a lot of folks have compared themselves to us, saying that they provide more automation, or they’re tailored to specific verticals, or they integrate with more companies. Since we’re the market leader, they’re constantly comparing themselves to us.
What are your plans for the product going forward?
The good part about being the early mover in the market is that our customers help us define the market by sharing their opinions. Expect us to do more expert systems, provide more automation, and integrate with more systems.
You’re a growing company, and the last time you raised money was back in 2012. I’m sure a lot of investors are cold calling you and trying to get your attention. How can they get your attention successfully and if you decide to raise money again, what are you looking for in an investor?
It’s tough to get my attention because the signal to noise ratio is pretty low and there are a lot of associates calling around to at least engage with us. When it’s clear to me that the cold caller is associated with or working with a principal or partner, I’m more likely to take the call.
I’m contemplating raising a round now and the firm that’s a front-runner is one that has been talking to me for 3 years, well before it made sense for them to invest. When it came time to think about raising a round, I knew them, they knew me, and they had a clear thesis on security that we fit into.
- Comprehensive article that outlines the current landscape for security startups. Although venture capital invested in cybersecurity is increasing, it still represents less than 7% of all venture funding. The author argues that security companies grow slower than startups in other areas that receive venture capital, but that they are more resilient businesses.
- The obvious choices are all there, but there are some lesser-known conferences as well such as Shmoocon, Infosec World, and Derbycon.
- The WSJ talked to the CISO for telecom provider IDT Corp. about how they respond to incidents. IDT recently implemented Hexadite and claims “events that once took eight hours to investigate can now be done in under a minute.”
- Jason Lemkin of SaaStr discusses several examples of poor security that he has witnessed recently and suggests steps that startups should take to build their company with security in mind.
- This is a great primer on the methods currently used for fraud prevention and how they might look in the future. The piece argues that behavioral analysis is superior to even biometric identification for determining fraud and it provides examples of how machine learning is being used in behavioral analysis. Also see “Is The Password Dead? The Future Of Web And Mobile Authentication“