Interviews | October 13, 2017

Black Hat Europe Sponsor Interviews: Qualys and SentinelOne

Darron Gibbard

Darron Gibbard
Managing Director, EMEA North


Q: Tell us a little bit about how Qualys is helping customers prepare for GDPR. What do enterprises need to understand about the security implications of the mandate?

Qualys is helping organizations in a number of ways to help them prepare for GDPR compliance. Firstly, providing visibility of all assets within your estate is the start for any organization, ensuring that when you start auditing your estate for personal identifiable data you have an accurate number of systems and applications to start. Use Vulnerability Management to prepare with tools and processes to detect, report, and investigate a data breach. Use Threat Protect to control and stop data breaches before they happen, understand your risks to your estate so that breaches do not occur and to prioritize what needs protecting first.

The next piece is Policy Compliance, which helps organizations implement Privacy Impact Assessments. The final piece is Security Assessment Questionnaire, which automates third party supplier due diligence which helps inform what GDPR is and the impact it will have. For third party assessments this will help organizations understand where the PII is being shared through streamlining supplier risk audits.

The regulation will empower CISO's with the mandate to protect all personal information wherever it is used. The CISO will now need to ensure that all new systems and applications have been built with security in mind—Privacy by design—and be responsible for knowing where all PII is used, stored and shared. The CISO will need to be able to recover PII data quickly and accurately in the event of a subject access request.

Q: How will Qualys' recent purchase of Nevis Networks benefit customers? What drove Qualys' decision to acquire the company?

Nevis Networks has built a series of high performance security products that extend similar levels of protection found in the perimeter to all users on enterprise LANs. These solutions allow enterprises to share network access with managed (employees) and unmanaged users (guests, contractors, customers) whilst providing the necessary control required by compliance and regulatory bodies. Nevis Networks' highly scalable and cost-effective solutions are seamlessly integrated into the policy infrastructure of the network.

Nevis Networks has built a series of high performance and low-cost network traffic analysis tools that help enterprises enforce network access control to business applications based on policy, which Qualys will natively integrate into the Qualys Cloud Platform. This acquisition provides Qualys with significant domain expertise in passive scanning technologies and allows Qualys to accelerate its move into the adjacent market of mitigation and response at endpoints. This transaction also will enable the strengthening of Qualys' technology stack and commercial presence in India, which represents a significant market opportunity.

Q: What is Qualys' main focus at Black Hat Europe 2017? What is the one thing you want attendees to take away from the company's presence at the event?

Consolidation is the main theme for organizations at the moment that I am coming across time and time again when speaking with CISO's. Budgets are being squeezed more and more and to compound the problem there is a significant skills shortage in the industry. With the Qualys platform we can automate, report, integrate with existing platforms and provide real time information of what is happening within your applications and infrastructure wherever it may be. With the Qualys platform we will consolidate your security and compliance stack in a single platform, which drastically reduces your IT and IT Security compliance spend. Come visit the stand and we will show you how.

Tomer Weingarten

Tomer Weingarten
CEO & Co-Founder


Q1. What do you want security administrators to know about the recently launched Deep Visibility module for SentinelOne's Endpoint Protection Platform? What does it allow them to do that they were not able to previously?

As we become more cybersecurity conscious, businesses have adopted more encryption technologies to ensure their communications stay secure. In fact, over 60% of the web traffic today is encrypted and only pushed harder by companies such as Google that drive search results based on use of encryption. As one would expect, attackers use the exact same technologies to stay hidden from all protection layers as well [making] the job of securing the organization much harder!

One of the key tenets of security is visibility –you can't stop what you can't see. Imagine driving a car with half the windshield covered. You wouldn't do that with your car, so why do that with your security?

Deep Visibility enables our customers to gain visibility into the encrypted traffic flows and ensure their security is driven with full visibility into all behavioral characteristics at the endpoint, irrespective of the type of traffic or application. You might wonder why that's special when some other companies have deployed network appliances for the same. It's because we do it in a way that does not increase the overheads on the endpoint or complicate the network deployments, which can have productivity and availability impact on businesses. The SentinelOne approach to Deep Visibility helps our customers detect and respond to threats within encrypted traffic flows with minimal performance impact.

Deep Visibility also enables security analysts to drive forensic investigations with IOC search capabilities as well as power proactive threat hunting to reduce the overall risk for the organization. The entire SentinelOne EPP solution is powered by a single agent, single console architecture with integrated detect-to-remediation workflow to reduce both endpoint and security analyst overheads and improve the time-to-protection.

Q2. How does SentinelOne see security professionals adopt AI to improve their security against an evolving threat landscape? How do you see AI enabling security professionals?

At SentinelOne we strongly believe in the power of Artificial Intelligence (AI), when done right, to help safeguard organizations against the growing risk of cyber breaches. For one AI is unencumbered by the limitations of traditional signature-based security solutions where a threat needs to be known in advance to derive a signature.

AI must be also be leveraged in the right way to truly protect organizations against "evolving" threats. For instance, detecting fileless threats or script-based attacks necessitates not just looking at preventative file-based models but expanding the security perspective to on-execution AI that observes system behaviors to detect threats as attackers perform malicious acts. This is a critical component since we know attackers will try to be as evasive as possible. Securing an airplane isn't just about security checks before your board, it extends into the flight with the right personnel and even air marshals observing and responding to any threats. Security in the cyber-world is no different! The key for on-execution AI is how we do it in an efficient fashion so as not to overload the end-user and how we do it at the endpoint to provide security even when the users are not connected to the network. This is where SentinelOne's approach differentiates from other options.

Additionally, our execution-based models also provide rich forensic insights to help security analysts understand the threats better and be more complete in the response. For example if the malware tried to move laterally it's important to augment device recovery with an understanding of what other machines may have been targeted.

The last piece about AI-powered detection is to marry it with response. No security is good if all it does is notify you when something's wrong especially when lots of things can go wrong. Here's where an integrated workflow from detection to response becomes critical. Whether that response is discovered from the system discovering issues or from an analyst hunting for indicators of threats.

Q3. SentinelOne is a big proponent of autonomous and automated security? What do you want attendees of Black Hat Europe to know about your model and how do you see it benefiting them?

Absolutely. We are all aware that getting skilled security professionals is a major challenge for organizations today - in fact almost 50% of organizations are severely understaffed on security professionals. And as the business environments and threats become more complex they only increase the complexity of a security analyst's job. We also know from threats such as WannaCry and NotPetya that time-to-response is extremely critical - WannaCry hit hundreds of thousands of machines within a day and brought several large organizations to their knees. The organizational risk and impact is clearly dependent on the speed of cyber response after a threat and, with limited security professionals, a manual approach is never going to scale!

The automation of SentinelOne EPP exists at several levels—device containment to minimize spread, kill and quarantine to minimize impact, as well as remediation and rollback to accelerate recovery after a breach. By automating the security response workflow, we can both minimize the risk to organizations and improve the efficiency of security teams! And that in turn can also liberate the security analysts to spend time on more proactive security measures for their businesses!

Sustaining Partners