Udi Jacoby
Intensity Global
Managing Director Asia Pacific and Japan
Utilize global cyber security startups. What is the reason?
A startup that creates new technologies that help solve world issues. Globally, the utilization of startups as the next step in cyber attack countermeasures is progressing.
In this column, I have serialized the issues of cyber attack countermeasures and the advantages of using startups three times.
In the final 4th edition, we interviewed Udi of Intensity Global, a partner of ABeam Ecosystem, who provides global startup security solutions. We will introduce the value provided by startups and examples of their use in companies.
What are the strengths of a startup that cannot be imitated by major security vendors?
ABeam:
Intensity Global provides cyber security services in collaboration with various startups. What are the strengths of startups that cannot be imitated by major companies?
Udi:
Hackers use new techniques and technologies that never existed before to launch attacks. Businesses are required to continue to improve their countermeasures against threats. However, traditional security vendors are limited in their ability to respond to new threats due to the size and complexity of their organizations. As a result, traditional security solutions make it difficult to detect unknown threats and respond quickly to new threats.
Under these circumstances, startups’ greatest strength is that they can quickly respond to unknown threats by utilizing new methods and technologies in a way that complements conventional security solutions . Similar to major companies, major security vendors balance the three elements of efficiency, maturity, and agility, but they are superior in efficiency and maturity, but inferior in agility. There are many. This is especially true for large security vendors, which may lack the ability to respond to new changes.
Startups are often less mature than traditional solutions, but respond more quickly to new threats. They provide new solutions that utilize AI, automation and other technologies to quickly respond to new threats from hackers.
From a personal point of view, startup solutions complement the mainstream cybersecurity products and help protect the enterprise by providing visibility into the latest threats and addressing the unknown .
- * Based on Udi’s interview response, illustrated by ABeam Consulting.
What is the difference between Japan and overseas security issues
The Lack of ABeam security personnel is a global phenomenon, but I think there are differences in security issues between countries.
If you have any issues unique to Japanese companies compared to overseas companies, could you tell us?
Udi:
It depends on the organization and culture of the company rather than on which country it is. However, as an overall trend, I feel that there are two main differences in attitudes and approaches to security between Japan and overseas.
The first point is that many overseas companies regard security risk as a business risk and regard it as a management issue. If security risks become apparent, not only will companies suffer financial damage, but it will also lead to damage to the brand image and loss of social credibility. For example, it is said that the damage caused by an attack by ransomware is 300,000 dollars on average (about 32 million yen in Japanese yen). In addition, “an investment of $1 in security costs has the effect of reducing the damage done by an attack by $60,” said an analyst.
Yet in Japan, many executives classify security as a technical risk rather than a business risk. Japanese executives also prefer major security vendors. As a result, many companies are not able to visualize the risk of unknown and emerging threats. In addition, the introduction of a visualization solution may lead to the negative denial of their work, which may lead to concerns that IT teams have been unable to take. When I visited a security officer at a company, I actually had an episode like this. When I introduce a solution that visualizes security risks, he said, “Since there are many other tasks and tasks that must be done, it will be a problem if you increase the number of jobs.” This cannot protect companies at all. Officers should really ask if they are focusing on critical issues.
It’s true that there aren’t enough people in the security field, so I can understand that I don’t want to increase the number of jobs because I am full. On the other hand, it is also true that some companies are able to respond swiftly to the unknown threats that appear one after another.
What makes these differences is the ability to visualize and prioritize risks. To prioritize properly, you need visibility into security risks .
The second point, I think, is being tackled in Japan as well, but we regularly hold forums overseas to keep close contact with outside the organization regarding incidents and risks . For example, we regularly exchange information and opinions regarding the latest technologies and threats, and share information about actual damage such as incidents. Also, the government regularly provides such information. We are also working with more than 20 organizations in Australia and Japan, and last month many organizations were hacked and there was information sharing about the incident that the website could be rewritten. However, since information on such incidents is important information regarding the credibility of the organization, it is premised on building a relationship of trust that will never be leaked outside the community. We also participate mainly in Israeli forums, but this timely information enhances the security practices of us and our clients.
Regarding the first point of ABeam , that is, the causal relationship that the person in charge says “I can not afford to visualize security risks because I am too busy” is rather the opposite, and I am busy because I do not visualize security risks. Is it?
Udi:
That’s right. A security strategy begins by confronting existing security risks . I also want you to be aware that security measures are not just technology issues, but business issues.
What is a startup connoisseur with its own methodology?
You’ve been offered a variety of security solutions that leverage ABeam Startups. How are those startups discerning?
Udi:
It is a prerequisite that we have game-changing services in each area, utilizing advanced technologies such as AI and automation . If this prerequisite is not met, the startup’s primary role of complementing existing services cannot be fulfilled. As I mentioned earlier, if the existing services provide 70% of the functionality required by customers, startup services will complement the remaining 30%. In Australia, where I am, it’s common to introduce AI-based automation services that complement traditional security solutions.
We also put our customers’ success first. Therefore, we will not handle unless the effectiveness of utilizing the service can be demonstrated. Specifically, we conduct tests in our own lab to determine the value of startups and then provide services and solutions.
What is the effect of solving customer issues by automation?
The keyword “ ABeam Automation” has come up, but what kind of effect will it have in solving customer issues?
Udi:
As a Security expert, our job is to constantly improve the security of our company. The challenge for companies is that information systems are becoming more complex and decentralized. In such situations, automation is used to quickly gather the information needed to make the right strategy decisions. Many companies are focused on prioritizing the information collected by automation, even with limited resources. Without automation and AI, it is difficult to discover new threats in the entire system and make decisions based on the results.
ABeam:
It is because we regard it as a business risk, so it is important to consider strategies, and technology supports the gathering of information for that.
What are the customer issues that the solution solves?
Could you introduce some examples of how you can use ABeam Startup’s solutions, including your background and challenges?
Udi
No. | industry | Background/issues | Provided solution |
1 | Manufacturing industry | · No security measures against zero-day attacks
· Some companies in the industry suffered a zero-day attack, so they needed to quickly check themselves and take measures. |
· Providing a mechanism to notify you of the latest global threats within 1-2 days
· Daily effectiveness of countermeasures against the latest threats can be simulated · The workaround report can be used to quickly fix the problem. |
2 | Financial industry, critical infrastructure |
Conventional antivirus and EDR cannot prevent unknown threats existing in the world in real time | Provides endpoint solutions that detect and block real-time zero-day attacks |
3 | Manufacturing industry | I don’t know how to prioritize security measures and develop strategies | · Quickly visualize the current situation and prioritize through simulations and monitoring of assets (websites and clouds) on the web
· Develop effective strategies and make appropriate decisions based on detailed reports |
- * Based on Udi’s interview response, the contents are summarized by ABeam Consulting.
The first is a customer case where a zero-day attack aimed at the manufacturing industry was prevalent at the time, and other companies in the same industry suffered from the zero-day attack. We received a consultation that the company does not want to suffer the same damage, but does not have the budget to take measures against a zero-day attack. The zero-day attack tends to be targeted at the same industry/business in a short period of time, so it was an extremely urgent project. The startup we introduced can notify you of the latest global threats in a day or two, and can quickly simulate threats . This customer automatically executes daily simulations to visualize the latest risks of the company and strengthen countermeasures.
The second is a case of a customer who has introduced the conventional endpoint security, but is worried about security measures because it cannot prevent unknown threats. Many companies think that they are utilizing endpoint security that is consistent with past attack patterns, but they are unable to deal with new types of malware. The startup service we have introduced supports real-time protection against unknown threats by distinguishing legitimate activities performed by users from threatening activities performed by attacks in real time .
Third is the case of a customer in the manufacturing industry, who says, “I have too much work to do and I don’t know what to start with.” From our experience, there are many customers who have similar problems. Visualizing security risks is the first step in a security strategy. Therefore, we simulated thousands of threats and prioritized security measures. Regarding the priority order, the business model differs depending on the industry and the type of business, and the digital assets to be protected also differ, so it is necessary to decide the priority taking that point into consideration. Experienced members who understand the characteristics of each industry and industry provided detailed reports including security strategies. By using startup services in this way, you can quickly collect information and focus on strategy planning with few resources .
Udi Jacoby
Intensity Global
Managing Director Asia Pacific and Japan
Leveraging more than 30 years of executive experience, he now serves as a GM for Intensity Global in Australia, Asia Pacific, and Japan with a game-changing portfolio of services for businesses. doing.
Mr. Udi started his career in advanced system development for the Wehrmacht, then joined HP Software, Mercury and worked with many CIO, CISO and IT executives around the world, including SDLC, DevSecOps and Strategy Planning.
I have been working hard to Intensity Global has cybersecurity researchers and experts who provide SaaS services and end-to-end security services that they manage, plan, design and implement. Intensity Global’s goal is to provide a comprehensive solution that enhances an organization’s resilience to ongoing targeted cyber threats.
Finally
In this column, through an interview with Intensity Global, which is active as a global cyber security expert group, we introduced global security issues and examples of how startups can be used to solve these issues.
The idea that the biggest challenge for Japanese companies is that there isn’t much to do, and that we can’t visualize risks, was the most impressive. It may take some time to change the mindset of considering security risks as business risks, but as the first step of a security strategy, I think it is important to first try to visualize security risks.
Over the past four times, I have introduced the issues of cybersecurity in Japan and the existence of startups that help solve the issues. Globally, the use of startups that utilize technologies such as AI and automation is advancing as a means of combating the increasing threat of cyber attacks. There are many startup services that solve the problems of conventional measures. We think that it is necessary for Japanese companies to proactively incorporate global success stories and to improve their countermeasures and improve efficiency, regardless of borders involved in cyber attacks.
In addition to the services introduced in this column, ABeam Consulting offers a number of services that utilize digital technology and consulting that suits various issues and the environment surrounding them. For details, please refer to the link below.
Below is a link to the original Japanese article on the ABEAM website:
https://www.abeam.com/jp/ja/service_line/abeam_security/cyber_security/column_04