OpenText’s Paul Reid on Preventing Next Generation Cyberthreats

00:01

[Music]

00:04

hi I'm James Maguire here at the RSA

00:06

conference with Paul Reed Global head of

00:09

threat intelligence at open text Paul

00:11

thanks for talking with us today thanks

00:12

for having with us today all right so I

00:14

want to talk about some of the key Cy

00:16

security threats the companies are

00:17

facing but first please tell us what

00:19

openex does and how does openex to serve

00:22

its clients so openex is a $6 billion a

00:25

year Revenue company we have a

00:27

historical background in information

00:29

security management and that really

00:31

makes us a unique company that

00:33

perspective understanding Information

00:34

Management on where you keep your data

00:36

how you access your data store your data

00:38

the importance of the data if you don't

00:40

know what you have you can't protect it

00:42

so I think for us the advantage we have

00:44

over other companies is that information

00:45

management background you put on top of

00:47

that our cyber security products now we

00:50

know where your data is the importance

00:51

of it we can help you protect it better

00:52

we're going to give you better cyber

00:54

resilience by combining those two

00:56

together into a single offering to you

00:58

and as a company we can give better

01:00

coverage than you get everywhere else so

01:02

you talk about something called Next

01:04

Generation threats what do you refer to

01:06

when you when you refer to Next

01:08

Generation threats so as we've seen

01:10

companies move to the cloud uh leverage

01:13

Supply chains more look at Federated

01:16

identity the threat actors have paid

01:18

attention to that so they're really

01:20

thinking about it more holistically on

01:23

how can we focus on you and the type of

01:25

business you do the type of things you

01:27

use in your business against you so for

01:30

example if I can compromise your supply

01:32

chain then I can in indirectly influence

01:35

your ability to do business or conduct

01:37

operations or whatever it is right and

01:40

the type of threats they're using are

01:41

very different than what we saw before

01:42

they're a lot more coordinated they're

01:44

spending more time doing reconnaissance

01:45

they're spending more time doing open

01:47

source Intelligence on you to understand

01:49

again who you're using so for example a

01:52

lot of companies have done a really good

01:53

job managing their identities right we

01:55

had identity sprawl for a long time but

01:57

now we've got centralized Federated

01:59

identity that's been really great right

02:01

easier to manage all those good type of

02:03

things but at the same time for threat

02:05

actors they look at that as a single

02:06

point of access now right so now if I

02:08

want access to your information in a CRM

02:11

or in some other system I don't have to

02:13

go compromise three or four different

02:15

locations if I can compromise your

02:17

Federated ID then I have access to

02:19

everything so we're really seeing the

02:21

threat actors focusing on that focusing

02:23

their attacks on that and it's a really

02:25

different way of thinking about cyber

02:26

security I think the question that

02:28

companies are really struggling with is

02:30

how do we protect ourselves against the

02:32

cyber attacks what advice would you give

02:34

to companies so I think one of the

02:36

things we've done a great job on

02:37

especially most recently is we always

02:40

recognize the importance of the endpoint

02:42

right the the laptops the desktops the

02:44

servers because that's where the

02:45

attackers want to get to we've done a

02:46

wonderful job with EDR and other

02:49

products like our webw products zix um

02:52

and be able to protect that what we're

02:54

seeing now with these next generational

02:55

threats is we need to sort of looking at

02:57

Global adversary signals we need to

02:59

understand what our adversaries are

03:00

doing in terms of attacks against you so

03:03

we're looking at the concept of

03:05

adversary signal threat intelligence a

03:07

little bit different than traditional

03:07

threat intelligence where traditional

03:09

threat intelligence says here what the

03:11

adversaries are doing here's the type of

03:12

ttps they're using here's where they're

03:14

operating those here the verticals are

03:16

focusing on so as an organization it's

03:18

really good general information for me

03:20

to know but it's not specific to me with

03:22

our adversary signal threat intelligence

03:24

we tell you this is what's happening to

03:26

you now so you don't have to guess am I

03:29

being packed by this adversary or

03:31

different one we're saying this is the

03:32

adversary that is attacking you today so

03:35

when we do that we give you additional

03:36

visibility so the big thing is we want

03:38

to look beyond our borders right so

03:40

again we great job EDR looking inside

03:43

now we got to look out and so what we're

03:44

asking companies to do is work with us

03:46

to Def find what we call a covered space

03:47

a protected area of their company that

03:50

encompasses just not their main

03:51

corporate but also things like do we

03:54

have content in a Content delivery

03:55

Network do we have content in a

03:57

hyperscaler that's where the attackers

03:59

are looking to attack you now they're

04:01

going after all your presences just not

04:03

your corporate presences so with our new

04:05

product side DNA we Define a covered

04:07

space that encompasses all that so we

04:09

can see the incoming and outgoing

04:11

adversary signals so you have a good

04:12

idea what's taking place so if I'm

04:14

hearing you correctly the fact that

04:15

companies have a more of a distributed

04:17

architecture like the cloud like the

04:18

home base that creates more attack

04:20

points it certainly does right um

04:23

business has to continue right we really

04:25

don't to some extent have control over

04:27

our attack surface right we have to

04:28

conduct business but it's incumbent upon

04:30

us to understand what that looks like so

04:32

with side DNA we're looking at those

04:34

global adversary signals we there's

04:35

other companies that do a tax service

04:37

management they do a great job of that

04:38

that's not what we do we're actually

04:40

looking at the signals that are coming

04:41

into and out of your coverage space to

04:43

let you know what's happening one of the

04:45

things we're hearing from companies one

04:46

of the side benefits of that besides

04:48

just simply knowing your adversaries

04:49

what type of attacks are taking place if

04:51

we think about the level of patching a

04:53

large Enterprise needs to do every day

04:55

every week every month right there's

04:57

only so much time money energy and

04:59

effort they can put into it with Sid we

05:01

can tell you this is the adversary who's

05:03

targeting you with these tools and

05:05

techniques leveraging these CBS and

05:07

exploits so now as a company I can take

05:09

and prioritize that patching over maybe

05:12

something else more specific that's

05:14

right we're going to help increase your

05:15

cyber resiliency all right let's drill

05:17

down into the openex product offering

05:19

what what are the key features of what

05:21

Opex does for clients so we have

05:23

products that span all the way from

05:25

small medium business Enterprise all the

05:27

way up to large Enterprises we have

05:29

products that help protect you on your

05:31

endpoint with things like web and email

05:33

Z we have our bright Cloud product which

05:35

is used by a number of OEM vendors for

05:38

web gateways and firewalls and then as

05:40

we move up the stock we have things like

05:42

net IQ we have fortify on demand and

05:44

then of course the products I'm more

05:45

actively involved with our arite

05:46

intelligence and of course what we're

05:48

announcing this week side DNA all right

05:50

let's look to the future of cyber

05:51

security I mean when you look in your

05:52

crystal ball what what do you see

05:54

evolving in the next oh two to four

05:56

years and and most importantly how can

05:58

companies get ready for that now it goes

06:01

back to a lot of fundamental things

06:02

we've talked about right patching it's

06:04

taking care of your credentials it's

06:05

really the DNA of our company being an

06:08

information management company know your

06:10

data know where your data is know the

06:12

value of your data where it's stored

06:13

what's inside of it and then choose the

06:16

right things to protect it with right

06:17

you'd like to have a holistic approach

06:19

to your cyber security but you got to

06:21

know yourself first when we look at

06:23

where cyber threats are going obviously

06:25

generative AI it's having a big impact

06:27

on that and actually in our recent

06:29

threat report let just come out we talk

06:31

about how generative AI is being used to

06:33

make fishing and spear fishing much more

06:35

effective right the volume that they can

06:37

generate on that is significantly higher

06:39

we saw that this year we saw volumes go

06:41

up you know uh we we quarantined 7.7

06:44

billion emails last year we see 700,000

06:47

unknown files a day we're going to see

06:50

more and more attacks I think what we're

06:51

going to see is more coordination

06:52

between thread actors they work really

06:55

well together they share a lot of

06:56

information together and it's only going

06:57

to increase right as we move to the

07:00

cloud and we see that we get better at

07:02

protecting ourselves there the threat

07:04

actors are really going to look for a

07:05

softer side and today that's our supply

07:07

chains so they're really going after

07:09

them we've done a number of what we call

07:11

situational reports with our sidna

07:13

product for customers where we showed

07:15

them that they've done a really good job

07:17

protecting themselves the adversaries

07:18

are not able to Target them effectively

07:21

but yet when we expand to their supply

07:22

chain and we look at their suppliers we

07:25

see that that's where the adversaries

07:26

are focusing right I may be a billion

07:28

dollar company but I may depend upon a

07:31

supply chain of small medium businesses

07:33

of 50 less people they're not have the

07:34

same cyber resources as I do right but

07:37

the sidea product actually allows that

07:38

Enterprise to extend that cyber

07:40

protection to their to their supply

07:43

chain and help them understand the

07:44

threats they're seeing and then in turn

07:45

better manage their own threats that are

07:48

coming into their organization and be

07:50

able to protect themselves right if I

07:52

can compromise one of your suppliers I

07:54

you may have a trust relationship with

07:56

them already you may just naturally

07:57

accept their traffic through emails sure

07:59

and I may never know as the sewer of

08:01

that that you've been compromised when

08:03

we put the side DNA covered space over

08:05

that I then get visibility that you know

08:07

what maybe there was an attack by a

08:09

threat actor who's going to leverage an

08:11

email exploit against me so visibility

08:14

is going to be key and abis threat

08:15

intelligence is going to be absolutely

08:17

vital for that I wonder if we ever get

08:19

to a point in the future say five years

08:20

from now wherever where you know it's

08:22

really we are quote unquote done with

08:24

cyber security it's really solved the

08:27

Ford is in place we don't need to wor

08:29

about it so much will that day ever

08:31

arrive is that you're optimistic so I

08:33

think that as long as we have

08:35

adversaries and the adversaries want to

08:37

harm us we're never going to get to that

08:39

perfect point I think we can make it a

08:41

lot harder for our adversaries by doing

08:43

some fundamental things right patch

08:45

separation of Duty credential management

08:47

all the fundamental things we've talked

08:48

about encryption at rest encryption of

08:50

em motion things like that but to get

08:54

yourself the visibility you need to see

08:56

those threats coming use things like AV

08:58

AER signal or