Aviva Zacks of Safety Detective caught up with Richard Henderson, Head of Global Threat Intelligence at Lastline, and asked him where he thinks cybersecurity is headed.
Safety Detective: How did you get into cybersecurity, and what do you love about it?
Richard Henderson: I started my tech career as an IT person: setting up desktops and laptops, installing software, running cables, and troubleshooting problems. Then I joined another company as a systems consultant, where I picked up other skills like basic database administration and enterprise IT. About a decade ago, I was hired by a security vendor, and it took off from there.
If I had to pick just one or two things I love about what I do in cybersecurity, it’s being able to share what I know with others through things like training workshops I teach and it’s seeing the light bulb switch on when I’m able to articulate something to a person in a way that they can easily explain.
SD: What technology does Lastline offer?
RH: Lastline Defender is an AI-powered Network Detection and Response (NDR) platform that detects and contains sophisticated threats before they disrupt an organization’s operations. It delivers the cybersecurity industry’s highest fidelity insights into advanced threats entering or operating in the entire network, enabling security teams to respond faster and more effectively to threats.
More specifically, the Lastline Defender NDR platform uses a combination of four complementary technologies powered by AI to detect and analyze advanced threats that other tools miss, while significantly reducing false positives: Network Traffic Analytics (NTA), Intrusion Detection and Prevention (IDPS), File Analysis and Global Threat Intelligence.
SD: What cyberthreats do you feel that people should be concerned about today?
RH: There are many threats that touch the cyberworld, and they’re all important depending on who you are. Are you a western company with interesting intellectual property that other nations may want? You’re going to need to look for cyber threats around industrial espionage. Do you handle lots of money, especially moving it to other places in the world? Wire fraud and Business Email Compromise, also called BEC, should be very high on your list.
Are you in the medical field and do you handle thousands of sensitive patient records and personal information that can be quickly monetized on the dark web? Then you should be thinking about attacks designed to steal your data. Add to that the ever-present availability threats of a wide-scale ransomware outbreak, which can happen to any organization at any time if substantial precautions are not taken.
SD: What types of enterprises does your company sell to and why specifically those?
RH: We primarily focus on medium businesses and enterprises of all verticals as they often have large networks that can benefit the most from using our product and deploying it in many places throughout their environment watching for signs of malicious or abnormal activity.
SD: How do you see cybersecurity developing in the next few years?
RH: I think ransomware will continue to cause substantial issues for years to come for two reasons: it’s still very effective and people continue to pay. I think the only real defense going forward against threats we’re seeing now and those we haven’t seen yet is to be pragmatic: the amount of data and traffic being pushed around networks today is at a scale we couldn’t have imagined at the start of the 2000s. The only way we can really inspect and validate all of it going forward is to offload all of that security processing to automated processes like using tools that incorporate real AI and machine learning and use our human resources to focus on responding to incidents and further fortifying our virtual castle walls.