AiThority Interview with Adam Geller, Chief Product Officer at Exabeam

Hi Adam, please tell us about your current role and the team / technology you handle at Exabeam.

I’m the Chief Product Officer at Exabeam, where we are becoming the most used solution in the security operations center (SOC) driving efficiency and repeatable outcomes for security teams. I have been a global technology leader for more than 20 years, with experience across multiple functional areas including product management and marketing, engineering and cloud operations, sales engineering, and professional services implementation and delivery. I guide my teams in effectively finding analytical, yet creative, solutions for complex technical, market, and organizational challenges.

How has your role at Exabeam evolved through the pandemic days? How do you use communication tools to stay on top of your product game?

I’m sure you’ve heard a lot of folks say that 2020 was a tough year, due to the sudden changes in our global society brought on by the pandemic. I actually joined Exabeam in the middle of the pandemic! After building knowledge and credibility over seven years at my previous company, one of my biggest concerns was how long it would take me to ramp up at Exabeam when I was only going to meet people virtually. Ten months later, I am pleased to say that it really was not an issue at all. The culture at Exabeam was just very open and welcoming. I think what really worked for my team, and the broader teams at Exabeam, was maintaining an overall spirit of adaptability and flexibility, communicating clearly, and supporting our colleagues at every turn.

What’s on the other side of this change remains unclear. We look forward to a transition back to the office environment and the opportunities it provides for planned and spontaneous in-person interactions. But remote working was already part of our company culture to an extent, and may become a permanent option for some employees. What is clear is that, while the journey we’re on is challenging — it is making us stronger co-workers, managers, and department heads. Being remote from everyone in the enterprise and trying to lead takes extra effort. I think the tech industry as a whole has successfully established that productivity can be kept high and growth isn’t just possible – it’s imperative to keep our economy strong and help our country recover.

Read More: AiThority Interview with Ashish Shukla, Chief Technology Officer at MediaMath

Tell us more about your latest updates that aim to improve SOC outcomes and workflows? 

The new Threat Detection, Investigation & Response (TDIR) Use Case Packages provide a powerful solution to help security operations centers (SOCs) improve workflows through collection, detection, investigation and response using an outcome-based approach. Organizations often struggle with failed security implementations because they lack the specialized expertise, detection logic and clearly mapped investigation and response workflows for common threats. Generally available in Q2, the TDIR Use Case Packages address the complete lifecycle of security operations (SecOps) workflows with end-to-end content that includes prescribed data sources, detection models, watchlists, investigation checklists and response playbooks to assist analysts. With our framework for use cases, security analysts will benefit from comprehensive pre-built content, giving them confidence to deliver repeatable, successful outcomes that will improve security and translate into significant amounts of saved time and resources.

How has SecOps evolved to orient around use cases? 

Industry analysts expect up to 80% of security analytics initiatives to fail without a use-case-centric approach. We saw in the market and through our customers that there was often ambiguity as to what specific problems security teams were trying to solve. For instance, ‘insider threats’ was a commonly desired use case that customers used interchangeably to either internal employee monitoring or threats with adversaries who sought to compromise employee credentials to gain access to systems and networks internally. While there are similarities, a malicious insider can be quite different from a compromised insider.

Most security products were designed to provide functionality, not results. The new TDIR Use Case Packages simplify analyst workflows by providing prescriptive content for Exabeam’s analytics and automation engines in order to protect against the top three categories of common threats, including:

External threat use cases that include phishing, malware, ransomware, crypto mining, and brute force attacks;

Compromised insider use cases that include privileged activity, account manipulation, privilege escalation, evasion, compromised credentials, lateral movement and data exfiltration, and

Malicious insider use cases include privileged access abuse, account manipulation, audit tampering, physical access, data access abuse, data leak and destruction of data.

Beyond issues with ambiguity, we also learned that existing solutions in the security market for use cases were often limited to detection only. Other vendors tout many out-of-the-box use cases, but we found these largely did not solve an entire problem for the customer. For example, if a customer was trying to address a lateral movement use case, they might use certain rules and models for threat detection, but be unable to answer ‘what next?’ in terms of investigation and response processes. Ultimately, problems with ambiguity and myopic focus on detection lead to subpar outcomes for security teams.

Read More: AiThority Interview with Ingrid Burton, CMO at Quantcast

How are IT modernization techniques changing with SecOps? How should CIOs work with CPOs like you to improve analytics and security implementations?

It should come as no surprise but the adoption of cloud services over on-premise software and infrastructure continues to be the IT modernization trend that most impacts SecOps. Early on, SIEM solutions centered around being the on-premises security data lake for a customer. Today, customers have data within multiple data “ponds” with many of them being in the cloud. Understanding and setting a scope for a data lake strategy is critical because SecOps solutions need access to a wide range of data. Having a good handle on this strategy will help ensure security analytics implementations will be best positioned for success.

What is the future of TDIR workflow? What does your product roadmap for 2021-22 look like?

This is an easy one. A good product leader would never commit to a product roadmap in a public forum! All kidding aside, we see an opportunity for continued development in outcome-based TDIR with an outsized focus on automating the detection and investigation steps prior to of course simplifying and automating the response. Our previously discussed use case-based approach is centered around this concept. Additionally, we recognize that our customers have a wide variety of starting points in adopting TDIR solutions. Exabeam is truly a security platform. We can ingest data from hundreds of products and services and have pre-built parsers to ensure that the data is processed correctly to activate use cases. This whole process can be overwhelming though. Do you start with a desired use case or do you start with the sources you have and figure out what you can achieve? We see an opportunity to improve time to value by supporting both of these paths to rapid adoption.

Read More: AiThority Interview with Mark Smith, President at Kitewheel

Hear it from the pro: What kind of skills / talent are you looking to hire for your team at Exabeam?

Each year, Exabeam conducts a survey of cybersecurity professionals, focused on salary, skills, and stress levels. Last year’s report highlighted a lack of diversity in the cybersecurity profession, so when I look at my team and my staffing needs, I see I’m presented with an opportunity. As remote work continues in most organizations, we have an opportunity to diversify our workforce by recruiting talent from anywhere in the world.

There are great benefits to this globalist mentality. A diverse team brings increased creativity and new ideas to cybersecurity. In fact, other studies have shown that diversity is a competitive advantage. It was found that diverse groups of people make better decisions 87% of the time.  Studies have shown that the most diverse companies are likely to outperform their less diverse peers on profitability. To protect users within an organization, cybersecurity teams should reflect a global, more diverse workforce to address the threats that are continually changing. Fresh ideas, better teaming, and new cybersecurity approaches will yield positive results for the business and professionals.

Tag a person in this industry you would like to feature in our interview series:

Ralph Pisani, president at Exabeam

Thank you, Adam! That was fun and we hope to see you back on AiThority.com soon.