AiThority Interview with Dirk Schrader, Global Vice President at New Net Technologies
Hi Dirk. Please tell us about your current role and the technology you currently handle at New Net Technologies (NNT).
My role (and title) is definitely too long to fit on a business card, ‘Global Vice President of Product Marketing and Business Development’. I’m taking care of our products so that their feature set, as well as the way customers can use them, stays ahead of the cyber security problems our society faces now and in future.
The technology is based on the understanding that a cyber-resilient posture can only be achieved when you have full visibility of your processes, the digital assets that support and enable them and how all that fits into your company’s business. Cyber Resilience is the ability of an organization to deliver its value despite being under attack or facing any kind of adverse cyber incident. Our technology of real-time control of any change happening in a given infrastructure establishes that solid base needed to be cyber-resilient.
What is NNT and what are your key offerings / services?
The two elements of our technology, and our key offerings at NNT, are change control and vulnerability management. While they have a different approach, both serve the same goal, to make it as hard as possible for an attacker to gain foothold undetected. Vulnerability Management reduces the attack surface overall and Change Control enables the real-time monitoring of what happens to an infrastructure between scans.
NNT started back in 2005 with the idea to provide foundational security controls which are essential to any business. These controls – also prescribed by CIS and NIST – are enable organizations to prevent and protect themselves against all forms of breach as well as gaining full control of changes for both security and operational peace of mind.
How much has your role and responsibilities evolved in the last 8-10 months in the face of COVID-19? Did you anticipate these changes as part of routine 5 years ago?
In all fairness, the daily routine hasn’t changed much. Online sessions and webinars have always been a major part of the job. What has changed is the reach the technology solution needs to encompass. COVID-19 forced many employees into a WFH setup, while that in turn accelerated a large portion of all digitalization efforts in many sectors introducing WFH. While our technology was certainly ready for this, the mindset of all involved wasn’t as much. Changes in operations, in how a company does its business, have an influence on so many aspects of cyber security, its procedures and guidelines. To get a grip on those influencing factors, to identify their impact will still take a while. A good amount of my time is about this impact (scope, depth, breadth) and it will be part of the routines of all in the future.
Cyberattacks have become a perennial issue for every business. How are these attackers adopting new technologies to surpass standards of security and compliance?
Up-stream attacks (like Solarwinds) and Social Engineering attacks aimed at cyber security researchers are telling us that the cyber crooks will always find new ways and methods to circumvent security measures. They are examples of how the future of attacks will look like.
Companies have long talked about Big Data, analyzing those vast amounts the generate to find revenue opportunities. Cyber criminals will certainly use the data extracted from all these large data breaches of the recent years to tune their attacks, their social engineering attempts. ML and AI will start to play a role, being used in the preparation of attacks and how they are carried out. How that can happen has already been show-cased with the proof-of-concept by Skylight Cyber or the research done at the University of Hong Kong.
Tell us more about SecureOps (!changed from DevSecOps!) and the future of IT Security and Networking Automation?
There are many factors making it necessary to automate security as much as feasible, without exposing it to another variety of attack vectors. 5G, digitalization, smart cities, you can’t name one mega trend which does not include an ever-growing amount of communication, especially machine-2-machine communication. The only way to sift through an exponentially growing haystack of events caused by this is automation, concerted operations of your tools and solutions. Unfortunately, this is going to be the next family of attack vectors, with APTs targeting that exact way of how an organization automates security processes. One element should not be forgotten in this effort, the operator, that human intelligence piecing things together. In the end, each cyber security battle is between humans using tools. If the operator knows as much of the security tool chain as the engineer who derived it, that battle is likely won by her or him and not the attacker.
How does AI and ML algorithm help in real-time breach detection? Tell us more about your work with AI and ML.
ML and AI do play a role as they help to digest massive amounts of data and to extract basic context of out that haystack. I don’t think that ML/AI are the ultimate answer to our cyber security issues (or any other topic), they are helpful tools providing answers to well-defined problems which need to be integrated into a concerted security workflow and architecture.
My work is exactly there, that integration and – partly – the definition of the problem which should be solved. As said before, security tools must be orchestrated. An ML/AI solution deployed for the sake of using AI and ML doesn’t help.
Tag a person from the industry whose answers would like to read here(Name, company, Twitter handle/LinkedIn profile link):
Oliver Rochford, Head of Marketing at Brim Security, Strategic Advisor, and Former Gartner Analyst
Thank you, Dirk! That was fun and we hope to see you back on AiThority.com soon.
A native of Germany, Dirk Schrader brings more than 25 years of delivering IT expertise and product management at a global scale. His work focuses on advancing cyber resilience as a sophisticated new approach to tackle cyberattacks faced by governments and organizations of all sizes for handling change and vulnerability as the two main issues that information security should address.
His career path includes sales, marketing, and product management positions at large multinational corporations as well as small startups.
He has published numerous articles in German and English about the need to address change and vulnerability to achieve cyber resilience, drawing on his experience and certifications as CISSP (ISC²) and CISM (ISACA). His recent work includes research in the area of medical devices, where he found hundreds of systems unprotected in the public internet, allowing access to sensitive patient data.
NNT is the leading provider of SecureOps™. SecureOps™ combines the essential, foundational security controls as prescribed by all leading security frameworks such as CIS and NIST with the operational discipline of change management.
By ensuring that you have the prescribed essential security controls in place combined with the ability to correlate changes within your environment with an approved ticket or set of intelligent rules, organizations are able to prevent and protect themselves against all forms of breach as well as gaining full control of changes for both security and operational peace of mind.
This approach creates the security foundation and a solution to eliminate security breaches and incidents as we know them today by combining advanced threat prevention, detection and intelligent change control technology.