Davos, Switzerland — No sector is immune from cyberattacks and they’re targeted for different reasons, with the public sector and financial services facing the most significant risks, Bryan Palma, CEO of Trellix, told TRENDS on the sidelines of the World Economic Forum’s annual meeting in Davos.
In an in-depth Q&A, Palma delved into the evolving landscape of cybersecurity. As the leader of a global cybersecurity powerhouse, Palma shared insights on Trellix’s strategic approach, highlighting their advancements in extended detection and response (XDR) and the integration of artificial intelligence (AI).
He addressed the pressing challenges facing organizations in the digital age, from government-supported cyber threats to the specific vulnerabilities of different sectors.
Palma also discusses how Trellix navigates the complex interplay of technological innovation, industry-specific risks, and the global shift towards increased digital reliance.
Excerpts:
Q: Can you provide some background on Trellix, what’s new, and what you expect from your participation in Davos?
A: Trellix is a multibillion-dollar global cybersecurity company operating in over 185 countries. We specialize in extended detection and response, integrating cybersecurity technologies for endpoints, networks, email, data protection, and the cloud. Essentially, we’re an enterprise platform for cybersecurity. We’ve invested significantly in artificial intelligence (AI), and we continue to do so with the latest developments in Gen AI. This is a major focus for us, aimed at helping our most important customer, the Chief Information Security Officer, improve security operations. Our key emphasis this year is on automation and AI.
Q: As AI is a hot topic, how do you view its role in your industry? Is it beneficial or harmful?
A: AI has both positive and negative aspects. In cybersecurity, we’re always alert to potential risks and threats. On the upside, AI can analyze extensive data sets, aiding the ‘good guys’ in better defending companies, organizations, and government agencies. It also enhances automation in cybersecurity, improving threat remediation. However, the downside is that malicious actors also have access to AI. We’re seeing them use it to develop faster, more sophisticated malware, tailor more customized and targeted attacks, and enhance their ransomware schemes. Additionally, a notable change is in phishing emails. Previously, these emails often had poor grammar or misspellings. Now, thanks to Gen AI, they’re composed with perfect grammar and language, tailored to their intended targets.
Q: We have seen some non-government actors, supported by governments, launching significant attacks. How do governments and companies protect their data from such actors?
A: It’s a significant challenge, as these groups engage in hacking and develop offensive cyber capabilities often linked to national governments. This is a major concern for organizations. One key approach is XDR, or extended detection and response. This strategy assumes the presence of attacks and focuses on detecting, responding to, and remediating them. This is currently the most effective defense method. Years ago, the goal was to keep the bad guys out. However, in today’s digital landscape, that approach is no longer feasible. The emphasis must be on detection, response, and remediation of attacks.
No sector is immune from cyberattacks and they’re targeted for different reasons, with the public sector and financial services facing the most significant risks.
Bryan Palma, CEO of Trellix
Q: What are your company’s plans for the next five years?
A: Our objective is to establish the premier platform for enterprise security. We believe in the importance of having an open platform. Many cybersecurity providers use proprietary platforms, but we see a trend in companies seeking to simplify their security strategies. They’re looking to collaborate with fewer providers that can offer more comprehensive solutions. Technologically, we’re intensely focused on innovating in XDR, or extended detection and response. We’re also dedicated to advancing analytics, automation, and AI.
Q: With most Middle Eastern governments, particularly GCC governments, working hard to digitize their services and products, cybersecurity emerges as one of their biggest threats. What advice would you give them, and how should they approach this challenge?
A: The downside of digitization is increased vulnerability to cybersecurity threats and malicious actors. It’s crucial for these governments to establish baseline cybersecurity programs and invest in them proportionately to their digitization efforts. When they invest in digital transformation, an equal emphasis on cybersecurity is essential. After making this investment, it’s important to consider building strong foundations and identifying reliable partners. They need to collaborate with companies like Trellix, which manage millions of nodes worldwide. While technology is a key component, the intelligence and content behind it are equally vital. They should ensure that the technology they adopt is open and supported by a robust feed of threat intelligence to stay abreast of the latest cyber threats.
Q: As many businesses are moving towards digitization, they become more exposed to cybersecurity risks. In your view, which sectors are more vulnerable than others?
A: All sectors face cybersecurity risks for various reasons. However, financial services are particularly targeted due to the direct access to monetary assets, which are primary targets for cybercriminals. Governments are another major target, as attackers aim to disrupt and impact national operations, whether for political or malicious reasons. Infrastructure sectors, such as oil and gas or transportation, are increasingly in focus due to their critical role in national security. Retailers and technology companies also face significant threats. Essentially, no sector is immune; they’re targeted for different reasons, with the public sector and financial services facing the most significant risks.
Q: In the last five years, the energy sector, especially oil companies, in the Middle East has been targeted by hacktivists and hackers. Do you think this trend will continue?
A: The energy sector is indeed a critical industry in the Middle East and has consistently been a prime target for cyberattacks. However, it’s important to also consider healthcare as a vulnerable sector. In the realm of ransomware attacks, healthcare organizations are frequently targeted because of the critical nature of their operations, which increases the likelihood of paying a ransom. This trend is evident not only in the Middle East but also across the United States and Europe. So, yes, I anticipate that the oil and gas industry will remain a major focus for cyberattacks in the Middle East.
AI has both positive and negative aspects. In cybersecurity, we’re always alert to potential risks and threats.
Bryan Palma, CEO of Trellix
Q: What new products or projects does your company plan to introduce in response to the evolving AI and data threats?
A: Our primary growth areas include continuing to strengthen enterprise security, specifically in endpoint detection and response (EDR). Protecting endpoints is crucial as they can range from laptops and servers to phones and even cars, making them diverse and vital control points. Therefore, endpoint security is where we’re heavily investing our resources.
Another key area is analytics. We have a product, Trellix XDR Helix, designed to analyze security data from various devices and attack surfaces. It uses artificial intelligence to correlate this data and provide actionable recommendations for security operations. Enhancing the effectiveness of security operations is a significant focus for us, and we are investing heavily in this area.
Lastly, data protection is a critical concern. Given the importance of data to companies and their objectives, ensuring robust data control and protection is essential.
Q: Could you please tell us about your operations in the Middle East or the Arab world, including specific locations where you operate?
A: We have a presence in 75 countries globally and run a very successful operation in the Middle East. Our operations span all Middle Eastern countries, with a significant presence in Saudi Arabia, which is a key market for us. We also have substantial operations in Dubai and throughout the UAE, as well as in Egypt. In essence, we have engaged in some capacity with nearly every country in the Middle East.
Q: The UAE has been a leader in the region, but Saudi Arabia has been rapidly advancing in recent years. Is this a market you intend to focus on in the coming years?
A: Historically, both the UAE and Saudi Arabia have been crucial investment areas for us. Qatar and Jordan are also significant. We’re exploring opportunities in other parts of the Middle East as well. The entire GCC region is investing heavily in digitization and cybersecurity, which aligns with our strategic direction. However, it’s clear that Saudi Arabia and the UAE are at the forefront of these developments.
It’s a significant challenge, as [non-government actors] engage in hacking and develop offensive cyber capabilities often linked to national governments.
Bryan Palma, CEO of Trellix
Q: As the CEO of a cybersecurity firm involved in various operations, what concerns do you have about future threats or major events?
A: A recent concern of mine arises from a global CISO survey we conducted, where we interviewed 500 CISOs. Some expressed that they aren’t receiving the necessary investment from their boards or CEOs. Cybersecurity has been a hot topic for a while, and there used to be a sort of open checkbook approach. Boards would readily allocate funds for cybersecurity concerns. But now, there seems to be a bit of fatigue. Based on our survey, we’re finding that sometimes necessary investments are only made post-incident. This is worrying, as an incident can significantly impact a business or organization. Despite this investment fatigue, the threats and risks are only escalating. It’s crucial that we don’t slacken in our cybersecurity investments.
Q: How would you direct your team to persuade others to invest in cybersecurity? Both publicly traded and privately held companies consider ROI when making investments. Is it feasible to assess ROI in cybersecurity?
A: We utilize a framework called value engineering to demonstrate the economic value of our XDR platform. This value can be realized either through reducing the number of security tools or by protecting the digital infrastructure already in place, thereby avoiding costly incidents. We employ a tool known as a value engine to help clients quantify the investments they are considering. It’s crucial to have a robust program tailored to your industry’s needs. For instance, financial services are expected to invest heavily in cybersecurity due to their high risk. Retailers, however, should invest differently, generally at a lower scale. A practical approach is to allocate a certain percentage of the overall IT budget to cybersecurity, typically ranging between five and fifteen percent, depending on the industry, geographic location, and other factors.
Financial services are particularly targeted due to the direct access to monetary assets, which are primary targets for cybercriminals.
Bryan Palma, CEO of Trellix
We’re also gearing up for the next phase in cybersecurity. Gen AI represents a significant advancement in functionality. It will equip attackers with new tools, and we need to enhance and streamline our security operations to counter these threats. Balancing safety, protection, and cost is also a critical consideration.
Q: Considering the vast differences in investment in cybersecurity, from companies like Saudi Aramco spending billions to SMEs with limited budgets, do you have products and strategies that cater to both large and small entities?
A: A significant focus of our business is on the enterprise sector. While we serve many global Fortune 500 customers, we also cater to the mid-market and support small and medium-sized businesses through our platforms. Thus, we offer a broad range of products and solutions to accommodate the diverse needs and scales of various businesses.