What's the next stage in cybersecurity? An AI-powered, data-centric model

CEO of MinerEye tells ZDNet how he stopped chasing bad guys and worked to rethink the paradigm IT uses to protect a company's most valuable digital assets.

Video: The next stage in cybersecurity is an AI-powered data-centric model

ZDNet editor Jason Hiner spoke with Yaniv Avidan, CEO and co-founder of MinerEye, at this year's RSA Conference.

You can watch the video interview above or read the full transcript below.



Jason Hiner: You are the CEO of a company that's doing some really interesting things to make security better, make cybersecurity better and to solve one of the most persistent problems. Let's talk a little bit though about the state of security and how that led to what you do. For the past decade or more in the security industry [we've been] moving from this model of network security where you just secure a perimeter and then once you get inside you let the people you have access. That hasn't worked well as we've moved to mobile devices, IoT, cloud and a newer architecture. [Today], it's more data-centric security, where you [focus on] your most important assets [and data]. But now it's moving to the next stage, which is more AI-powered security. Tell us a little bit about this evolution.

Yaniv Avidan: I think we've seen that gradually evolving parallel to how data evolves within companies or within the enterprise. We see, as you said, more and more platforms entering into the enterprise scene. We also see data evolving and many data formats evolving and new data coming in. We saw data piling up in an exponential way. I just read some stats that the past two years has [witnessed] almost 90% of all the data that has been created ever. Those aspects of how people use data and how data becomes centric within our life in making decisions--extracting value [and] moving faster--is actually shaping the way we consume security.

One of the things that's now driving us back to old discussions is GDPR, [not to mention] all the privacy stuff that we see in TV with Facebook. On one hand, we share data very quickly. We want to move quickly. We want to use as many channels to exchange data and exchange information. On the other hand, we're getting more and more sensitive about our own private information. Those are not necessarily contradictions. Once you use some sophistication around artificial intelligence and identification of sensitive data discovery, you can actually work those two together.

Jason Hiner: You've worked on security in the tech industry for a long time and one of the things that you said you've noticed was that it was important to be able to change the paradigm in order to better protect the company's most important assets, to take more of a risk management approach to security rather than constantly reacting and chasing bad guys. Tell us about that.

Yaniv Avidan: Back in my Intel days, I was hired as a guy that had experience around data mining and machine learning to actually see if there's a way to harness data to identify those attackers that either are already in or are trying to get in. Back then, most of the security was network-oriented and less around data. I was lucky enough to hook up with the best minds and learn this very thoroughly. We formed a team of data scientists back then and subject matter experts to crunch a lot of information and find the bad guys. We were very successful compared to other solutions back then.

But then it sparked [an idea in] my mind that the tactics should change. I talked to my manager and I asked him do we keep chasing those bad guys, when we know they're always two to three steps ahead us, or even a few months ahead? Instead, we should put all our effort into identifying the crown jewels [and] isolating them, and then focusing the security controls to secure them. I think we'd be much efficient in doing that. We'll be much more forward looking as data evolves and networks evolve and we'll create some better solutions going forward. So that's how it started.

Jason Hiner: Let's talk more about that in a minute, how that led to you starting MinerEye. [But first], let's talk for a minute about GDPR. There's still confusion around it, but you have a lot of people that come to you wanting help with it. When you look at GDPR and you think about it compared to other governance systems, what do you think the impact is going to be and what's the impact you see on customers that are coming to you?

Yaniv Avidan: As you said, there was more confusion than certainty on what's going to be... My bet is that the European [courts] will find some test cases just to show that there's some teeth behind this. But, first and foremost our customers should look at this as an opportunity rather than as a deadline and focus less on the legal definitions of GDPR. I know it's not well-defined sometimes. There's a lot of holes or confusion or some vagueness around this, but take that as an opportunity to improve information governance as a whole. Because this is a building block in almost everything, not just reducing risk around data, improving information security, or privacy, it's also about extracting value for our businesses.

That's enabling those business to run faster, make more money, and that's what I'm talking about. There's no contradiction between data privacy and protection and moving faster with a business making more money. That's how I think businesses should look on that and the most important thing is not doing the same mistakes again that were done 20 years ago.

SEE: Information security policy (Tech Pro Research)

Jason Hiner: When companies come to you, is it mostly companies focused on their European operations or do you see multinational companies looking at GDPR and saying we're going to take this as the opportunity to just improve governance across the board, not just in Europe?

Yaniv Avidan: What we see here are multinational companies, especially big companies that have the resources and the teams to [work] on new technologies, that they have the breadth to do it. Yeah, GDPR is a driver, but we see effects in US privacy. We see even new state-level regulations, [for example] in California and New York. We've seen this happening, but most of those customers are multinational. But again [they are] taking the opportunity and the budget provided them by the board, thanks to GDPR, to improve their privacy posture but also do some stuff around new technologies and solve big problems around this.

Jason Hiner: Let's talk a little bit about MinerEye and the solution that you created to deal with this more proactive approach to security and to what you call the crown jewels, [a company's] most valuable data [and] the most valuable digital assets in the company. Talk to us about why you created the company and what solutions you offer.

Yaniv Avidan: It started from the point where I wanted to replace chasing the bad guys [with] identifying the crown jewels. But the main thing I asked myself is "How can we make things much easier to our partners to consume this technology," rather than doing the same old stuff like defining rules, keywords, dictionaries, and a lot of manual work. That's where machine learning comes into place. But we added another thing that acts as a very unique approach and this is how the machine identifies the data, which is the basics behind our technology. That's what my partner Avner [Atias, co-founder and CTO of MinerEye] worked on in ... the Israeli Ministry of Defense. He developed algorithms around tracking targets on a video stream.

I asked him if you can track targets, why can't you track sensitive data on a network? That's how the idea [started]. After 18 months, we actually had been able to convert technology from a totally different use case, a military use case, into the specific domain of identifying the data automatically and tracking the data wherever it resides in whatever form it [is in]. That's the beautiful thing about it. Today, this platform actually can be trained by a normal guy that has no data science background by just providing some examples of what he considers sensitive data and some definition of that data. And that actually acts as a training set for the system.

From that point, the system is totally autonomous in identifying the data and importing or even triggering security controls to act upon those identifications. The best analogy I can provide for this is to think about your own kid. The first time you trained him how to cross the street, for instance. You identified the cross road and you identified some states in which the road needs to be in order to cross. Your kid is smart enough to know that after one [or] two examples, and that's what we created. This system needs very few examples of specific data domains to actually create its own taxonomy and classification and tracking of this data.

Jason Hiner: Your solution is focused on identifying and tracking that data, and then interfacing with other systems that are triggering the protection controls--encryption and those kinds of things--so it's a solution for both data at rest, data in motion, and even during migrations, [right?].

Yaniv Avidan: We see multiple use cases that follow the common sense rules. First, [customers] use [MinerEye] to minimize the data and, by the way, that's an explicit requirement in GDPR. You need to get rid of the noise. You need to identify those redundant pieces of information that haven't been accessed, haven't been touched for a long time, and the duplicates across your environment. That's very easy for the system to identify and track. Just start off with this. [Customers] gain immense value after a few hours by clearing huge amount of space in their disks. Think about it. Millions of dollars of saving, so it pays off really after a few hours.

The next stage would be to actually identify the data and classify the data either using our own classification capability internally or using external labeling mechanisms such as Azure or any other capability that we interface [with]. Having said that, the system is connected also to other security controls that act upon those lists of data that it identifies. The third use case is to be able to segregate the data. I want to make sure the data doesn't leave a specific geography, hence GDPR or any other privacy solution or just [a requirement] internally, [and] the data will be segregated and not be able to be accessed by people that shouldn't access the data.

Again, all goes back to the ability to identify data in its dynamic state at all times continuously, classify it, and act upon it.

Jason Hiner: A customer buys your product, how long does it take [to deploy]? How onerous is it to get it up and running? Whether it's a big company, a little company, is there a difference depending on the size of the company [and the] amount of data?

Yaniv Avidan: Straightforward installation is about 15 minutes configuring it. It does not require more than read permission over your repositories. There's not local installations of agents. It's all done remote. This is a key element. The learning phase depends on the number of files that you go through and the resources you allocate. We designed this not just to be very easy to install for the IT guys, but also to configure it and distribute the solution according to the network architecture. That's a very easy approach, plus it's all contained in a virtual appliance with all technologies contained inside. They don't need to manage databases or versions of operating systems and so on. This is all in your virtualization environment. Again, you don't need to come up with appliances. All you need is to allocate the compute resources and kick it off. Very easy to install, very easy to maintain, and very easy to extract value immediately right after the first run of the system. We put a lot of effort in designing the solution this way.

Also see

Yaniv Avidan, CEO of MinerEye

Yaniv Avidan, interviewed by ZDNet's Jason Hiner at the 2018 RSA Conference.

Image: RSAC TV