We spoke to Sai Venkataraman of SecurityAdvisor, an ICE71 Scale startup, on how the startup came about, the gaps seen in human firewalls, and more.

1) Tell us more about yourself and your role at Security Advisor. 

I am one of the co-founders and CEO of SecurityAdvisor. Previously I was a VP at Fortscale, a pioneering UEBA firm acquired by RSA, and I was a director for product management at Intel Security/McAfee. I also spent several years at Bain and Company as a management consultant.  

2) How did the idea for Security Advisor come about?

My co-founders and I who were in senior product roles at McAfee started this company together. As colleagues, we would discuss how each of our products were producing hundreds of thousands of cybersecurity incident alerts, a scale impossible for most enterprises and mid-market companies to handle. And human actions caused most of these incidents, as it’s the human who falls victim to phishing, clicks on different links, and shares the data. 

Back then, the only choice a CISO had to reduce the number of incidents and improve cybersecurity was to conduct user training, and users hate this. So we wanted to come up with something more intelligent that could be a personalised cybersecurity advisor to the human, a “Siri” for cybersecurity. We wanted to provide micro-messages to users to help them avoid common cybersecurity errors.

That’s how SecurityAdvisor came about.   

3) There’s been a lot of talk around building human firewalls. And yet there are still cyber breaches happening due to lack of employee cyber awareness. What is the greatest gap you see here and what is the one thing organisations need to know to narrow this gap?

We looked at this problem we faced in our own work life. We used to take training modules, and found that we never paid attention. Today, building human firewalls mean cybersecurity training. But people can find such training a chore and administrators cannot properly measure training ROI. This is the biggest weakness around most human firewall initiatives, the reliance on training and the time required to train users. Is it possible to engage users without having to train them, for example, through personalized tips that are relevant, AI-based and take less than 30 seconds? Can we save time for both the employee and the organization?

4) Can you share a use case or two with your solution?

We provide quantifiable security outcomes. For example, with one of our first customers, we reduced monthly detected infections by 99%. Our technology integrated with their endpoint security solution, Palo Alto Traps, and identified certain high risk users who kept getting infected every month. We found the root causes of these infections to be human actions around clicking on risky emails, or certain online behaviors. We then rolled out a contextual and almost real-time security awareness training program for users who kept getting infected. Over the next 3 months, 50% of the users who were getting infected became secure and 99% of the infections went away. 

The above example is just one use case. We can drive secure human behavior in positive ways too, like turning on two-factor authentication, using rights management tools or sharing data safely with the right permissions. We can also reduce data leakage, malware and phishing click rate, among other things.

5) Describe cybersecurity in 30 words.

Cybersecurity is about technology (AV, Firewall, SIEM etc.), processes and most importantly, people. The carbon-based parts of your network are as important as its technology.   

Security Advisor is an ICE71 Scale startup. Learn more about SecurityAdvisor at securityadvisor.io and more about ICE71 Scale at ranosys.net/client/ice_71/scale