Interview with Chaim Mazal, Chief Security Officer at Gigamon, a cloud security company based in Santa Clara, CA.
It’s nice to meet you, and thank you for taking the time to talk to us. Can you tell me about your background and your current role?
I am the Chief Security Officer at Gigamon. I’m responsible for product security, corporate security, IT and backend business systems—basically, I am responsible for securing all of the technology within the organization. Prior to joining Gigamon, I was the SVP of Technology and CISO at a company called Kandji, which does mobile device management and before that I was VP, Head of Information Security with ActiveCampaign. I also serve on the Advisory Boards for companies GitLab, Cloudflare, and Cybereason.
What makes Gigamon different from other cybersecurity companies?
I think the unique part about Gigamon is that it's a force multiplier. Gigamon allows organizations to be successful with the multitude of security and network tooling that would not be possible otherwise. To give some examples, if you're running large complex hybrid-cloud environments where you use multiple cloud providers and have on premise deployments, you’re able to funnel the right network level telemetry to the right tools. From a cost savings perspective and from a operational and optimization perspective, I think it's something that no one else currently is doing in the market as far as being able to add that advantage. Whether it's a visibility tool, whether it's a security tool or whether it's a network diagnostic tool, having Gigamon feed the right data sets to the right tools at the right time is helping organizations be successful in reducing risk across the board.
What are the biggest security challenges facing the cloud environment right now?
As we continue to level up from a technological perspective and cycles, the inevitability of complexity arises. Just by way of organic growth for most organizations, more things means more challenges. More challenges means more room for improvement. I think across the board it's having these unique environments that span across a multitude of providers. Whether that's AWS or Google Cloud or Azure, having complex physical deployments across data centers and then really having visibility in a single kill thread across the entirety of your stack is probably the biggest challenge that most CISOs and security organizations are facing today--how to have a clear comprehensive picture across all of your things in real time.
Can you tell me about the new product Gigamon is releasing?
It’s called Precryption, which enables IT and security organizations to gain unobscured visibility into encrypted traffic across virtual machine (VM) or container workloads to conduct advanced threat detection, investigation, and response across the hybrid cloud infrastructure. What that means is now you, as a security professional operator, will be able to select containerized or virtualized traffic that you would like to have visibility into. Historically, you have a private key infrastructure to be able to encrypt and decrypt, and that took a lot of effort and a lot of resources to be able to encrypt and decrypt on the fly. That gives you visibility into only certain types of traffic across your environments. With Precryption technology we're saying that by simply flipping a switch within Gigamon you can select containerize or virtualized workloads, and you can now have visibility into encrypted or decrypted traffic on the fly. At a high level, we're providing a spotlight for security operators to be able to look and scrutinize traffic that will help them with their threat hunting capabilities. Instead of having to manage a whole infrastructure with teams and resources, we've made this easy. It is really flipping a switch and selecting which resources you want to have insight into within that decrypted traffic.
What are some of the most common misconceptions customers have when it comes to threat prevention within the hybrid cloud environment?
Thinking that logs are enough for threat prevention. Most organizations are relying very heavily on the native capabilities within cloud providers for logging and then ingesting those logs into their tools without having secondary lines of validation. Logs are mutable, and therefore, logs can be tampered with or altered or changed. Having a secondary factor of information to validate all of your assumptions across traffic within your hybrid cloud environment is extremely important. That's why I think having packet level network data is so important for organizations with critical infrastructure. These organizations need to validate and ensure themselves that the things they're seeing across their tooling are valid and, in fact, they are taking place across their organizations and environments.
What do you anticipate as the greatest challenges for cybersecurity and cloud security in the coming years?
We will continue to face talent shortage issues or being able to have the appropriate skill sets to be able to solve some of these complex challenges. I think one approach to solving this problem is by looking at people with non-traditional backgrounds who show they can be successful in the role. We're opening up opportunities more frequently to people who are curious about technology and who also have very strong creative capabilities, like writing and artistic talents. People who think outside the box tend to do very well in cybersecurity.
Another set of challenges will come from AI. We need to leverage AI for our defense capabilities versus having malicious actors gain an advantage using AI to launch attacks. We almost have to think about it like an arms race. So, the question will be, are we going to be able to leverage AI in a better fashion to help secure and operationalize a lot of our defense patterns internally across security environments, or are malicious actors going to find unique and creative ways to attack our security defenses with less resources in real time? The impact of AI in security is yet to be determined. The last thing—and this sounds like a broken record—is visibility, visibility, visibility. You can't secure what you don't have insight into. If you don't have a comprehensive unified picture across all of your environments, you will continue to struggle to reduce risk and secure your cloud environments.
By Sue Poremba
Twingly offers a Dark Web API that provides access to over 16 million posts, articles, and documents each month from the Tor network, pastebins, Telegram, as well as various marketplaces, forums, networks, and free speech platforms. Additionally, for forums on the open web, we offer a Forums API that grants access to over 10 million forum posts every day.
