theCUBE + NYSE Wired: Zero Trust Cyber Series | Melissa Bischoping, Tanium

Clips
More from theCUBE + NYSE Wired: Zero Trust Cyber Series

Melissa Bischoping

Sr. Director, Security & Product Design Research

Tanium

play_circle_outline Advancing Cybersecurity: Tanium's Investment in Autonomous Endpoint Management and AI Innovation

play_circle_outline Dealing with cybersecurity threats efficiently

play_circle_outline Black box vs autonomous decisions in security

play_circle_outline Human intuition combined with automation in security

Info
Transcript

Melissa Bischoping, Tanium

Melissa Bischoping

Sr. Director, Security & Product Design Research Tanium

John Furrier covered President Trump and President-elect Trump ringing the opening bell at the NYSE. Melissa from Tanium discussed their investments in autonomous endpoint management, aiming to help customers combat cybersecurity threats by making faster decisions based on real-time data and providing context for efficient decision-making. Tanium is enhancing their solutions to improve data utilization in the AI era and offer actionable insights. The conversation also touched on the importance of trade craft in software development, highlighting the balance b... Read more

explore Keep Exploring

What does Tanium do in terms of endpoint security and operations, and what are they investing in for the future in relation to autonomous endpoint management? add

What challenges are being faced in the industry related to burnout, staffing, and the overwhelming amount of data available, and how can decisions be made more effectively using real-time information and AI technologies? add

What technology is being discussed in terms of providing results without transparency into the calculations or metrics used? add

What is the role of AI in the decision-making process of security analysts or threat hunters in high-stakes situations? add

bolt Powered by CUBE AI

Melissa Bischoping, Tanium

search

>> Hello, welcome back to theCUBE. I'm John Furrier here at the NYSE wall-to-wall coverage. We're going rapid fire today. We had President Trump, President-elect Trump, here ringing the opening bell with a huge entourage from Washington D.C. RFK was here, the whole family, and a lot of senators. And I think ringing the bell on Wall Street, hasn't been a president down since Ronald Reagan. Really amplifying that the economy's doing well. Of course, we're here at theCUBE's new studio East, of course Palo Alto connecting Silicon Valley and Washington. A great guest here today. We're here with Melissa. Good to see you. Thanks for coming on.

>> Thank you so much for having me. Happy to be here.

>> So great colors, sport. I actually wear a blue, like flashy blue shirt, but that looks fantastic. You guys, what do you think about Trump coming in, ringing the opening bell today? Pretty big deal for the President to come in.

>> Yeah, I was saying on the way up here, so I'm from D.C., we're used to having a lot of big events that can make it very challenging to coordinate logistics, but it seems like everything went really smoothly up here today.

>> Let's talk about AI innovation, cybersecurity week. We had probably about 20 startups on a cyber event two nights ago, so the cyber starts hot and also the AI chips are innovating. We had re:Invent last week, so a lot of innovation going on in this world and technology. What are you guys doing here? Take a minute to explain what you guys do and we'll get into some of the innovation.

>> Yeah, so Tanium is a company that does endpoint security and operations, but we're making a lot of investments in autonomous endpoint management. That's really our core platform vision going forward, and this is because we're at a turning point in the industry to enable people to make decisions faster. We've got more data than ever before, computing is getting more effective and more affordable to do. We want to empower people to have all of that data in real time, use that to make autonomous decisions about how to best manage their environment, giving them confidence in those actions as they mature.

>> The zero trust endpoint has really been the hottest area. Identity targeting, spearfishing, social engineering. How do companies deal with this when they're got the tsunami of action coming at them? Yeah, JNI is going to maybe help the scales untip a little bit, but the adversaries still have the advantage. What are some of the state-of-the-art techniques that you guys are seeing that you're implementing to help customers? Because I won't say the stress levels, but the pace of play is high.

>> One of the things about the industry is that we're running into burnout problems. We're running into staffing problems because people have so many tools, so much data, and they need to be able to make sense of it. So regardless of what technology you're implementing or what your strategy is, if you're not making decisions based on actual telemetry that is based on real-time information, not some historical artifact from a quarterly report three months ago, you're not going to be able to be effective and efficient with the time that you have. We are all facing a situation where we have alerts coming in, hundreds of alerts a second that have to be processed, and to process those, you need to enrich them and give context to them. That's where I think AI, and especially with some of the LLM technologies and other autonomous technologies are going to be a big value add. It's going to enrich those alerts and allow you to make a powerful decision faster.

>> Insights has always been one of those cliches, and it's still important obviously, but actionable insights. If you look at the AI side, search and tasks seem to be the two things that are coming out of it, but that doesn't get realized until the foundational stuff's set. What would you say is foundational in your solution right now that you guys are working on to locking down and hardening, I should say, to enable that data to be used better in a gen AI area? Because this is where that enablement kicks in.

>> Right.

>> If you don't do the homework and the grinding at the foundational level and get it right, it breaks heavily big time up in the gen AI area.

>> We often liken this analogy to the way you might use GPS in your car. You don't want traffic data from three days ago to inform the decision that you're making right now about which path to take to get to your destination. When we're looking at how you build a strong foundation in your technology ecosystem, you've got to have asset visibility. And when I say asset visibility, I'm not just talking about your laptops and your mobile phones, I'm talking about the software as a service that you're using, I'm talking about the cloud providers, the container ecosystems, the OT, operational technology. All of these things make up a really complex ecosystem, and what we find is that a lot of organizations when they're first starting that maturity journey, only have visibility into maybe their server and workstation farm. So we've got to make sure you've got comprehensive visibility, then real-time telemetry and build on that to start getting ahead of the adversary instead of staying behind.

>> Talk about the business right now. How do you see the current business? Business, okay? And customers, where are they at in this, I won't say transition, but it's accelerating in to a totally different security paradigm, innovation's also threatening the security postures.

>> I think innovation, from my perspective, our innovations in security, some people see them as like, is this a threat to us? Is this a boon to us? There's a lot of confusion and apprehension. What I'm hearing in the field, and we just had our big user conference in Orlando a couple of weeks ago, Tanium Converge. One of the things that our customers were really positive about is they like when these automation and technologies are giving them not just a black box, they want to have confidence and they want to be able to have some feedback into the process, liken it to dipping your toe. I used that analogy previously about, it's like you don't go out and just marry a stranger on the street. You maybe go get coffee first, then you build that relationship with the autonomous tools. So we're hearing a lot of positive feedback about that. We're also hearing opportunity to improve employee efficiency in the SOC.

>> Nobody wants a black box. If you imagine black box dating, autonomous and black box, unpack that. So black box means what to you and what does autonomous mean? You brought up those two areas that come up a lot. We see black box happen all the time. What's behind the API? What's behind the app?

>> Very important clarification. So when we think of black box, you're being given a result with no real visibility into how that result was calculated or what metrics fed into that determination and the technology's asking you to trust. Hey, just trust me, believe me when I tell you this is the right move. This technology is very new and we need to build trust with the market, as well as with the systems administrators themselves using the tools. So automation is about helping you have those building blocks. So we use things like Tanium Automate where we're creating building blocks and workflows and making proposals to you and telling you how we got there, telling you what metrics, what statistics, what ratios made sense to say, "Yeah, I agree with that. Move forward."

>> And autonomous comes up a lot on GenAI and the semi-autonomous is happening. On security, autonomous means what to you? What does that mean to the user's, autonomy?

>> I want a world where a security analyst or a threat hunter is able to receive a feed of information and have some form of analysis performed autonomously and have the decision left up to that operator to make the final call. Because I think we still have to have human confidence. We're dealing with high-stakes games, we're dealing with people's safety, their money, their schools and hospitals. We don't want to necessarily turn everything over to fully like, hey, let the machines run everything, but it's about augmenting. I tell people AI is an artificial intelligence. It's augmenting intelligence.

>> Actually in the security industry, I brought that up because I wanted to clarify that because on one end of the spectrum, on GenAI, autonomous is not ready for prime time, but autonomous in security is because it's workflow-driven, the data's better, and the people are hardcore about not having any kind of squishiness or gray areas on data.

>> Right.

>> They're hardcore. They'd rather have proven workflows and then deal with the human in loop, but they don't want any potential hallucination or drift.

>> You still want the, I think many security practitioners, myself included, when we look at a dataset, we all have that gut feeling of does this actually make sense? Does this, my spidey senses are pretty finely tuned at this point, and so when we're using these systems, this large dataset, as long as garbage in garbage out, your data has to be high fidelity. It has to be real-time. You can't be working off very disparate datasets that don't make sense with each other, but providing you've got good data fundamentals, you're able to work through the same kind of logic that a human operator would work through at a much faster pace, which means their mind is clearer, they've got more clarity in the decision-making.

>> Melissa, I love your title, Security and Product Design Research. So I have to ask you, because this has come up a lot. It's kind of one of my pet peeves. I love software, don't get me wrong. I come from software background, but when you start getting too much software mechanisms or playbooks, you lose the human side of it. That's my opinion, but people could debate that. But in security, the word trade craft comes up a lot. Craft. Software craft. In the old school days in the eighties and nineties when I did software, you crafted it. It was like shrink wrap, you shipped it, it was on shelves, there was no downloads. So we're seeing craft come into the conversations on all developers now, not just, I went to school so I have domain specific or software does this mechanism, and security, we're hearing trade craft is a key part of in the system, knowing the battlefield, knowing the environment part of it. Can you talk about the role of software being developed? Certainly as cogeneration comes down around the corner, the role of craft and the human, it's not just what the software tells me. I have to make decisions. They call that human in the loop in today's conversation, but the craft of solving problems is the Spidey sense. It's the gut instincts. It's like, okay, I know it, connect dots. The problem solving.

>> I love that you use spidey sense. So we affectionately refer to my team as the spider team, SPDR. I love that. One of our charters is to be able to look at not just what do we see in the industry, what indicators of compromise do we see? What things can we trigger on? We actually want to look at ways to think about the product from the threat landscape perspective. So I have a team of people who have worked in Intel who have worked in research, and we find that by infusing that level of knowledge and trade craft into making product design decisions, building content, sometimes that's custom content, sometimes that's feedback about a capability. Our goal is that every customer should benefit from having that knowledge in the room with them through the workbench that they're logging into. And I think that we're going to see more of that in the security industry writ large. I think it's important that we not say any tool should be able to function entirely without humans in the loop at any part of the process. What we, as practitioners, have to do is scale the knowledge that we bring to our various products and deliver it to the field.

>> There was a meme that was shared with me from the Olympics. It was the shooting competition and one person had all this apparatus.

>> Yes, yes.

>> Did you see that go around?

>> Yes.

>> And then the gunman with one bullet, simplify, that's the hacker, he says he's a good shot. And you got all this vendors around you, had all the vendor logos. But the joke was funny, but it was also very practical because it's like if you get caught up into this, too many things, you lose sight of what you're trying to do.

>> It's something that's very important to me. So when I look through various threads, I have all these different pieces of information that I'm following up on a day-to-day basis to understand how did the threat landscape change in the last hour or day or month. And my goal, and I think our goal, is to be able to infuse that into the autonomous guidance that we're providing so that people are making decisions based off that instinct. There's something about instinct that's very raw and very human. My background was in psychology before I got into tech, so this is special to me, and I think that's where the magic happens is when you take that spark of human instinct and insight and you're infusing it with the precision that automation can provide you.

>> Given the psychology background, one of the things I want to ask you is that as you look at the field, one of the things that comes up a lot is burnout. Does the product design thinking look at the, how to make that easier, to affect the psychology, anxiety and burnout, I think burnout's more, they're all in high anxiety, they're security people. They love gaming, they love the game. But burnout has come up a lot. Does the tooling help? Do you think about that?

>> So for my design decisions, absolutely. I have talked about burnout, specifically, because I've been the administrator that was one of a team of five whose weekend plans got ruined, whose holidays with their family got interrupted because we had insufficient tooling, too little head count. We were all exhausted and there was a ransomware attack. I've lived that life.

>> Yeah, and you got to stop everything for that.

>> Exactly. And it destroys your mental health to not be able to step away. And when I make design decisions in a product, I want people to be able to have that time back with their families and for them to take that breath and go, okay, I know that if something's really wrong, the product is going to tell me or help me in a way that I don't have to be constantly looking over my shoulder. I think that it's important that as people who are designing products, we're considering the usability, but beyond just usability, that we're considering, what does it buy back? How much time does it buy back for the people actually sitting at the keyboard, not just in the boardroom.

>> I had one developer tell me a funny story, it's like I was talking about GenAI, it's not related to security. And he goes, I go, "What's the ROI for you?" And the he goes, "I get more beer time." I go, "Beer time?" "Yeah, hanging out with my friends." So quality time.

>> Exactly.

>> Productivity.

>> That's how you restore it. That's how you come back in focused and able to analyze those large data sets effectively. If you're not recovering and you come back in the next day, you're cross eyed staring at the data.

>> The other thing that's coming up I'd love to get your thoughts on, since we're riffing on this topic is teamwork and being part of a team, also, is good. And seeing post-COVID events are back, is people want to be with their tribe. They want to be. And also when you're in crisis, whether it's a ransomware attack, having a collaborative environment also is good for for the soul.

>> I think it's balanced. For me, I get a lot of recharge when I go to conventions, conferences and I'm meeting with people, even stuff like this where I'm getting that pulse. There's an energy about that collaboration that you can't really replicate anywhere else. It's also really inspiring when you're working on problem solving because we tackle some really, really hard problems. We have our weekends and holidays eaten up with it. You form bonds with the people that you go through that stuff with, and I think it makes teams stronger, especially when you invest in the recovery afterwards.

>> I was talking with some folks, not on camera, but on a zoom around humanity and digitizing that and saving, not saving men, but you're preserving our humanity. And then we were talking about the Gen Z post-Covid work environment and last year was the graduating class of college kids who lived through Covid in college. Now they had high school pre-Covid, and they collaborate, certainly, in school, but in the business world, they actually never did whiteboard sessions, and they actually don't even know what office etiquette is. And so I'm serious. My daughter was living this with her friends and she was asking me, I'm like, oh, I never really thought about it. You actually don't. There's no manual.

>> So my son's also, he's a college student now, and he started high school or he was in high school in the midst of all of the Covid stuff and it's skills that you didn't know that you were being taught. It's the stuff that wasn't necessarily part of the lecture material that we're now having to adapt to and help. Granted, I've been working remote for a very long time and I think there's a lot of advantages to being able to collaborate with people across time zones, and we've built relationships digitally, but there's something about the in-person collaboration that's really important.

>> I'd definitely be hybrid. First of all, developers, technical people, working remote is not a problem. We're asynchronous for, we love asynchronous, but they're face-to-face.

>> But you get great ideas out of that face-to-face time.

>> But we are a conference, we're a conference circuit, we see everybody. So that's the beautiful thing about having that digital twin environment where you have the face-to-face, and then you can work remotely on Slack and visualize and experience the moment.

>> 100 percent.

>> Yeah, that, to me, is genius. Okay. One last thing I want to get your thoughts on is that, as you look at the landscape going forward and you're researching, what are your areas that you look at, big pillars from a research standpoint that would be not obvious to other folks that you think about, in terms of building the next products and understanding the security. Are you digging into the security threats and hacks? Are you thinking in the product itself? Are you trying to anticipate the moves? How do you frame the research?

>> Core theme for me this year and probably next year, as well, is resilience. Not just everybody wants to talk about prevention. For me, I want to talk about resilience, and resilience doesn't mean we never get attacked. Resilience means we recover effortlessly or with low effort and low disruption. I'm specifically focusing a lot of research off, what we call, living off the land techniques, which are ways that attackers hide in plain sight among the APIs and the cloud services you're already using, the remote management monitoring tools you're already using, the browser extensions you're already using. There's some very interesting trends. Interesting in a concerning way, but we're seeing things like those remote monitoring and management tools being used in 30 to 50% of the attacks in the last year. We're seeing a significant uptick compared to three or four years ago in how these are being leveraged. And it's because you don't necessarily need novel malware when hiding in plain sight works. So my focus from a research perspective is on how we can surface benign activity in your environment from someone who's abusing those living off the land techniques, because eventually, I use the phrase dumb, different or dangerous, eventually an attacker's going to do something that's one of those three things and we should be able to autonomously bring that up to you.

>> Either way, they're all impactful.

>> Exactly, yeah.

>> So living off the land means to you, they're in the system and they're poking around, lingering around .

>> Using what's available to you. It's using, like if they see that your organization uses a particular file sharing application or a chat application, they're going to try and create, they're going to communicate over similar or the same protocol so that it blends in with your normal traffic. If they see utilities you already have installed on your servers, they're not going to install something bespoke. They're going to use what's there. And it's because you're more likely to think of that as normal.

>> So it's not hiding and being a zombie. They're just going to use the resources than camouflage in there, basically.

>> Yeah.

>> Eat what they kill.

>> The difference in a lot of cases between a malicious actor and a systems administrator is whether or not what they're doing is authorized. And that's scary for a lot of people to think about, but it's true. That's why we have to have the visibility and we have to be able to surface those anomalies and behavior.

>> Well, Melissa, thank you for coming on theCUBE. I wish we had more time. Use the last 30 seconds to minute to give a plug for the company, what you guys are doing. Some milestones, some successes, things, a plug, when you're hiring, you could share with the folks who are watching.

>> Awesome. Thank you. At Tanium, we are really excited about our journey into autonomous endpoint management and the automation frameworks that we're building to enable our customers to have data that drives these insights and confidence to make the next decision. And we're really excited to bring that to market.

>> Thanks for coming on, theCUBE. Appreciate you.

>> Thank you so much.

>> Okay, thank you. All right, we're here in theCUBE with NYSE, it's our East Coast studio, wrapping up three days of media week, cyber focus, cyber, and also AI innovators. I'm John Furrier, theCUBE. Thanks for watching.