RSA Conference 2024 | Nayaki Nayyar | Securonix

Clips
News
More from RSA Conference 2024

Nayaki Nayyar

CEO

Securonix

AI cybersecurity solutions: Safeguarding against sophisticated threats

As technology evolves, artificial intelligence cybersecurity solutions become crucial for businesses and individuals to safeguard their sensitive information against sophisticated threatsSecuronix Inc. is a leader in cybersecurity, offering artificial intelligence-reinforced threat detection and response solutions through its innovative platform. Now, the firm is launching three key AI capabilities to detect the malicious intent of insiders, partnering with Amazon Services Inc. for AI leveraging and introducing adaptive threat modeling, according to Nayaki Nayyar (pictured), chief executive officer of Securonix

play_circle_outline Introduction to the RSA Conference and the guest, Nayaki Nayyar

play_circle_outline Securonix's AI-Powered Cyber Ops: A New Era of Combatting AI-Threats with EON and AWS Bedrock

play_circle_outline The Ever-Growing Cybersecurity Challenges: AI-Powered Attacks, Digital Tsunami, and Resource Constraints, And the Board's Lack of Expertise

play_circle_outline Mention of upcoming announcements and releases by Securonix

Info

Nayaki Nayyar | Securonix

Nayaki Nayyar

CEO Securonix

search

>> Hi everybody. Welcome back to Moscone West. You're watching theCUBE's live coverage of 2024, the security conference. We're in Moscone West all week. We're deep into day one. We're super happy to Nayaki Nayyar here. She's the CEO of Securonix. Nayaki, I can't believe it a year ago, we crashed your party at RSA. Boom, here we are back again. Last year, it was April, now it's May. Welcome back to theCUBE. Good to see you.

Nayaki Nayyar

>> Thank you, David. It is great to be here. Yes, you crashed party, but we also had a great session last year, if you remember.

>> Yeah, absolutely.

Nayaki Nayyar

>> That was the we had, announcing our Snowflake partnership at that time. So thank you. Great to be here and good to see you too, absolutely.

>> Yeah, so you got my attention. Securonix announces new era of AI-reinforced cyber ops to combat AI-powered threats. You got my attention. You guys are making a big more than a cannonball here at the RSA Conference. Tell us about this.

Nayaki Nayyar

>> Yeah, so we on a massive innovation journey, David. Last year, we announced a partnership with Snowflake. That was a data lake that are using under our SIEM, but this year, we are reinforcing our entire platform, the entire Securonix platform with AI capabilities. That's a big part of the release and the launch, and we are branding it under Securonix EON. In fact, we look at it as a whole new era of cyber operations that we are ushering into and super excited about all the new stuff that launching this year here at RSA.

>> Yeah, so you have serious product chops. Product matters, you know that, that's been your, it's in your DNA. So tell us about EON. My understanding is a suite of capabilities? What's in there?

Nayaki Nayyar

>> So there are three key pillars of EON, David, that launching. One is there are three key AI capabilities. We call it Insider Threat Psycholinguistics. I know it's a tongue twister, it's a mouthful to say, but really is to detect the malicious intent of insiders, just like employees or insiders that maybe a big threat, so detecting the malicious intent using AI. By the way, we are also announcing a partnership with and leveraging their Bedrock. So that's the platform we are leveraging for all AI. And then, there's something called Adaptive Threat Modeling. That's another big one is how do we dynamically help our customers discover new attack change. So that's another one. And the last one is what we call InvestigateRX, which is how we are leveraging AI to be able to look at different data sources and help the SOC analysts investigate any incident at a very, very fast pace. So those are, I would say, the three key capabilities. But in addition, we also have what we call cyber security mesh and frictionless experience. I'll talk about it right. We'll talk some more about that. So just when you talk about AI, there's kind of pre-ChatGPT AI there's generative AI.

>> And you guys, everybody's been doing AI for a long time, but can you help us understand where the different types of AI fit?

Nayaki Nayyar

>> Yeah. Of course, there is generative AI, precision AI. You have different types of AI that you're leveraging. We are definitely, for the psycholinguistics capabilities that I was mentioning, we do use the LLM capabilities to be able to detect the malicious intent of the user. But similarly, precision AI for us to proactively discover any kind of threats that customers may have in their landscape. So that's another big one and GPT kind of functionality where you can ask a question like a policy genie and it'll automatically respond to you, collect all the data and respond to your fingertips. So it's really from an experience perspective, what used to probably take days or weeks to detect a threat and investigate and respond should truly take minutes or seconds. That's the big transformation and evolution that we're bringing to the entire space.

>> And Bedrock obviously gives you the LLM optionality, which is I think really important. Llama 3 comes out, sets a new

Nayaki Nayyar

>> benchmarks.Yeah.

>> We know there's going to be GPT-is going to come out, and not that you can get GPT-Bedrock, we'll see how that all works out, but Anthropic and Mistral, they're just constantly leapfrogging each other.

Nayaki Nayyar

>> Yeah,

>> So how do you think about the LLM, you ping-ponging, and how do you determine the right fit for the right job?

Nayaki Nayyar

>> Well, I let the engineers, the data scientists figure out the right fit for the right job. But we are definitely, of course, leveraging Anthropic, the Claude version 3 that we are leveraging right now and 4 is coming up, so we'll be moving to that very, very quickly. But, David, what I'm super excited about is the speed, the speed at which we are now able to provide that-

>> Compressing that cycle that you this cycle. Literally, can you imagine the tedious manual heavy-lift that they had to do before, which is all manual, to automating it, what they used to have L1, analysts doing all of that stuff manually. Now, we call it AI agents doing all the L1, and even L3 kind of stuff and having humans do more advanced work. So that's where-

Shelly Kramer

>> Yeah that makes it incredibly attractive though from the value prop standpoint because when you can shorten that time to value, you can speed time to ROI. And so I don't have to convince you that this is a good financial decision and a good security decision.

Nayaki Nayyar

>> Three things we really razor-focus in our models or in everything that we are doing in AI, the speed which we deliver the results, the precision with which we deliver the results, and the efficacy. So I always tell my team, speed, precision and efficacy is extremely important for us to get the outcome and get the true transformation for our customers. Yeah.

>> Go ahead, please.

Shelly Kramer

>> No, I think that this launch is such a big deal because I think it does really cement your legacy. How are you talking with cybersecurity teams about the challenges that they're facing on a regular basis, like what are their priorities in terms of the biggest challenges that they're facing?

Nayaki Nayyar

>> You put yourself in a CISO's shoes, their world is turning upside down. Like I said, we call it attacks powered by AI. If we thought it was bad, it's going to get really worse. Threat actors are using AI. They're not just more malicious and destructive, but extremely disruptive to an organization. Then, you pair that up with, I call it, a digital tsunami, tsunami of clouds, tsunami of data lakes, tsunami of devices, tsunami of ITOT, this ever-expanding attack surface that they have to now manage. And then you layer that in with, what we call, skill issues, resource issues, budget issues that they have to face with. But the most critical thing or the important thing that every CIO or CISO is now facing with is the regulatory and compliance pressures-

Shelly Kramer

>> Oh, yeah....

Nayaki Nayyar

>> Where just like a CFO is held accountable for the financial disclosures of a company, now a CISO is held accountable for the security disclosures of the company. I sit on a couple of boards myself, I'm on the audit committees of those boards too. And every audit company is now required, within four business days if there's any incident, to release that SEC requirements. And then, not to mention the quantum puzzle, fast-forward two or three years, the time quantum era. So look at all of this, all the way from attacks powered by AI to the digital tsunami that they have to now grapple with, resource and budget issues, and regulatory and compliance pressures, there is no winning here-

Shelly Kramer

>> There is no winning.

Shelly Kramer

>> I have a question for you. You said you sit on a couple of boards. On the boards on which you sit, is there generally more than one person beside yourself who has security chops and knowledge?

Nayaki Nayyar

>> No.

Shelly Kramer

>> Because that's a huge industry challenge that I'm running across is that, so you're trying to, you were saying, CISOs, you have this responsibility that you have to bear, but you can't bear it without budget.And so you have to go get that from the board and I think it's a big challenge.

Nayaki Nayyar

>> It's true. On both the boards that I'm on, especially on one board I'm the only person who has the tech and the IT the security background, there's no one else, so yeah, there is that skill shortage. Another one, there are a couple of us who have that skills and who have that knowledge, but you are spot on. The boards are also struggling because you put yourself in a board's shoes, all this sounds extremely geeky. All they care about is can you make sure we are not attacked? But if we are, how fast can we recover so it doesn't disrupt the business. Those are the two big questions they have-

Shelly Kramer

>> And by the way, we still need to make money and just keep our shareholders happy. So there's that.

Nayaki Nayyar

>> Exactly, right, to make sure there's no business disruption and recover as quickly as possible so that you don't impact them.

>> A lot of the board too, CISO will present maybe even quarterly. A lot of times I talk to board members and they're like, They present all these stuffs and these acronyms and to your point, I just want to know what you doing to reduce our risk? Are we safe?

Nayaki Nayyar

>> Yes.

>> Are we good?

Nayaki Nayyar

>> Yes.

>> Certify these financials, certify our cyber resilience.

Nayaki Nayyar

>> Yes.

>> It's a lot harder to certify cyber resilience than it is financials. Financials, it's like black and white-

Nayaki Nayyar

>> Right....

>> Sometimes it gets fuzzy. It shouldn't be-

Nayaki Nayyar

>> While there are frameworks, whether it's NIST framework or MITRE ATTCK, while there to guide and help in these discussions, but it's still a lot of room left for interpretation that the boards don't understand and don't really know, have all the answers for.you need solutions. I want to ask you about your differentiation. It's speed, precision and efficacy.

Nayaki Nayyar

>> Yes.

>> These sound like differentiators, but you package those into a solution that delivers. So what are your key differentiators 'cause anybody can use Bedrock, anybody can use the cloud. What do you do differently?

Nayaki Nayyar

>> Yeah, so, David, one is of course leveraging AI and reinforcing everything. But another big component of EON is what we call cyber security mesh. It's a mesh architecture that are using and that mesh architecture enables our customers to be agnostic. So customers have different data lakes, different clouds, different EDR solutions. So we agnostically integrate with any data lake they have, any clouds or any EDR tools they have in their landscape. So we don't require them to go rip and replace all their EDRs and rip and replace all their... We we go where the data is. We run our analytics on wherever their data is, which is a massive differentiator. So unlike all the other vendors where they want to rip and replace the entire thing and say, We are the only solution in the market,while we have a solid platform with SIEM and SOAR and UEBA and now reinforced with AI, our cyber security mesh architecture truly enables our customers to run agnostically, to run on any data lake, any cloud, and also integrate with any of the values.

>> Yeah,

>> Because you've been in the SIEM space forever. That's your background. So it's this mesh architecture that is really, you see it on top of the data cloud or any data cloud actually?

Nayaki Nayyar

>> Yes.

>> Interesting. What is this autonomous threat sweeper, another sort really interesting...

Nayaki Nayyar

>> Yeah, right. So we have where we can autonomously sweep all the threats and help them identify what is a, prioritize it to be able to help them really focus on which is the big one, big risk that they need to focus on and address and remediate.

>> Okay, so it's proactive way to what? prioritize and respond to it.

>> So what's happening here? You probably haven't had much chance to scope out the show, you've I just came in. We were at our offices earlier today and I just walked in. You are the first one I'm talking to. I still haven't visited our booth also yet, but I'm really looking forward to the rest of the show here. A lot of excitement stuff and good things that I'm looking forward to.the exhibit hall is just opening now. Is that where you're headed now? Are you going to go-

Nayaki Nayyar

>> Yes....

>> Check out your booth action?

Nayaki Nayyar

>> Check out our booth action, all the other displays and vendors. And I know there are a lot of announcements that are going to be coming out. We are super pumped. We want to get it out. So EON is a big announcement this week and also our partnership with AWS. Those the two big announcements for us and we are super pumped. We've come a long way in a year and you know me, David-I first heard that you joined you were telling me what you're going to do, and then your whole team was like, Oh yeah, she's got us jumping. Product, get the product right. Get the focus there. Get the product into market, make sure it's got the right product-market fit, iterate where it doesn't.

Nayaki Nayyar

>> And this is not the only release. Every quarter you will see us releasing new capabilities. You know this.

>> I'm laughing, you

Nayaki Nayyar

>> Drumbeat, every quarter we have new stuff coming out. So stay tuned. Come August, I have next set of capabilities in our AI stack and then by end of this year, we'll have next set. So we have a lot coming out. We have a launch party tomorrow for what we are releasing here at RSA, but yeah.awesome.

>> Okay, I got to run. You got to run. We have our event with NYSE. You're going to your booth. Shelly, you're going to pick

Shelly Kramer

>> it up from here.

>> And close out with Dave Linthicum. We're wrapping up day one at RSA thank you so much for coming back in theCUBE and we'll see you tomorrow night.

Nayaki Nayyar

>> Absolutely. Thank you, David. Thank you, Shelly. Really appreciate it. It was great. Thank you.

>> All right, keep it right back right after this short break. You're watching theCUBE from Moscone West. Be right back.

Nayaki Nayyar | Securonix

search

>> Hi everybody. Welcome back to Moscone West. You're watching theCUBE's live coverage of 2024, the security conference. We're in Moscone West all week. We're deep into day one. We're super happy to Nayaki Nayyar here. She's the CEO of Securonix. Nayaki, I can't believe it a year ago, we crashed your party at RSA. Boom, here we are back again. Last year, it was April, now it's May. Welcome back to theCUBE. Good to see you.

Nayaki Nayyar

>> Thank you, David. It is great to be here. Yes, you crashed party, but we also had a great session last year, if you remember.

>> Yeah, absolutely.

Nayaki Nayyar

>> That was the we had, announcing our Snowflake partnership at that time. So thank you. Great to be here and good to see you too, absolutely.

>> Yeah, so you got my attention. Securonix announces new era of AI-reinforced cyber ops to combat AI-powered threats. You got my attention. You guys are making a big more than a cannonball here at the RSA Conference. Tell us about this.

Nayaki Nayyar

>> Yeah, so we on a massive innovation journey, David. Last year, we announced a partnership with Snowflake. That was a data lake that are using under our SIEM, but this year, we are reinforcing our entire platform, the entire Securonix platform with AI capabilities. That's a big part of the release and the launch, and we are branding it under Securonix EON. In fact, we look at it as a whole new era of cyber operations that we are ushering into and super excited about all the new stuff that launching this year here at RSA.

>> Yeah, so you have serious product chops. Product matters, you know that, that's been your, it's in your DNA. So tell us about EON. My understanding is a suite of capabilities? What's in there?

Nayaki Nayyar

>> So there are three key pillars of EON, David, that launching. One is there are three key AI capabilities. We call it Insider Threat Psycholinguistics. I know it's a tongue twister, it's a mouthful to say, but really is to detect the malicious intent of insiders, just like employees or insiders that maybe a big threat, so detecting the malicious intent using AI. By the way, we are also announcing a partnership with and leveraging their Bedrock. So that's the platform we are leveraging for all AI. And then, there's something called Adaptive Threat Modeling. That's another big one is how do we dynamically help our customers discover new attack change. So that's another one. And the last one is what we call InvestigateRX, which is how we are leveraging AI to be able to look at different data sources and help the SOC analysts investigate any incident at a very, very fast pace. So those are, I would say, the three key capabilities. But in addition, we also have what we call cyber security mesh and frictionless experience. I'll talk about it right. We'll talk some more about that. So just when you talk about AI, there's kind of pre-ChatGPT AI there's generative AI.

>> And you guys, everybody's been doing AI for a long time, but can you help us understand where the different types of AI fit?

Nayaki Nayyar

>> Yeah. Of course, there is generative AI, precision AI. You have different types of AI that you're leveraging. We are definitely, for the psycholinguistics capabilities that I was mentioning, we do use the LLM capabilities to be able to detect the malicious intent of the user. But similarly, precision AI for us to proactively discover any kind of threats that customers may have in their landscape. So that's another big one and GPT kind of functionality where you can ask a question like a policy genie and it'll automatically respond to you, collect all the data and respond to your fingertips. So it's really from an experience perspective, what used to probably take days or weeks to detect a threat and investigate and respond should truly take minutes or seconds. That's the big transformation and evolution that we're bringing to the entire space.

>> And Bedrock obviously gives you the LLM optionality, which is I think really important. Llama 3 comes out, sets a new

Nayaki Nayyar

>> benchmarks.Yeah.

>> We know there's going to be GPT-is going to come out, and not that you can get GPT-Bedrock, we'll see how that all works out, but Anthropic and Mistral, they're just constantly leapfrogging each other.

Nayaki Nayyar

>> Yeah,

>> So how do you think about the LLM, you ping-ponging, and how do you determine the right fit for the right job?

Nayaki Nayyar

>> Well, I let the engineers, the data scientists figure out the right fit for the right job. But we are definitely, of course, leveraging Anthropic, the Claude version 3 that we are leveraging right now and 4 is coming up, so we'll be moving to that very, very quickly. But, David, what I'm super excited about is the speed, the speed at which we are now able to provide that-

>> Compressing that cycle that you this cycle. Literally, can you imagine the tedious manual heavy-lift that they had to do before, which is all manual, to automating it, what they used to have L1, analysts doing all of that stuff manually. Now, we call it AI agents doing all the L1, and even L3 kind of stuff and having humans do more advanced work. So that's where-

Shelly Kramer

>> Yeah that makes it incredibly attractive though from the value prop standpoint because when you can shorten that time to value, you can speed time to ROI. And so I don't have to convince you that this is a good financial decision and a good security decision.

Nayaki Nayyar

>> Three things we really razor-focus in our models or in everything that we are doing in AI, the speed which we deliver the results, the precision with which we deliver the results, and the efficacy. So I always tell my team, speed, precision and efficacy is extremely important for us to get the outcome and get the true transformation for our customers. Yeah.

>> Go ahead, please.

Shelly Kramer

>> No, I think that this launch is such a big deal because I think it does really cement your legacy. How are you talking with cybersecurity teams about the challenges that they're facing on a regular basis, like what are their priorities in terms of the biggest challenges that they're facing?

Nayaki Nayyar

>> You put yourself in a CISO's shoes, their world is turning upside down. Like I said, we call it attacks powered by AI. If we thought it was bad, it's going to get really worse. Threat actors are using AI. They're not just more malicious and destructive, but extremely disruptive to an organization. Then, you pair that up with, I call it, a digital tsunami, tsunami of clouds, tsunami of data lakes, tsunami of devices, tsunami of ITOT, this ever-expanding attack surface that they have to now manage. And then you layer that in with, what we call, skill issues, resource issues, budget issues that they have to face with. But the most critical thing or the important thing that every CIO or CISO is now facing with is the regulatory and compliance pressures-

Shelly Kramer

>> Oh, yeah....

Nayaki Nayyar

>> Where just like a CFO is held accountable for the financial disclosures of a company, now a CISO is held accountable for the security disclosures of the company. I sit on a couple of boards myself, I'm on the audit committees of those boards too. And every audit company is now required, within four business days if there's any incident, to release that SEC requirements. And then, not to mention the quantum puzzle, fast-forward two or three years, the time quantum era. So look at all of this, all the way from attacks powered by AI to the digital tsunami that they have to now grapple with, resource and budget issues, and regulatory and compliance pressures, there is no winning here-

Shelly Kramer

>> There is no winning.

Shelly Kramer

>> I have a question for you. You said you sit on a couple of boards. On the boards on which you sit, is there generally more than one person beside yourself who has security chops and knowledge?

Nayaki Nayyar

>> No.

Shelly Kramer

>> Because that's a huge industry challenge that I'm running across is that, so you're trying to, you were saying, CISOs, you have this responsibility that you have to bear, but you can't bear it without budget.And so you have to go get that from the board and I think it's a big challenge.

Nayaki Nayyar

>> It's true. On both the boards that I'm on, especially on one board I'm the only person who has the tech and the IT the security background, there's no one else, so yeah, there is that skill shortage. Another one, there are a couple of us who have that skills and who have that knowledge, but you are spot on. The boards are also struggling because you put yourself in a board's shoes, all this sounds extremely geeky. All they care about is can you make sure we are not attacked? But if we are, how fast can we recover so it doesn't disrupt the business. Those are the two big questions they have-

Shelly Kramer

>> And by the way, we still need to make money and just keep our shareholders happy. So there's that.

Nayaki Nayyar

>> Exactly, right, to make sure there's no business disruption and recover as quickly as possible so that you don't impact them.

>> A lot of the board too, CISO will present maybe even quarterly. A lot of times I talk to board members and they're like, They present all these stuffs and these acronyms and to your point, I just want to know what you doing to reduce our risk? Are we safe?

Nayaki Nayyar

>> Yes.

>> Are we good?

Nayaki Nayyar

>> Yes.

>> Certify these financials, certify our cyber resilience.

Nayaki Nayyar

>> Yes.

>> It's a lot harder to certify cyber resilience than it is financials. Financials, it's like black and white-

Nayaki Nayyar

>> Right....

>> Sometimes it gets fuzzy. It shouldn't be-

Nayaki Nayyar

>> While there are frameworks, whether it's NIST framework or MITRE ATTCK, while there to guide and help in these discussions, but it's still a lot of room left for interpretation that the boards don't understand and don't really know, have all the answers for.you need solutions. I want to ask you about your differentiation. It's speed, precision and efficacy.

Nayaki Nayyar

>> Yes.

>> These sound like differentiators, but you package those into a solution that delivers. So what are your key differentiators 'cause anybody can use Bedrock, anybody can use the cloud. What do you do differently?

Nayaki Nayyar

>> Yeah, so, David, one is of course leveraging AI and reinforcing everything. But another big component of EON is what we call cyber security mesh. It's a mesh architecture that are using and that mesh architecture enables our customers to be agnostic. So customers have different data lakes, different clouds, different EDR solutions. So we agnostically integrate with any data lake they have, any clouds or any EDR tools they have in their landscape. So we don't require them to go rip and replace all their EDRs and rip and replace all their... We we go where the data is. We run our analytics on wherever their data is, which is a massive differentiator. So unlike all the other vendors where they want to rip and replace the entire thing and say, We are the only solution in the market,while we have a solid platform with SIEM and SOAR and UEBA and now reinforced with AI, our cyber security mesh architecture truly enables our customers to run agnostically, to run on any data lake, any cloud, and also integrate with any of the values.

>> Yeah,

>> Because you've been in the SIEM space forever. That's your background. So it's this mesh architecture that is really, you see it on top of the data cloud or any data cloud actually?

Nayaki Nayyar

>> Yes.

>> Interesting. What is this autonomous threat sweeper, another sort really interesting...

Nayaki Nayyar

>> Yeah, right. So we have where we can autonomously sweep all the threats and help them identify what is a, prioritize it to be able to help them really focus on which is the big one, big risk that they need to focus on and address and remediate.

>> Okay, so it's proactive way to what? prioritize and respond to it.

>> So what's happening here? You probably haven't had much chance to scope out the show, you've I just came in. We were at our offices earlier today and I just walked in. You are the first one I'm talking to. I still haven't visited our booth also yet, but I'm really looking forward to the rest of the show here. A lot of excitement stuff and good things that I'm looking forward to.the exhibit hall is just opening now. Is that where you're headed now? Are you going to go-

Nayaki Nayyar

>> Yes....

>> Check out your booth action?

Nayaki Nayyar

>> Check out our booth action, all the other displays and vendors. And I know there are a lot of announcements that are going to be coming out. We are super pumped. We want to get it out. So EON is a big announcement this week and also our partnership with AWS. Those the two big announcements for us and we are super pumped. We've come a long way in a year and you know me, David-I first heard that you joined you were telling me what you're going to do, and then your whole team was like, Oh yeah, she's got us jumping. Product, get the product right. Get the focus there. Get the product into market, make sure it's got the right product-market fit, iterate where it doesn't.

Nayaki Nayyar

>> And this is not the only release. Every quarter you will see us releasing new capabilities. You know this.

>> I'm laughing, you

Nayaki Nayyar

>> Drumbeat, every quarter we have new stuff coming out. So stay tuned. Come August, I have next set of capabilities in our AI stack and then by end of this year, we'll have next set. So we have a lot coming out. We have a launch party tomorrow for what we are releasing here at RSA, but yeah.awesome.

>> Okay, I got to run. You got to run. We have our event with NYSE. You're going to your booth. Shelly, you're going to pick

Shelly Kramer

>> it up from here.

>> And close out with Dave Linthicum. We're wrapping up day one at RSA thank you so much for coming back in theCUBE and we'll see you tomorrow night.

Nayaki Nayyar

>> Absolutely. Thank you, David. Thank you, Shelly. Really appreciate it. It was great. Thank you.

>> All right, keep it right back right after this short break. You're watching theCUBE from Moscone West. Be right back.