Clips
News
More from Cyber Resiliency Summit

Myke Lyons

CISO

Cribl

Cribl explores deepfakes, laptop farms and AI’s impact on cybersecurity

Deepfakes are a critical concern in cybersecurity because they exploit advanced artificial intelligence technology to create highly realistic fake media, often with malicious intent.Since deepfakes represent an evolving cybersecurity challenge, they require high-level awareness and a combination of technological and societal responses to address effectively, according to Myke Lyons (pictured), chief information security officer of Cribl Inc.“We’re showing them to our employees, our population base[and] our constituents, whoever they are, and teaching them what to be on the lookout for,” Lyons said

play_circle_outline Cribl's focus on reducing noise for customers through technology

play_circle_outline Importance of trust in being a third party vendor for customers

play_circle_outline Future plans for Cribl, including engagement with developer and IT communities.

Info
Transcript

Myke Lyons, Cribl

Myke Lyons

CISO Cribl

Dave Vellante is above the New York Stock Exchange trading floor, hosting the CXO Series with C-suite executives, including Myke Lyons, the CISO of Cribl. Myke discusses how Cribl helps companies reduce noise in security operations by feeding good data into their systems. He also talks about the challenges of consolidating security tools and the importance of staying ahead of adversaries in the cybersecurity space. Myke emphasizes the need for strong security culture and ongoing training to combat bad human behavior. As for Cribl's future, Myke mentions plans... Read more

explore Keep Exploring

What is the difference between being a CISO at a technology vendor versus another type of organization? add

What are some key aspects of being a security person working with a great company and why is it important to maintain the trust of customers? add

What are the speaker's thoughts on the importance of connecting with the developer and engineering community, as well as IT and security professionals, at re:Invent? add

bolt Powered by CUBE AI

Myke Lyons, Cribl

Dave Vellante

>> Everybody, welcome back to the Big Apple. My name is Dave Vellante. We are above the New York Stock Exchange trading floor, theCUBE Plus NYSE Wired Media Week. This is our CXO Series. We're talking to CIOs, which is both chief investment officer and chief information officer, CEOs, CFOs, chief security officers, chief information security officers. All the C-suite is here, and we're psyched to have Myke Lyons, who's the CISO of Cribl. Myke, thanks for coming on theCUBE. Good to see you again.

Myke Lyons

>> It's great to be here.

Dave Vellante

>> It's been a long time.

Myke Lyons

>> It has been a while, but it's great to be here.

Dave Vellante

>> So we were talking CISO or CISO. You're a CISO guy.

Myke Lyons

>> I'm CISO all day long.

Dave Vellante

>> So am I. CISO, it just sounds like sizzle.

Myke Lyons

>> Yeah. It's not the right-

Dave Vellante

>> And you guys are like humble.

Myke Lyons

>> Sometimes.

Dave Vellante

>> Well, you can't share too much because karma is a bad thing, right? You win once, and the bad guys are out there. How are you doing? How's things at Cribl?

Myke Lyons

>> It is an amazing company. I feel like I'm in an opportunity where I'm just surrounded by some of the best people, best mindsets. And the company itself, I walk in and meet with our customers, and they're so excited to hear from us. We are just reducing the amount of noise they have to deal with. They're very much focused on logs and my background. I got into security by being somebody who's interested in logging before SIMs were invented, and things like that, dating myself. And the customers that are looking at Cribl are saying like, "Hey, we can make our SIM much higher fidelity by leveraging this technology."

Dave Vellante

>> Yeah. So we were talking off camera. I used the analogy of I've got all these home apps, my nest, my ring, my this, my that, my that, my this. And I mistakenly said, "Okay. You guys can help consolidate that." And you said, "Well, not quite." We actually feed data into a system from all these disparate security tools. But then you said something that was really interesting to me that it's only the good data, not the noise, because I'm inundated with the haystack. So explain that.

Myke Lyons

>> So a lot of what we help companies do is we have data storage. We have data vessels. And data lakes are terms, and SIMs are terms much more for security folks. And we don't want a day to swamp. It's very useful. And I feel like the notifications on my device, your home security system can be a little swampy. And so what we can do is we can send the data that we have to have for reasons off to that location that I may use it for. But the data that I know I need quickly fast, I put it in the best system, and the one that I'm most focused on.

Dave Vellante

>> Got it. What is the difference between being a CISO at a technology vendor versus a technology buyer?

Myke Lyons

>> Well, I'm both. In many ways. I'm both. I get the opportunity from working with a great company that I have other great companies come to us. I think a big difference for me though is I don't get the opportunity to be wrong. We're sort of immediately get feedback. And our inaccuracies and our customers give us that feedback. The second thing is we are an extension of our customers in many ways. We're a third party that they need to trust. And so as a security person, we have to really ensure that we can keep that trust with them. It's really hard to gain exceptionally easy to lose those trusts. And so they think about us in a time of duress, in many cases with the Cribl. We're a lights on doors open style company. We need to be there when they're dealing with their crisis. They need us more than ever.

Dave Vellante

>> How much of your time is spent external with customers getting dragged around by the sales team versus sort of protecting Cribl?

Myke Lyons

>> It's interesting. I think a lot of it's a thought leadership opportunity for me, and I'm learning so much interacting with our customers that I'm maybe selfishly bringing a lot of the things that I get from them right back home. I'm splitting my time a fair bit. But right now, I have such an amazing team. I know that I can have a lot of those members there just backing me up. But like I said, I gained so much. I feel like it'd be a disservice to our folks to not bring it back and share it with them and run our team.

Dave Vellante

>> There's a certain narrative in the industry around consolidation of tools. We all know there's tools creep. You hear the numbers, whether it's dozens or many, many dozens of tools on average installed. We did a survey with our partner, ETR, down right around RSA, just before RSA. And one of the questions we asked was, "Are you consolidating vendors in your security stack?" Only 9% of the customers said "Yes." Now, am I shocked? Every practitioner I talked to, by the way said, "And you're surprised at that?" I'm like, "Well, no, but I'm surprised that it was only 9%." Ironically, all the consolidators that I talked to said, "No, no, no, no, no. Our data is different." Well, the data doesn't lie, and you know. I can see you're smiling because you know that it's really hard to consolidate. Now, of course, from your standpoint, from your company standpoint, it doesn't really matter. More complexities may be better for you. Maybe, not. Doesn't really matter. But my question is not so much Cribl specific. It's why is it so hard to consolidate tools? Is it because you got to fill gaps and there's some... I don't mean shiny to new toy as a pejorative. It's actually some new innovation that comes along that's actually really good that you say, "Okay, I'm going to apply that." Is that why or is it just inertia? What drives that?

Myke Lyons

>> I would say that provocative way to respond to that and be like, "Well, the adversaries are not consolidating their tools." The adversaries are staying ahead of the curve. They are out there inventing new things. And guess what? They have the coolest stuff. The shiny is newest stuff, they have access to it as well. And we have to be sure that we are thinking about where they're going and trying to stay ahead of them. Gen AI, all of these technologies, deep fake technologies, these are things that they can get as well. There's open source models out there that we're not restricting their access to, not that we could restrict their access to.

Dave Vellante

>> Is that like a reverse judo move where you have to take the adversary's tool and then make sure you understand how they're going to use it so you can apply it to protect yourself?

Myke Lyons

>> Yes. Not only that. We, in many cases, are using them not against our employees, but we're showing them to our employees and interacting with our employee base, our population base, our constituents, whomever they are, and teaching them what to be on the lookout for because you might get a WhatsApp message or a text message or a video message from a friend or an audio message, "Isn't them?" I don't know. Now, you really have to think about whether or not it's coming from them. These deep fakes, while some of them are absolutely hilarious, and I'd love to watch the funny ones, a lot of them aren't hilarious, and they're really traumatizing for some people to listen to. And people that are not digital natives will continue to struggle there.

Dave Vellante

>> Well, it's election year. So obviously, the term deep fakes with people who understand what that means is pretty scary. Do you think it will have a material impact on the election? I know it's a hard question to answer, but is it prominent enough and good enough that people will fall for it?

Myke Lyons

>> I don't know that I have an exact answer as to whether or not it's going to impact the election. I think that's for experts that are well beyond my capacity.

Dave Vellante

>> I'm not sure anybody can answer that question.

Myke Lyons

>> Yeah, that's fair as well. I would say though, I've been impressed. And impressed is a scary word you use with someone who's an adversary to you with some of the things that've seen in the market, things that I've seen sent to me or shared to me with me, with my internal team going, "Hey, this looks like a fake CEO or a fake CFO message." And some of them are very interesting. And obviously, there have been instances where there was a very famous event on a video conference where a particular actor was using a deep fake technology to encourage someone to make a large bank transfer to the tune of tens of millions of dollars. The numbers are all over the place. So we don't know exactly what those dollar amounts were, but that was a real event, a real negative event, a real negative event that brought in a deep fake technology.

Dave Vellante

>> Okay. And was that a phishing example? Yeah. I think I was there actually after dark, little podcast set up. That was really interesting.

Myke Lyons

>> There's some interesting things. I'm actually meeting with yet another technology company next week who, again, we will go through that exercise. We're all familiar with the concept of the face swap, whatever social media application. That in of itself is effectively become real-time for us. We can use it in good ways and bad ways.

Dave Vellante

>> To add a little color, and then there was another example where it was tape conversation, a simulated tape conversation, but it was like, "Hey, I can't get into my password." And they had some information about the company. Who's your manager? Is this person? So they were able to convince the agent that they were who they were. And oh, I got a new phone. And they were able to talk their way into the system. And then the other example we saw is it was actually North Korean, young people applying for jobs, getting laptops that were sent to a location that enabled hackers to infiltrate the systems.

Myke Lyons

>> They call them laptop farms. We have a word for it now or phrase for it.

Dave Vellante

>> Laptop farms, explain that.

Myke Lyons

>> Yeah. These are locations where companies who are seemingly hiring someone who they think is going to do a job, typically, it's a tech job. Typically, it's a lower skill job. They'll actually intentionally have the person be an under performer. And then they will fake at the very last minute, change the address. Oh, actually, I need you to send it to this street in some town, in some state. And then there will be a receiver or a mule who will actually take the laptop, set it up. And they'll install programs that keep your mouse moving so it looks like you're working or your screensaver doesn't turn on. These are networks of folks that are generating, whether it's knowledge of your company or they're generating money by manipulating that machine in some way or trying to ransom their way out.

Dave Vellante

>> I've done security shows for a long, long time. And it used to think about, "Okay. Dwell time. They're in there for 360 days on average. Can we compress that down to 200? Can we compress that down to 100?" And it's become so irrelevant now as a metric because you've got breakout times that are measured in minutes. What else is changing in cyber? It's such a fast-changing dynamic. Obviously, ransomware has taken off. What are the other things that we should be paying attention to, maybe as a result of AI or other items that people might not be as familiar with?

Myke Lyons

>> So a couple of things, to the dwell time comment, we really aren't measuring it the same way we were because of the speed at which we need to operate. And to increase some of those speeds, we're trying to remove some of the guardrails around people to be able to build their own, whether it's infrastructure to solve a problem or build their own capabilities and capacities, again, reducing a lot of those noises that are coming in and trying to make those much more critical decision faster for us. And so I think that's a big forefront for us. And then the other one is we're working with gen AI capabilities to reduce some of the challenges that some of the earlier operators, so some of the people that have just joined our firm. Maybe, it's an intern turned over, and she's just got there. And now, we have to teach her this whole syntax. Well, isn't it a great opportunity for us to leverage a gen AI to generate the syntax at her behalf, and she can just enter in the question she wants to interrogate the data with. And she can generate those questions. It then spins those things off. That is not code generation, but this is just allowing people to interact with systems as though I'm here as your peer. And we just sit side by side and just try to stop the bad guys together. I think that's a real big advent for us.

Dave Vellante

>> So if I asked the CISO, pre-COVID, even during COVID, what's your number one challenge? Typically, the answer I get back is, we just don't have enough talent in the organization. Is that still the number one challenge?

Myke Lyons

>> We don't have enough people. I think in many cases, we need people with the right mindsets. We don't need people with necessarily all those skills. I think we now are at a point where the technology themselves can help us enable the people that are good people, that are interested in doing these things. We still have a shortage. Whether there's job opening shortages or whether there's people that fill those job shortages, that seems to be quite a debate at the minute. I think I could, if you gave me 10 more people tomorrow, I'd find really good work for them to do and have a very positive impact. But recognizing businesses have different challenges. And trying to approach them requires us to adapt and adjust.

Dave Vellante

>> Bad human behavior beats good security every time. So I want you to talk to the ROI of good strong training and a strong security culture.

Myke Lyons

>> Well, as you well know, this is National Cybersecurity Awareness Month, October, my favorite month of the year. Yours too.

Dave Vellante

>> Absolutely.

Myke Lyons

>> We were talking about it earlier. I think that one way to do this is to remove some of the stigma for people tripping up, especially if we are the ones doing a simulation against them. Let's start to reward our staff, our people, the people that we work with to make good choices. And how can we do that? There's a million ways you can do that. It could be giving somebody a mug with a thank you, cybersecurity of the day person, or whatever the case may be. It could be compensating them differently. There's a lot of different approaches to it. But I think it starts with us removing this stigma attached with people that will fall for a trick or something along those lines. If you have a knowledge worker, there's an opportunity to make them better. And the folks that fall below the line, let's work on training with them. Let's make that training unique and interesting for them.

Dave Vellante

>> Let's hear what's next for Cribl.

Myke Lyons

>> We'll see probably at re:Invent. As a person who has not gone many times, I am floored with the past few times I've been there with just the amount of people and the energy there. Getting with those developer community, that engineering community is going to be critical for us. Obviously, IT and security are our people. They're my people. I came out of IT and moved into security. So they're my people as well. Getting with them and seeing where their challenges are, I think, just showing them, making them aware that Cribl exists, I think that's going to be a critical thing for us and a great opportunity.

Dave Vellante

>> Great. Myke, thanks so much-

Myke Lyons

>> Thanks too...

Dave Vellante

>> for coming to theCUBE.

Myke Lyons

>> Cheers.

Dave Vellante

>> Great to see you.

Myke Lyons

>> Good to see you.

Dave Vellante

>> All right. Keep it right there, everybody. We'll be back with our next guest right after this short break. You're watching theCUBE Plus NYSE Wired, our CXO Series from the New York Stock Exchange.