SalesTechStar Interview with Tony Velleca, CEO at CyberProof Inc.
The business and technical challenges that have come with a forced work-from-home policy due to the ongoing Covid-19 pandemic are vast. Tony Velleca joins us in this interview to share his thoughts about the various security threats that come with every team working-from-home as a result of the ongoing pandemic, while sharing a few thoughts on his SaaS and tech journey so far.
Can you tell us a little about yourself Tony? We’d love to know a little about your tech journey so far and some of the biggest highlights from it as well!
I trained as an aerospace engineer at the Georgia Institute of Technology and worked for Boeing (formerly McDonnell Douglas) and Rolls Royce, Inc., where I spent most of my career in conceptual design and optimization of aircraft and propulsion systems for next-generation commercial and military systems.
In 1997, I earned an MBA from the University of California, Irvine. Together with some classmates, I founded a company called huddle247.com. This marked my move from working in aerospace to working with information technology.
Huddle247.com was a first-generation software as a service (SaaS) company, and it was named by PC Magazine one of the top two companies in the online office space.
In 2000, I joined UST Global – and I’ve never looked back. In the last twenty years, I’ve helped CIOs with information technology solutions – I’ve been involved in managing large accounts and have been responsible for setting up a series of new organizations within the company. I became a CIO, which included taking responsibility for information security. Later I became a CISO. And after that, of course, I started CyberProof.
Could you tell us little about the company’s new partnership with Cato Networks and how this comes at a crucial time given the current global pandemic and need for heightened online security?
I believe security should continuously adapt to solve the key challenges of the day. And now is a time of challenge, and of change. We’ve seen two major trends in the information technology. The first is the move to public cloud. This has been in progress for several years. The second, driven by the COVID-19 pandemic, is working from home, creating new challenges in terms of productivity and security. Working remotely will remain the “new normal” for a large number of people.
Churchill is quoted as saying, “Never let a good crisis go to waste.” I believe that now is the time to rethink the network – as workloads are moving out of the data center and are accessed from the home.
Why is the firewall protecting the old data center? There are many issues with remote working: issues related to security; issues around access, Quality of Service, and network performance; and issues with partner access. With the advent of COVID-19, enterprises have been rapidly deploying Remote Worker capabilities at scale; but home Internet performance is inconsistent, with WFH employees using overutilized shared services or services too low in bandwidth to meet WFH requirements. Technical support for new home users isn’t readily available. Legacy VPNs can’t scale and make it hard to configure minimal access for mass remote usage. Remote workers must handle sensitive data and are easy targets for new types of attack – and hackers are taking advantage of the situation, as evidenced by the recent Maze malware attack on Cognizant.
So the challenge is immense, and it requires a new type of thinking. Cato Networks – founded by Shlomo Kramer, the former Co-Founder and CEO of Check Point – re-envisioned the network, putting it in the cloud and making it simpler. Subsequently, Gartner created a new category reflecting this approach and called it SASE (pronounced “sassy”). We believe that Cato uniquely solves these burning issues, addressing the operational and security problems created by WFH by providing a flexible, secure, high-performance network for our customers as they transition quickly into the new reality.
CyberProof works together with Cato Networks to monitor the networks and provide an all-in-one, simple, cloud-enabled service that meets both operational and security needs. We leverage our next-generation security operations to monitor user experience, network performance, and security across Cato’s cloud-based WAN. And for heightened Incident Response, we deploy an EDR solution to the end points and implement an MSFT Azure Sentinel to manage events on the Cloud.
To adapt to new threats enabled by working at home or remotely, our Use Case Factory continuously develops not just threat detection rules but also well-defined alert response procedures that are automated and support dashboards, workbooks, reports, while our cyber experts focus on creating automations that improve detection & response. These capabilities, when combined with our CyberProof Defense Center – our Incident Management and SOAR platform – ensures rapid incident detection and response.
The CyberProof Defense Center brings together security from a company’s existing internal SIEM, from the Cloud using Azure Sentinel, and from the endpoints using EDR and CATO.
What according to you are some of the top factors businesses with a remote and distributed workforce should consider given the current world situation and the need for a secure remote work environment?
The problems of a remote and distributed workforce include:
- Managing the performance of the home network – particularly during COVID-19, when entire families are at home together, and multiple, high-bandwidth devices are being used in each house simultaneously; and employees are using services too low in bandwidth to meet WFH requirements
- Ensuring consistent application of corporate security policy – despite the inherent challenges in doing this when dealing with WFH employees
- Managing BYOD – i.e., the issues associated with having employees use their own computers, ensuring that their systems aren’t compromised, and figuring out how to apply policies restricting non-corporate asset access
- Protecting sensitive data that’s accessed at home – and ensuring it’s not viewed by the wrong people
- Managing tech support – with most companies not set up to solve technical problems for WFH users
- Managing the “last mile” – i.e., performance issues associated with connecting a home to the nearest network
- Managing latency – of the old VPNs, which are frequently problematic and create unnecessary delays
- Limiting the risk of phishing and malware attacks – since in a crisis situation like this, the underground hacker community springs into action, and remote workers are more exposed to cyber attack
What are some of the biggest security flaws you are observing smaller companies with distributed teams make when it comes to adopting their remote work strategy, or more importantly, when it comes to strengthening their remote work strategy’?
Some companies just don’t have the capacity to allocate secure VPN connections to everyone. And when employees use their direct Internet connection to connect to the corporate environment, it leaves new back doors for threat actors.
Typically, companies do not have the same kind of threat monitoring available outside of the network. Working remotely involves running over an un-secured open network to the corporate firewall, and you just don’t have the same ability to monitor that. Thus, for remote workers, there are always going to be certain kinds of activity that stay hidden from the monitoring tools of the organization’s security operation center (SOC).
Bottom line: While existing VPN setups can work as a short-term measure for a small group of remote employees using the system on an occasional basis, there are unreasonable risks or use experience challenges involved in having all of a company’s employees accessing applications and assets on home devices over a home Wi-Fi.
Besides a focus on better security for remote work processes, what are some other points/thoughts you’d like to share for businesses adapting to the new normal?
I’d like to make two points: one to do with performance, and the other related to human resources.
With regard to performance: There are many new bottlenecks that impact the performance of the network, when you have a team working off-site. The situation is much less controlled. Particularly now, with many people under lockdown, the Internet is supporting a huge spike in traffic and performance is suffering.
VPNs solve certain security problems, but they also open up additional performance issues. Those employees who are using a VPN are likely to discover that it can slow down their Internet speeds, such that WFH teams may encounter problems when performing high-bandwidth tasks such as holding video conference calls.
With regard to human resources: The COVID-19 pandemic has changed our expectations and probably our work habits for the long term. This will have an impact on the types of compensation packages employees are offered: Maybe providing faster Internet in the home should be a perk, part of the HR package. Or perhaps employees will start receiving technical support at home from the company’s Help Desk.
There are other issues raise by work from home that relate to physical security requirements. Since we lack the physical security of our office locations, we do need to find ways of ensuring employees keep their laptops safe and don’t allow other people to see sensitive data. This will also need to be handled at the HR level.
Online training may become more important, as companies find innovative ways to connect and to give employees greater awareness and knowledge of potential attacks through interactive and gamification tools.
Tag (mention/write about) the one person in the industry whose answers to these questions you would love to read!
I’d love to read the answers of Shlomo Kramer, our partner at Cato Networks and the former Co-Founder and CEO of Check Point. I enjoy watching people make fundamental shifts in the way people think about an problem.
Your favorite Sales/SalesTech quote and sales leadership books you’d suggest everyone in Sales reads
In one of my previous answers I quoted Sir Winston Churchill who said, “Never let a good crisis go to waste.” For those interested in the historical background, the quote is from the mid-1940s, toward the end of World War ll. People have been referring to World War II recently as the last global crisis, that is, before the corona pandemic hit.
At the Yalta Conference – where the postwar reorganization of Germany and Europe was discussed – an alliance was forged between the unlikely trio of Churchill, Stalin and Roosevelt. This alliance led to the formation of the United Nations. This is a great example of how sometimes an opportunity emerges out of crisis.
Tell us about some of the top sales/salestech/fintech/ other events that you’ll be participating in (virtually, given the current global pandemic) (as a speaker or guest!) in 2020!
I’m looking forward to participating later this month in the Women in Cybersecurity conference which has been moved online because of COVID-19.
I believe that one of the things we should be working toward during this crisis is to help get a greater number of individuals into tech jobs – particularly people whose careers may have been hurt by the pandemic or by the economic repercussions of the global lockdown. Working from home in the cyber security sector is a great opportunity for people, opening new doors to success for both men and women. And that’s where we need to focus.
We’d love to know a little about your future plans!
We are creating next-generation security operations solutions that are not just more efficient, but that know how to focus on the “right” risks. We are finding new ways to expand the work of our virtual agents, who we call SeeMo, and to develop attack-level prediction algorithms that cover an attack surface that now includes work from home as well as the cloud.
We’re looking at fundamentally disrupting security operations. With the changes brought about by COVID-19, it’s more important than ever to provide cyber security that includes 100% visibility at the endpoint, and this ties into our partnership with Cato Networks. We are helping our customers connect all of their users, data centers, and cloud-based resources in a secure network.
A few tips if possible, for sales and marketing teams (businesses) trying to navigate through the current pandemic crisis.
They say that an optimist sees the opportunity in every difficulty. There’s no question that the challenges posed by the coronavirus pandemic are vast. At the same time, they do represent an opportunity to move companies forward. In many cases, the WFH situation is finally forcing companies to move ahead with changes that have been pending for a long time.
For more insights, tips and know-how’s on navigating during unprecedented times, catch some of our newest episodes of The SalesStar Podcast!
CyberProof is a fully owned subsidiary of UST Global. It was founded in 2017. CyberProof is a security services company that intelligently manages incident detection and response requirements. The solution provides complete transparency and dramatically reduces the cost and time needed to respond to security threats.
SeeMo, CyberProof’s virtual analyst, accelerates cyber operations by learning and adapting from endless sources of data and responds to requests, providing context and actionable information. This allows nation-state experts to prioritize the most urgent incidents and proactively respond to potential threats.
CyberProof is headquartered in Aliso Viejo, California, United States and has regional offices in London, United Kingdom; Trivandrum, India; Singapore, Barcelona, Spain and Tel Aviv, Israel. As of 2020, the company has approximately 150 employees worldwide.
Tony Velleca is the CEO of CyberProof and the CISO at UST Global.