Neal Quinn, Head of Cloud Security Services, North America at Radware, comments on the evolving cyber threat landscape influenced by global conflicts and regulatory changes, in this Q&A:
————
Hello Neal, welcome to the CIO Influence Interview Series. Please share your current role at Radware and your learnings being in cybersecurity over the years.
I am the head of cloud security for Radware in North America. In this role, I am responsible for the company’s Cloud Application Security Services, including our Web DDoS, cloud DDoS, web application firewall, bot management, API security, firewall as a service, load balancer as a service, and DNS as a service product offering.
Prior to my time at Radware, I was the CTO of Prolexic and led various groups at Akamai following their acquisition of Prolexic. I have more than 20 years of experience in cloud DDoS mitigation and managed cloud security services.
Also Read: How CFOs and CIOs are Collaborating to Drive IT ROI
Radware is a cybersecurity and application delivery solutions leader. Please highlight more about Radware’s recent innovations that have significantly enhanced security and IT efficiency.
The growing use of automated and AI-enabled cyber attack tools combined with new, stricter regulatory requirements and a shortage of cybersecurity experts have continued to increase exposure and risk for organizations worldwide. To help our customers stay ahead and stay secure, Radware recently introduced its EPIC-AI, which adds layers of AI-powered and generative AI capabilities across our application and network protection services.
In day-to-day terms, it’s designed to offer consistent protection across on-prem and public cloud environments. AI-powered algorithms help identify and surgically block AI-based threats. It also helps solve all-in-one threats and compliance issues by correlating intel across modules. And it comes with the support of our 24X7, AI-empowered security experts who are trained to quickly identify root causes and solve incidents on our customers’ behalf. The bottom line for customers is that the combined new AI-based innovations not only help secure apps, but also reduce mean time to resolution (MTTR) and save costs.
According to reports, the cybersecurity market will reach USD 298.5 billion by 2028. What trends do you believe will dominate the industry in the next few years?
2023 and 2024 have been marked as periods of global conflict and unrest, all of which will impact the cyber threat landscape for years to come. However, one of the most significant cyber security developments for 2024 and beyond won’t be driven by attackers. It’s going to be driven by regulators, law enforcement, and investors. The most notable example is the U.S. Securities and Exchange Commission’s (SEC) new rules on cybersecurity risk management. They will force publicly traded companies to reevaluate their security strategies, specifically regarding mandatory disclosure of material breaches within 72 hours of discovery.
Also Read: Top Misconceptions Around Data Operations and Breaking Down the Role of a VP of Data Ops
To manage the disclosure challenge, companies will need to increase their focus on incident detection and response. Security monitoring must be continually enhanced to detect and block suspicious cyber activity against network, system, and application assets. A well-documented and tested incident response plan will be critical to diagnosing and remediating issues.
It’s not just security teams, however, that will need to ramp up their focus risk on management. All employees must understand the importance of complying with the new SEC rules. Failure to properly report cyber incidents can lead to heavy fines in the hundreds of millions of dollars and even criminal charges. Even failure to follow security practices may be considered as negligence. The importance of regular security awareness training for the masses cannot be overstated.
What key elements do you think are essential for an effective product strategy in the cybersecurity sector?
Cybersecurity is a series of complex processes that must be evaluated and updated to keep up with the ever-changing threat landscape. Implemented security solutions may “silently fall away” as IT infrastructure unintentionally changes or in some cases is intentionally bypassed. A security expert may make risk management decisions based on a false sense of security.
Also Read: The Dynamic Duo: How CMOs and CIOs Are Shaping the Future of Business
The best security experts can do is to build a strong security foundation to help manage risk and the unexpected. This includes establishing basic rules to limit access to sensitive information, configuring operating systems, applications and middleware according to the vendor for secure operation, and applying security patches as soon as possible to close known vulnerabilities. Monitoring also plays a critical role. Security experts must make sure that all security features are implemented, stay active and effective, and that they are tuned to detect and investigate suspicious activity. Finally, they need to stay informed of threats that can impact the business and technology, so they can regularly update management on evolving risks and provide a business case to integrate additional controls into the security program.
With emerging technologies what challenges do you foresee having the most adverse impact on cybersecurity plans and processes in the near future?
The generative AI revolution is creating turmoil in the cybersecurity world. Cyber protections that are deployed this year might not be sufficient for the next. Enterprises can’t rest on their laurels and must ensure they are regularly evaluating their cyber defenses and making the necessary adjustments to their security stack.
Radware is known for its proactive threat detection capabilities. How do you anticipate AI and machine learning help enhance these capabilities and improve response times?
Radware has a 20-year heritage in its application of machine learning, automatically defending against complex cyber attacks. We are already deploying additional machine learning algorithms to automate the mitigation of complex application attacks for both DDoS and adjacent attack vectors. Generative AI is also being leveraged to improve MTTR for SOC responses for both our Emergency Response Team and our customer SOC engineers. We expect to continue to improve MTTR for more and more complex application attacks in the months to come.
What advice would you give to emerging cybersecurity professionals looking to make an impact in this field?
Embrace the forthcoming technology advances to improve tactical response. Time is the most critical factor in reducing the scope of a potential breach, and modern machine learning and GenAI approaches provide meaningful improvements in MTTR.
Thank you, Neal, for sharing your insights with us.
[To share your insights with us as part of editorial or sponsored content, please write to psen@itechseries.com]
Neal Quinn is the Head of Cloud Security for Radware in North America. Neal has more than 20 years of experience in the architecture and operation of managed cloud security services and cloud DDoS mitigation. Prior to Radware, Neal was vice president of networks at Akamai. At Akamai, he led the global capacity planning organization and, later in his tenure, the countermeasures engineering teams for the security business unit, and large global capacity buildout programs for the DDoS mitigation scrubbing centers. Prior to its acquisition by Akamai, Neal was the CTO at Prolexic Technologies, managing the SOC, engineering, architecture, and SERT teams. Neal has extensive experience consulting with large enterprise accounts and facilitating tactical security responses in complex organizations.
