Verodin’s chief security strategist Brian Contos sat down with former Wall Street CISO and celebrated enterprise security Jedi Jay Leek in Manhattan to dig a little deeper into why Fortune 500 CISOs and SOC czars are feeling the love for Verodin.
“There’s not a CEO *not* thinking about cybersecurity right now. And ‘everybody’s an expert’ because they know a little bit about it… right? That can play to our advantage: that general awareness. That can also play to our disadvantage because people think they know what’s going on, when in reality they may not.”
“There’s more spend in security than ever before. But we’re all still missing a lot of the fundamentals. You’ve got a lot of stuff deployed throughout your environment, but maybe it’s not deployed properly, or it’s not working as you think it should be working.”
For our adversaries, this is their full-time job. The upside opportunity for them is significant. So we’re always going to be trying to stay ahead of them. Verodin is really helping me, as a security leader, answer some of the questions that have been almost impossible to answer (until now).
Jay described the following scenario: “Any CISO in any Fortune 500 company probably has bought anywhere from four dozen to over 100 different security technologies… and you’ve deployed all these technologies. So you’re thinking ‘Well, I deployed it yesterday, and it was working perfectly yesterday because we tested it yesterday… and I slept really really well last night thinking it’s working perfectly. (But what might have happened is) after we tested it, the networking team upgraded that particular switch and turned off my span port.” So that security monitoring solution I plugged in isn’t really working, just ten minutes after I deployed it, and tested it, and thought it was.
Jay noted,”HOW DO YOU KNOW when that’s happening? You don’t!
Verodin delivers insights into whether my security program is functioning the way I think it is... and that’s really important.
Ultimately the idea of “well, this control is providing a lot more insights than that control… and perhaps I can retire that control and make my security program less complex: that’s the godsend.”
Jay said,”Verodin can help us answer those questions, not just at a CISO level but at a very technical level as well.”
Down in the SOC, staffers there told us, “Verodin helps us eliminate assumptions. We have a lot of “egress points” across all continents, so it’s difficult to test in this kind of distributed environment: ‘is something really working, or not?’ We used to have a manual process where, once in awhile, we would download something bad (for testing purposes) and put ourselves at risk because of that. NOW we have an automated test — (Verodin) — continuously testing if these tools are working or not. Those unknowns are really difficult to work on… without Verodin.
We’ve deployed all these technologies, so you often wonder ‘am I getting the return on my investment?’ I sit in so many different rooms with leading security CISOs from Fortune 500s and ask the following question: “Have you EVER retired a security control in your environment?” The answer is always “no” — because everyone’s afraid to pull something out.
For Wall Street banks — or any large Enterprise — Verodin provides critical insights into those unknowns – so security teams can retire security investments that aren’t working for them, and save money.
Interested in a Verodin demo of your own? Sign up right here.