Aviva Zacks
What a wonderful interview Aviva Zacks of Safety Detectives had with Manoj Srivastava, VP and GM of Kaseya. He told her about his company’s collaboration between teams working on disparate threat vectors.
Safety Detectives: What has your journey to cybersecurity been like?
Manoj Srivastava: It started in the early to mid-1990s, during my master’s program in computer science. I was lucky to work on a government-funded project, which was focused on securing communication of software applications, communicating with each other over the open internet. Imagine, that long ago, applications were talking to each other over the internet. This involved private and public-key cryptography. This was my initiation into the world of cybersecurity.
Once I graduated, I started working for Network Solutions, which were the pioneers running the domain name system (DNS) for the internet. DNS maps the domain names to IP addresses, which are then used to route traffic over the internet. So, if you hack into the DNS at the global level or at a company level, then you can do all kinds of mischief.
One of our key responsibilities at Network Solutions was keeping the DNS secure against various types of cyberattacks.
Within a few years, in 2000, Networks Solutions was acquired by VeriSign, which was the pioneer in SSL certificates—the technology that assures internet users that they are interacting with a genuine site.
Then, in 2005, I joined Cyveillance, which was an innovator in cyber threat intelligence, gathering data from all aspects of the internet and processing it while looking for threats to individuals, information, and infrastructure. This is where I got involved with developing solutions for detecting phishing attacks and malware distribution on the web, and understanding how social engineering was being leveraged as a very effective tool to attack people.
With all this experience, I founded Graphus in 2015 to develop an advanced email security product to fight phishing and social engineering attacks, which were beginning to emerge at that time and targeting enterprises and small and mid-sized businesses.
It’s been a wild and fantastic journey.
SD: What does your company do?
MS: Kaseya, which acquired Graphus last year, is focused on protecting the small and mid-sized customer segments against cybercrime by offering solutions to managed service providers as well as internal IT teams managing IT for small and mid-sized enterprises.
We offer a complete security solution suite that includes monitoring compromised credentials on the internet, including the darknet, employee security awareness training, phishing attack simulation, advanced email security, secure identity access management, managed security operations for breach detection, and automated compliance solutions to ensure compliance with local and global regulations.
SD: How does your company stay ahead of the competition?
MS: The primary way is the constant innovation and investment in the R&D space. In addition to that, there is huge collaboration across teams working on disparate threat vectors—developers who focus on dark web monitoring are working with an advanced email security team—the other component of our solution. Collaboration across teams is very important.
The other unique aspect of Kaseya is deep integration between point solutions to create a holistic platform that works together; for example, compromised credentials discovered on the internet are used to inform employee training modules, email security, and secure access management as to which employees are at greater risk and why security associated with them should be amped up. This is a classic “sum of the whole is greater than its parts” approach.
Finally, we have an intense focus on customers. We make it simpler when it comes to deploying, managing, and operating these solutions. It’s no secret that cybersecurity applications are extremely complex and need skilled, experienced personnel to manage such solutions and technologies. Our focus on customers is essential for us to stay ahead of the competition.
SD: What are the worst cyberthreats out there today?
MS: If you look through the entire spectrum, threats targeting employees, or the human element, are the worst cyberthreats right now. You can manage or patch a vulnerability in a software system or network and be assured that you are protected against any threats targeting that specific vulnerability. But patching the human vulnerability against social engineering is very hard. If I can trick you into voluntarily giving me access to your money, your data, your computer, or your network, then there is no software in this world that can protect you.
SD: How is the pandemic changing the way companies view their security?
MS: The pandemic has had a very profound impact on companies and especially small and mid-sized businesses. Working remotely has increased demand on IT, leading to more outsourcing to managed service providers. There has also been a tremendous increase in cybercrime, which is leading to cybersecurity outsourcing, as well. MSPs are learning to become managed security service providers too.
If we step back and look at what has happened, remote access is and moving to cloud applications because “access from anywhere” is the new normal. Now we have to do 24/7 monitoring for any anomalous activities within an environment, which means you have to leverage artificial intelligence and other sophisticated technologies. Talented and skilled workers are in shortage. This means that integrated platforms that provide complete security, and not just point solutions and security delivered through managed services, will be the new norm.