Search

Cyber Resiliency and the Role of AI – Futurum Tech Webcast

Cyber Resiliency and the Role of AI - Futurum Tech Webcast

On this episode of the Futurum Tech Webcast – Interview Series, I am joined by Rubrik’s Anneka Gupta, Chief Product Officer for a conversation on the need for organizations to establish cyber resilience and the role of AI in cyber resiliency.

Our discussion covers:

  • The need for organizations to establish cyber resilience and how Rubrik defines cyber resilience and the role AI plays in cyber resilience
  • Key data points around data growth and security from the most recent Rubrik Zero Labs “State of Data Security” report, and how AI has contributed to the rapid increase in data growth
  • Rubrik’s new AI companion, Ruby, and how it can help their customers improve cyber resilience
  • Other ways Rubrik is utilizing generative AI, including integrations with Microsoft and VMware

Get Rubrik Zero Lab’s “State of Data Security” report here.

Watch the video below, and be sure to subscribe to our YouTube channel, so you never miss an episode.

Listen to the audio here:

Or grab the audio on your streaming platform of choice here:

Disclaimer: The Futurum Tech Webcast is for information and entertainment purposes only. Over the course of this webcast, we may talk about companies that are publicly traded, and we may even reference that fact and their equity share price, but please do not take anything that we say as a recommendation about what you should do with your investment dollars. We are not investment advisors, and we ask that you do not treat us as such.

Transcript:

Daniel Newman: Hey, everyone. Welcome back to another episode of the Futurum Tech Podcast. I’m Daniel Newman, your host, CEO of The Futurum Group. We are going to be chatting about cyber resilience today and we are going to be talking about artificial intelligence today. There I did it. It’s been 12 seconds and I managed to mention artificial intelligence, but really, can you do a technology podcast these days and not talk about AI? The truth is there’s no way. But the other truth is as AI continues to proliferate, it is benefiting companies, driving productivity, creating efficiencies, but it’s also creating new risk, new threat surfaces, new challenges, and if you’re a CISO or if you’re a company that has important data to protect, you need to be thinking about AI in a different capacity.

And today I’m going to be talking to Anneka Gupta. She’s the Chief Product Officer at Rubrik, and this is part of our ongoing series with Rubrik. I’ve had a few great conversations. We’re going to be diving into what’s going on in this space, cyber resiliency, AI, and so much more. Anneka, welcome to the show. Thanks so much for joining me.

Anneka Gupta: Thanks so much for having me, really excited to be here.

Daniel Newman: It is great to have you here. So I gave everybody the title and specs and they can all read the lower third, but let’s be candid, being a Chief Product Officer means different things at different companies. Tell me a little bit about your background and what drew you to Rubrik and what you’re doing now as the company’s CPO.

Anneka Gupta: Absolutely. So I’ve been in product management for basically my entire career. I started, I did a little stint in engineering before going into product management. But I’ve been in product management early enough where there wasn’t even that great of a definition of what product management was, so I’ve had to chart my own path along the way. My entire career has been at the intersection of data and technology. I joined Rubrik two and a half years ago after being at my previous company for almost 11 years, where I saw the company go from pre-product/market fit startup all the way through being a publicly traded company. And I was excited to see the next stage of that, and so I came to Rubrik. What really drew me was just the fact that Rubrik’s product was so strong, was revolutionizing the space in data and data security, and had all of this opportunity to really figure out how do we help our customers unlock the value of the data and protect their most critical asset. And that was an area I was really familiar with, but I loved the space that Rubrik was in and the opportunity for growth within the product itself.

Daniel Newman: Yeah, product management is a really important category, and if you’re in the tech space, we’ve seen how many hats the people in product management actually have to wear at any given time because you got to have a little bit of savvy across the board. You’re a little engineer, you’re a little marketer, sometimes you’re a little sales, you’re sometimes public speaker, you have to sometimes be able to translate to the financial team, understanding everything from FP&A. So it’s a really super diverse skill set and one that I don’t see gen AI at least immediately being able to wear all those hats.

Anneka Gupta: I couldn’t agree more.

Daniel Newman: In fact, there is going to have to be a lot of graph to get all those roles done at one time. But let me just say, I’ve had some conversations on the pod, I talked to your CEO, Bipul did a great job here. He was all in on cyber resilience, and so I’m going to be candid. Cyber resilience is sort of this rising term. It’s not cybersecurity and it’s not just data resilience, but it’s the two sort of, it’s the amalgamation. When people say to you, why is cyber resilience so important, how do you define cyber resilience? How do you tell that as a story unique to maybe the broader cybersecurity market set?

Anneka Gupta: Yeah, absolutely. It’s a great question. I think if you look at what security and traditional cybersecurity has been really focused on, it’s really been focused on how do you keep attackers out of your system? And that’s a super important job because it’s like you use the analogy of you’re not going to not put locks on your house. You obviously need to put locks on your house. You want to put in place the defense mechanisms that are going to make sure that just not any random Joe Schmoe can get into your crown jewels. But the reality is, as we all know, is the cyber landscape and attackers are just continue to get more and more sophisticated. And it’s a constant cat and mouse game of how do you create more security mechanisms to prevent attackers from getting in. The reality that we’re seeing is that attackers are still getting through these outer defenses and still getting through to the data.

And what has been lacking in traditional cybersecurity has been a focus around what happens in that case when attackers actually get in. How are you going to respond to that? How are you going to ensure that your business can stay up and running? How do you make sure that this event that, it’s impossible to fully 100% prevent, doesn’t end up taking your entire business down? And that’s really what cyber resilience is all about. It’s about what happens after someone has breached those four walls. How do you make sure that the scope and impact of the damage and the business impact of that damage is as small for as short of a period of time as possible? And that’s what Rubrik has really been focused on is how do we help in a organization’s most imminent and urgent time of need after an event has happened? What can we do to make sure that that doesn’t become a company or organization destroying event?

Daniel Newman: Yeah, there’s a massive economic impact of downtime and what brings a system down. And obviously there’s a lot of different ways that data gets breached. And also then how quickly are you able to get that system back up and get the business back to normal and functional operations? And then hopefully, how quickly can you determine what was lost or what was data at risk to deal with disclosures and trying to get ahead of it? I mean, I think we’ve all heard that kind of, it’s not an if, but when for most companies. And as you get larger, the probability of becoming a victim becomes higher because you become a bigger target. At the same time though, we’ve also seen the scales tip from a lot of the security and resilience investment being sort of a, well, how much do we have to invest to, oh my gosh, if we don’t go big and invest, the risk of being able to come back from a meaningful breach is palpable if you can come back at all.

I mean, we all know the damage that can be done and it’s often can’t be undone in terms of reputation and so much more. You heard me in my beginning. I joked at myself about taking 12 seconds to get to AI, but I think we would all be sort of lying to ourselves if we said there’s been a bigger and more critical trend line in the industry this year than AI. In your world, in cyber resilience, what are you seeing? How are you seeing the role of AI in terms of everything from advancing solutions to advancing and moving forward with implementations?

Anneka Gupta: Absolutely. I think AI is, we’re still in the early days, right? It’s been about a year since ChatGPT came out and really opened everyone’s eyes to what is the power of generative AI and what can it do for organizations, how can it improve productivity, and really help organizations move faster with fewer resources. So I would say we’re still in like stage one or even stage 0.5 of this AI revolution. I think what it specifically means for cyber resilience, if you look at some of the big challenges that organizations have with cybersecurity and cyber resilience, one is lack of access to trained talent. There is way more demand for security talent than we have people that have those skills and experience for responding and preventing events. So that’s a big challenge.

The second big challenge is that every company has a unique architecture, infrastructure footprint, and data footprint. And what does that mean in terms of what are the tools, technologies, things that you need to be watching for? Those vary from organization to organization. So even if you have the trained talent, you have to make sure that you know how to respond based on where’s business critical data in my organization? How is my architecture and infrastructure set up so I know where the points of failure could be and how to respond and recover in the case of a cyber event. All of that is super challenging. So if you look at just these two challenges, generative AI has a huge potential to help. One, in really thinking about, okay, if you want to build cyber resilience and you want to figure out how to respond more quickly and ensure that your business doesn’t go down, how can you provide just-in-time information to an untrained infrastructure or security person, operations person within your team to be able to help them go through the steps to figure out what they can do to mitigate a potential issue and get ahead of it? And there’s a lot that we can do, and we just launched this product called Ruby that’s really about providing a generative AI based assistant to help you through the steps of recovering from an actual cyber incident. And that’s just the first stage of how we’re thinking about generative AI, but there’s a lot of potential there.

And then the second thing is really around training. How can you help people with just ongoing training? And you talked about at the beginning that CISOs and CIOs have to reinvent how they think about security. Well, really, security is everyone’s problem in an organization. Virtually 100% of attacks come from compromised user credentials, and that’s not just the compromised user credentials of someone in the IT or security organization. It could be someone in engineering, in finance, and HR that end up leading to these attacks. And so how do you make it possible to train up everyone in your organization with the expertise they need to be ever vigilant against attacks and prevent compromised credentials? And that’s not something that necessarily Rubrik is solving, but that’s something that when you think about the amount of content that needs to be created and role specific content in order to be able to train people up so that every employee can be the first line of defense. There’s huge potential for generative AI in those use cases as well.

Daniel Newman: Yeah, there’s so much AI expansion. I was doing some tech trends and I kind of came up with three things that, next year will still be all about AI, but it’s going to be about responsible, accurate, transparent, that’s going to be a big theme of next year. It’s going to be about sustainability, meaning that all this power and all the consumption is going to be big in focus. And there’s going to be a few others, but it’s going to be about companies truly figuring out their economics. Because it’s been a lot of this hype and now it’s just like every other trend line. Okay, take a breath. AI is not new. It really isn’t new. It was like this was that kind of catalyst moment, it was the tipping point thing that popped up and everybody suddenly is like, all right, we got to do this. But now everybody’s kind of looking back and saying, all right, we’ve got to do it smart, we got to do it safe, we got to do it sustainably, and we need to make sure that this is financially good for our business. And so that’s what I think next year’s going to be all about. But I did an episode recently with one of your colleagues, Steve Stone, and we looked at that State of Data Security report. The report looked at the overall data growth in organizations, I think it was something like 42% data growth. Between you and me, I think it’s probably bigger.

Anneka Gupta: I agree.

Daniel Newman: That’s probably what people are actually aware of. And of course of the group that you guys polled, two-thirds of the leaders in data security and IT do not believe that they’re able to actually secure at this scale. I mean, we know AI is contributing to the explosion. Can AI help solve this? I mean, what do companies do to solve keeping up with this kind of data deluge and making sure that they keep their environments safe and resilient?

Anneka Gupta: Yeah, it’s a great question. One of the big challenges, one of the big reasons why companies are having a hard time securing the breadth and depth of their data footprint is that it’s not just the case anymore the data is living in one environment. If you rewind 40 years ago, data was sitting in your data centers. It was really easy to understand where it lived, what data you had. It was all controlled within your firewalls. So it was a lot easier to manage. If you fast-forward to today, now you have companies that have data centers, they are using multiple public clouds, they’re using hundreds of different SaaS applications. And when you start to look at even just cataloging and inventorying all of the data and what data is there, what data is sensitive, what kind of protection is available across all of these different data assets that are sitting in so many different systems, some of which you don’t own yourself as an enterprise, that’s an extremely daunting task.

So I think the first step that’s a very tangible step that organization leaders can take is figuring out where does your sensitive data live within your organization? If you can answer that question and answer that question well with high confidence, then you can start to create a prioritized list of, hey, here are the places where we need to create higher levels of security. Here’s where we need to make our investments. Here are the areas that we need to make sure we have a cyber resilience strategy for, because if this data gets compromised, if this data gets lost, if this data gets exfiltrated, well, we’re going to be in big trouble. And so that’s really what we recommend to organizations and what we see when we talk to a lot of our largest customers, the approach that they’re taking is really taking a step back and figure out where does that sensitive data live. And Rubrik has developed a lot of different tools, and in fact, we did an acquisition back in August to really extend our story to make sure that we can help customers find sensitive data wherever it lives within their enterprise.

Daniel Newman: So let’s pivot here a little bit to your product management world and things that you’re building, deploying, launching. You’ve got an AI companion called Ruby, just like the color of your sweater. Tell me more about what it is and how it’s helping your customers deal with their cyber resilience needs.

Anneka Gupta: Yeah, absolutely. So going back to what I talked about a few minutes ago around one of the big challenges in the organization’s face is they’re inundated with potential security vulnerabilities or potential breaches into their network or into their infrastructure, and they don’t necessarily have the people to respond to the thousands of alerts and know what next steps to take. So what Ruby aims to do long-term is really be the companion for cyber resilience that shortens the length of time to investigate and recover from any kind of cyber incident that your organization is facing. So that’s the goal. Where we’ve started and where we launched the product today is when we’re taking backups of an organization’s environment, we have a capability where we can look for indicators of compromise within that environment and hopefully identify them early. So identify malware being dropped early so that you could actually, before that malware gets used to exploit, exfiltrate, do a ransomware attack, you can actually discover it and shut it down and remove it from your environment and remove the vulnerability.

So what we’ve done is Ruby really is helping go through a guided remediation process so that once we identify an indicator of compromise, we can walk through an interactive and guided experience for any person in the organization. Mostly it’ll be IT coming in, an IT person who doesn’t necessarily know a lot about security, doesn’t necessarily know a lot about what is an indicator of compromise is, what this might mean, what they should be asking. We can help them walk through that experience and actually go through the whole recovery workflow and generate a report that they could send to their security team to really be able to, again, with the goal of shortening the time to investigate and remediate any kind of issue that’s popping up in the environment.

Daniel Newman: Yeah, well congrats on that launch. So we’ve kind of done the gambit of cyber and AI and generative, but beyond Ruby, I’d love to just understand a little bit more about how generative AI, I know you’ve had some partnership announcements, VMware, Microsoft, how is generative AI playing a part in the innovation and evolution of your product portfolio, Anneka?

Anneka Gupta: It’s huge. I think it’s an industry changing technology. Not just industry for our industry, but overall for pretty much every industry. And so I think the way it’s changing, I like to take a step back and say, well, how is it changing the customers, the way our customers are operating, the way cyber actors are operating? And then what does that mean for what we need to do and how do we leverage these technologies to better create solutions that are going to improve the overall cyber resilience of our customers? And I think one is on the cyber actor front. Obviously bad actors are using these technologies as well. We know that social engineering is getting more sophisticated, deep fakes are getting more sophisticated. There’s a lot more emphasis around leveraging these technologies to find better ways to infiltrate organizations.

So we know that what that means is already the acceleration we’re seeing in the amount of attacks and the amount of successful attacks hitting organizations is just going to go up and no amount of training, no amount of any sort of awareness that you’re providing to your employees is going to 100% prevent these attacks. So that’s going up. And at the same time, we also know that being able to sift through all of these, prioritize which alerts you need to be focused on, and then actually go through the remediation of all of this is becoming increasingly challenging. So when we look at this industry, one is like you talked about our partnership with Microsoft, with VMware, and others, we’re looking at how do we work with the entire industry of technology tools and security tools as well? We have a great partnership with Zscaler, with Palo Alto Networks, and other leading security providers. How do we build out tools and bring together solutions so that we’re working together to improve the overall cyber resilience and cybersecurity of our customers? So that’s one element of it.

The second element of it is really around how do we develop products that, again, reduce the time it takes to investigate and recover from attacks. And we have to keep up with the fact that the types of attacks are going to constantly be changing over time and that there’s always going to be new and emerging threats on data, new and emerging threats on users, so how do we develop products across the interaction between users and data to help identify those attacks faster and then give people very actionable steps for what they can do to remediate?

Daniel Newman: Well, that’s a lot. And as I see it, I definitely think that you’re going to see this generative thing spin up the black hats, which is going to force us as product and innovators of our industries to keep becoming more and more and build better and better walls of defense. You know, Anneka, I wasn’t sure because your answers were so good and so spot on if I was actually talking to you or if it was a deepfake Anneka.

Anneka Gupta: You’ll never know.

Daniel Newman: But people sometimes say to me, they’re like, is there a Dan bot? And the answer is, yes, I am working on it. But in all serious, it’s been a lot of fun talking to you today. Congratulations on all the progress that you’re making over at Rubrik. It’s been a fun series talking to Bipul, Steve, and now yourself, and hope we can have you back on soon to talk more about what you’re doing over there.

Anneka Gupta: Absolutely. Thanks again for having me. I feel like the world of AI is changing every week and every month, so probably three months from now we’ll have a lot of really exciting updates and changes and things that we’re learning about what’s happening and how generative AI is being used in the cyber world, both with our customers and cyber actors.

Daniel Newman: Well, I tell you what, no doubt that the next year we are going to go week to week and we’re going to see this innovation continue to be exponential, breakneck, and by the way, make our jobs really, really interesting. And hopefully the jobs of all of our listeners are more interesting too because of the impacts that AI and technology and security have on the industry. Anneka, let’s have you back on the show soon.

Anneka Gupta: Sounds great. Thank you.

Daniel Newman: All right, everybody, hit that subscribe button, check out the other episodes that we had as part of this Futurum Tech Podcast series. There were three of them. Links are down below. We also have the link to the cybersecurity and resiliency report that I referenced from the Rubrik Labs. But for this episode, for these Futurum Tech Podcast, I have to get going right now, so hopefully you had fun and we’ll see y’all later. Bye now.

Author Information

Daniel is the CEO of The Futurum Group. Living his life at the intersection of people and technology, Daniel works with the world’s largest technology brands exploring Digital Transformation and how it is influencing the enterprise.

From the leading edge of AI to global technology policy, Daniel makes the connections between business, people and tech that are required for companies to benefit most from their technology investments. Daniel is a top 5 globally ranked industry analyst and his ideas are regularly cited or shared in television appearances by CNBC, Bloomberg, Wall Street Journal and hundreds of other sites around the world.

A 7x Best-Selling Author including his most recent book “Human/Machine.” Daniel is also a Forbes and MarketWatch (Dow Jones) contributor.

An MBA and Former Graduate Adjunct Faculty, Daniel is an Austin Texas transplant after 40 years in Chicago. His speaking takes him around the world each year as he shares his vision of the role technology will play in our future.

SHARE:

Latest Insights:

All-Day Comfort and Battery Life Help Workers Stay Productive on Meetings and Calls
Keith Kirkpatrick, Research Director with The Futurum Group, reviews HP Poly’s Voyager Free 20 earbuds, covering its features and functionality and assessing the product’s ability to meet the needs of today’s collaboration-focused workers.
Paul Nashawaty, Practice Lead at The Futurum Group, shares his insights on the Aviatrix and Megaport partnership to simplify and secure hybrid and multicloud networking.
Paul Nashawaty, Practice Lead at The Futurum Group, shares his insights on AWS New York Summit 2024 and the democratizing of Generative AI.
Vendor Leverages Amazon Q on AWS to Drive Productivity and Access to Organizational Knowledge
The Futurum Group’s Daniel Newman and Keith Kirkpatrick cover SmartSheet’s use of Amazon Q to power its @AskMe chatbot, and discuss how the implementation should serve as a model for other companies seeking to deploy a gen AI chatbot.