On this episode of the Six Five On the Road, host Shira Rubinoff is joined by Index Engines‘ Jim McGann, VP of Strategic Alliances, for a conversation on how Index Engines is revolutionizing data security and integrity within the industry.
Their discussion covers:
- An overview of Index Engines and its role within the security sector.
- The success and strategy behind CyberSense for data protection.
- Goals and expectations for the upcoming RSA conference.
Learn more at Index Engines.
Watch the video below, and be sure to subscribe to our YouTube channel, so you never miss an episode.
Or listen to the audio here:
Disclaimer: The Six Five Webcast is for information and entertainment purposes only. Over the course of this webcast, we may talk about companies that are publicly traded and we may even reference that fact and their equity share price, but please do not take anything that we say as a recommendation about what you should do with your investment dollars. We are not investment advisors and we ask that you do not treat us as such.
Transcript:
Shira Rubinoff: This is Shira Rubinoff, President of Cybersphere, a Futurum Group Company. We’re On The Road with Six Five Media here at Broadcast Alley. And I have a pleasure to be with Jim McGann, VP of Strategic Alliances for Index Engines. Jim, what a pleasure to be with you here today.
Jim McGann: Yeah. It’s great to spend some time with you, Shira.
Shira Rubinoff: Jim, please tell us a little bit about yourself and what you do for Index Engines.
Jim McGann: I’m the Vice President of Strategic Alliances. I work with partners. We sell our product today mostly through partnerships where it’s integrated with storage partners, or security partners, or data protection partners. So I’m responsible for those relationships.
Shira Rubinoff: Wonderful. So Jim, can you please give our audience a little bit of a brief description about Index Engines, and how you relate, and how you connect to the security industry?
Jim McGann: Sure. Yeah, so the security industry… I mean, this is my first RSA.
Shira Rubinoff: Welcome.
Jim McGann: So it’s just vast. It’s incredible what’s going on back there. But it’s overwhelming, and a lot of the vendors there, and a lot of the technology there is trying to prevent an attack.
Shira Rubinoff: Correct.
Jim McGann: So there’s a lot of that, which is an admirable task, and I am not envious of what they’re doing. But then, there’s also a lot of data protection vendors that are protecting the data and making copy of the data. But what we found is that really no one’s checking to see if the data’s good. Is it recoverable? Again, it’s not if, it’s when, as they say.
Shira Rubinoff: Exactly.
Jim McGann: When you do get attacked, what is your recovery plan? And if you’re relying just on your backups, how do you know the data in the backups is good? So what we’ve done is we have a capability to check the integrity of the data, make sure the data in the backups or snapshots is good and is available for recovery. So as you read about all these organizations that are down from an attack.
Shira Rubinoff: Yep.
Jim McGann: And they spend weeks or months trying to recover, that’s not the time you want to figure out if your data has integrity. You want to be doing that as an ongoing practice during everyday, during the data’s replication or protection. Make sure it has integrity, so that you can recover, and you can recover quickly.
Shira Rubinoff: Well, that’s super important. Certainly, I speak to tremendous amount of CISOs and organizations all the time, and we talk about being proactive in our cybersecurity state. And backups, number one topic, right? You have to have the proper backups.
Jim McGann: Right.
Shira Rubinoff: But as you’ve said, what are the backups? Do they have integrity? Is there a problem? Have the adversaries actually hit the backups to even reuse the companies in a worst state that the ransomware attack they were hit with is nothing compared to what’s coming next?
Jim McGann: Right. Yeah. So organizations think data protection can easily flip a switch and become cyber protection.
Shira Rubinoff: Correct.
Jim McGann: It’s very different.
Shira Rubinoff: Yes.
Jim McGann: A fire and a flood is very different from bad actors attacking your data and corrupting your data. So they need to react to that. They need to think differently about it. If you read about, there’s many examples, but the British Library was attacked.
Shira Rubinoff: Mm-hmm.
Jim McGann: It’s taken them six months to rebuild the network infrastructure before they could restore data. If they were a public company, they would be long gone and out of business. Companies can’t afford that kind of strategy. They need to think about the data, they need to protect the data, but also make sure that the data has integrity. If the data’s bad, and you’re making copies of it in a snapshot, or a backup, or replicating it, you can’t expect it to be good when you go to recover it. It’s going to still be bad. And then, you’re just going to struggle to find where is the last good version of data.
Shira Rubinoff: Exactly.
Jim McGann: That’s not a question you should be asking.
Shira Rubinoff: Well, certainly, it’s not that there’s this backup of data and it’s sitting in some vault somewhere. It’s updated all the time because it needs to be. You have to have the latest version.
Jim McGann: Right.
Shira Rubinoff: So how do you know that’s perfectly secure? So that’s very, very important. You had a lot with CyberSense. And what is your approach to data security itself? And when you talk about data security, I mean, the whole encompassing of data security. Data is king, the security around it from every angle.
Jim McGann: Yeah. So as you said, data is king. It ultimately comes down to the data. It’s your active directory, it’s your SAP HANA database, it’s your Oracle database. Are your user files available, and can they be restored, and do they have integrity? I mean, there’s a lot of talk about data resiliency, cyber resiliency, storage resiliency, but we talk about data integrity. Does it have integrity? Can it be restored? With CyberSense, which is our core product, what we’re doing is we’re checking data.
We’re checking the integrity of the data using AI-based machine learning that’s content-based, that inspects inside. So we know based on our research that the variants that are being used today are much more sophisticated. They’re using AI to build the variants. They’re very sophisticated. They’re hiding their tracks. They’re doing intermittent encryption. They’re using algorithms that have low impact on compression rates of the backups or the snapshots. They know exactly what to do.
What we’re doing with AI and machine learning is really outsmarting what they’re doing by looking for patterns of behavior that are indicative of the bad actors, and inspecting it on a daily basis through either a snapshot or a backup, and making sure that when the customer does that replication, that they know it’s good, and they have confidence that they have a copy that they can recover and really minimize their time to recovery significantly versus trying to understand where is the good copy of data.
Shira Rubinoff: Well, that’s super important. Certainly, when you talk about being proactive in your cybersecurity stance and when they talk about what you need to do should, and not if, it’s when a cyber attack occurs, where is that data sitting? And how do you recover it? And what means do you have to get there? And where is your area of just focused on the place that it is secure and it is okay?
Jim McGann: Right.
Shira Rubinoff: And when you look at RSA, I know it’s your first RSA here, and welcome. I know it’s quite the security conference, and they say it’s the biggest one of the year.
Jim McGann: Yeah.
Shira Rubinoff: A lot of companies, a lot of people, a lot of CISOs trying them and some anti-media.
Jim McGann: Right.
Shira Rubinoff: What do you hope to accomplish here at the conference?
Jim McGann: Well, we’ve been working mostly with the data storage and the data protection vendors, and we’ve had a lot of great success there in conversations that we have at end user sites, with the security teams, they see all the telemetry data that we have in CyberSense.
Shira Rubinoff: Sure.
Jim McGann: So for example, when a customer gets attacked and say there’s 50,000 or a 100,000 files that have been corrupted and impacted by a ransomware attack, within CyberSense, the telemetry data tells you the IP address of the servers that were impacted, the time and date of modification of the files, the full file name, the full path. All that information is very rich in terms of the fingerprints of the evidence of what the bad actors have done.
Most of our customers feed that into similar source systems to do further analysis on that. So for example, if they say, “Hey, these four servers were corrupted. These are the specific files.” There’s a listing of all the specific files or databases that were corrupted. You can do some predictive analytics, say, what did network traffic look like right before that happened? Because that’s unusual behavior.
Shira Rubinoff: Certainly.
Jim McGann: And it’s indicative of a bad actor. And if we see that type of behavior, again, shut that activity down because it’s not a normal user activity. So we see opportunity with these organizations that are scattered all about San Francisco today, that there’s partnership opportunities. There’s value in…Together we would be better in terms of helping be proactive. Again, CyberSense is more reactive after the attack, but the information could be used to help prevent future attacks. So we see partnership opportunities with a lot of these vendors here.
Shira Rubinoff: Certainly. And when you identify and you isolate, do you also fix the problem? Or is that something you do with partners and partnerships? Say, you look at it as one plus one equals three, because as you mentioned, we are better together. And that’s a different shift in the cybersecurity landscape than companies as a whole.
Jim McGann: Exactly. I think we are better together. But obviously after the attack occurs, customers will know what the ransomware was used. And you have the ability within CyberSense to upload signatures or use YARA rules to say, is the bad stuff there? Because you don’t want to recover, and then recover the ransomware back in production, so yeah.
Shira Rubinoff: And that has happened quite a few times. Yes?
Jim McGann: This happens all the time.
Shira Rubinoff: Yeah.
Jim McGann: So it has the ability to not recover that information, but we’re not recreating what a lot of these vendors are doing to try to prevent an attack. We’re assuming it’s going to happen, and we’re assuming that you need to know where your last good version of data is to be able to recover. But when you do recover, to know that you’re not recovering some of the executables that they’ll need to be recovered, right?
Shira Rubinoff: Well, that’s wonderful. And I’m sure our audience really enjoyed learning about Index Engines and yourself as well. And I always ask my interviewees for a cybersecurity tip. It could be a cybersecurity business tip, something that might be focused on a business. We’re focused on just the everyday person, because there’s a lot out there today that we deal with, and it’s always important to hear from industry leaders.
Jim McGann: Right.
Shira Rubinoff: From their points of view. So please share with our audience something.
Jim McGann: Something like change your password.
Shira Rubinoff: Listen, that’s important. I don’t know. Why don’t you tell us why?
Jim McGann: Yeah. I mean, if you’ve ever been attacked, you know your children’s name, or your pet’s name, or your street address is not a good password. But I think what we’re doing with data is important to be able to say, if the data’s important to you as a person, like your photos are being… There are ransomware attacks that are attacking people’s phones and encrypting their photos, you would pay $50 to unencrypt your photos, and people would do that.
So I mean, if information’s important to you, think about how you protect it, how you copy it, how you safeguard information. And if it gets corrupted, or encrypted, or replicated, or stolen, think about what that means to you. And if it’s going to be devastating, then you need to change your behavior and think about how to protect against that as an organization or a person, right?
Shira Rubinoff: I love that. That’s almost like being a CEO of your own self, and being secure across your own personal self, as well as an organization.
Jim McGann: Exactly.
Shira Rubinoff: So Jim, it was lovely speaking to you again. And I’m glad we had a chance to sit down together here at the RSA Conference.
Jim McGann: Yep. Looking forward to talking to you anytime. Thanks.
Shira Rubinoff: Thank you. And thank you all for tuning in. We’ll be back shortly.
Author Information
Acclaimed cybersecurity researcher and advisor, Shira is a global keynote speaker and presenter, and expert media commentator. She joined The Futurum Group in February 2024 as President, Cybersphere.