Discover how OPSWAT’s Chief Product Officer, Yiyi Miao, steers the development of cutting-edge cybersecurity products by harnessing customer insights and AI technology.
Yiyi Miao, Chief Product Officer at OPSWAT, leads development of cybersecurity products that directly address market needs. By prioritizing customer feedback and staying vigilant about evolving threats, OPSWAT crafts solutions that tackle specific customer challenges.
Balancing usability with functionality, the company ensures a seamless user experience while delivering innovative products that meet GDPR and HIPAA compliance standards. OPSWAT leverages AI and machine learning to enhance threat detection accuracy and efficiency, safeguarding organizations from cyber threats. Through strong interoperability and integration with third-party products, OPSWAT offers comprehensive security solutions, empowering clients to consolidate vendors and streamline their security operations.
In this interview, Miao delves deep into the company’s approach to product development, fostering innovation, and navigating the ever-evolving cybersecurity landscape. We’ll explore how OPSWAT’s solutions address critical challenges like compliance, data protection, and emerging threats.
Excerpts from the interview;
As OPSWAT’s Chief Product Officer, how do you develop products that are aligned with market needs and customer requirements?
We focus on aligning our product development strategy with market needs and helping customers solve critical cybersecurity challenges. Our approach to product development is multifaceted, strongly emphasizing listening to our customers and closely monitoring the evolving threat and regulatory landscape.
By engaging in ongoing conversations with our customers, gathering feedback, and closely analyzing usage data, we gain invaluable insights into the features and functionalities that are most impactful to them. This customer-centric approach allows us to effectively tailor our product roadmap to address their specific needs.
Furthermore, we continuously monitor the evolving threat landscape and regulatory environment to ensure our products remain at the forefront of cybersecurity innovation. We can anticipate future market needs and proactively integrate relevant features and enhancements into our products by identifying emerging threats, vulnerabilities, and compliance mandates. This proactive approach enhances our solutions’ effectiveness and helps our customers stay ahead of the curve.
We also work closely with industry analysts to gain deeper insights into market trends, emerging technologies, and customer preferences. By leveraging the expertise and insights of analysts, we can validate our product strategies, identify emerging opportunities, and refine our roadmap to better align with the market.
How do you foster innovation in OPSWAT’s product teams?
Innovation is in the DNA of OPSWAT and has been the founding element that propelled the company forward over the past two decades. It influences every aspect of the product team, including entering a new market space, refreshing a technology stack, improving the efficiency of established processes with new tools and services, creating new form factors of products, revamping the usability and scalability of products, plus many others.
All development teams are encouraged to submit and propose innovative ideas and are often authorized to build proof of concept for evaluation. If approved, they can then advance further into a productization plan. The teams have achieved a level of maturity that can balance well between the day-to-day tasks while not forgetting to innovate.
The company is very diversified; thus, we respect local offices to drive innovation and incentivize individuals with what matters most in that culture to get the best outcome from the employees rather than a global policy. Local authority and ownership are key to keeping innovation an always exciting initiative rather than a task or burden.
As a cybersecurity thought leader, what trends shape the future? How does OPSWAT address these challenges?
Several trends and developments will shape the industry’s future. Firstly, the proliferation of compliance mandates and government regulations will continue and drive the growing need for comprehensive security measures across all sectors. Secondly, the practical adoption of AI in cybersecurity applications promises to revolutionize threat detection and response capabilities.
Additionally, as organizations expedite their digital transformation efforts, there will be a simultaneous need to fortify critical infrastructure against emerging threats. Furthermore, heightened attention to supply chain risk management, including regional limitations on suppliers, will become increasingly important in safeguarding against cyber threats. Lastly, the evolution of zero-trust principles will continue, focusing on more practical implementation and enforcement strategies.
OPSWAT is strategically positioned to address these emerging challenges and opportunities in the cybersecurity landscape. With our comprehensive perimeter defense cybersecurity solutions suite, we empower organizations to navigate evolving compliance requirements effectively while leveraging technologies like our MetaDefender Sandbox to enhance threat detection capabilities.
Additionally, our expertise in securing digital transformation initiatives ensures that organizations can confidently embrace cloud technologies while safeguarding critical assets. OPSWAT enables organizations to mitigate hardware and software threats from suppliers, including adhering to country and regional limitations. Furthermore, our commitment to advancing zero-trust principles ensures that organizations can effectively implement and enforce security measures across their networks and devices.
How do you balance usability and functionality in OPSWAT’s cybersecurity product design for a seamless user experience?
OPSWAT views usability as one of the key differentiators in our offerings compared to others in the market, and it often receives recognition from existing customers or prospects. We believe that usability not only lies in a good user interface from a software standpoint, but we also respect every aspect of the user experience, from unboxing hardware and onboarding service to supporting a product when there is an issue. We employ and embed dedicated usability experts directly into the product team and often next to the development team and product management to get in and front as early as possible.
Usability is like quality assurance; doing it right from the get-go is cheaper and more efficient than retrofitting an established implementation, which often needs to be more flexible and resistant. Product management layers are encouraged to review requirements with the usability team before a milestone is set and to allocate essential cycles needed to implement the right usability.
We also conduct user research by collecting feedback directly from internal and external participants, often with key customers, to understand the pain points and areas of improvement. To scale the operation, we also have developed standard frameworks and references for different teams and embedded these into their development practice to maximize efficiency and reduce the adoption friction.
How do OPSWAT products help meet GDPR and HIPAA compliance?
OPSWAT protects organizations across various critical infrastructure sectors, thus helping them work toward different compliance standards and regulations. From a data privacy perspective, our Proactive Data Loss Prevention (Proactive DLP) technology prevents accidental data leaks by content-checking and auto-remediation. The technology is available as one of the baseline capabilities of our powerful MetaDefender platform. It can be applied to as many data channels as possible, such as email body and attachments, web traffic, file upload and download, storage, and file transfer between sensitive networks.
Our other MetaDefender products, including our NetWall and Kiosk, also support compliance with Industrial Cybersecurity standards: NERC CIP – NIST CSF, ICS, 800-82, 800-53 – IEC 62443 – NRC 5.71 – CFATS ISO 27001, 27032, 27103 – ANSSI – IIC SF and more.
What are the latest innovations in OPSWAT’s cybersecurity products, especially in threat detection, vulnerability management, or data protection?
We recently reinforced our industry-leading peripheral media protection solution with various new hardware form factors launches, including a new Kiosk Mini, a new VESA-mountable and lockable stand, and a first-of-its-kind Sandbox capability on a kiosk. In addition to our hardware lineup, we have enhanced our OT security portfolio to have more integrated solutions from detection to prevention.
How does OPSWAT ensure seamless integration with third-party products for comprehensive cybersecurity solutions?
Our dedication to interoperability and seamless integration with cybersecurity tools is at the core of our commitment to delivering comprehensive security solutions for our customers. We have many existing technical partners that promote joint go-to-market solutions to service customers with critical infrastructure with a “defense in depth” and “shared responsibility” strategy. We offer solutions directly to enterprise and government customers and fully commit to our technical OEM customers to sustain the technology ecosystem OPSWAT has built in the past two decades with the sole purpose of interoperability among different security vendors.
We are also doubling down on a platform strategy that all our security solutions, tailored to address specific deployments and use cases within critical infrastructure, will be integrated by default to a central management platform named “My OPSWAT”. It is an example of our dedication to simplifying security management, offering users a centralized console for efficient tracking and management of multiple products. This centralized approach empowers users to manage, update, operate, respond, and remediate — all from a single pane of glass view.
At OPSWAT, we assist clients in consolidating vendors, providing them a unified experience to strengthen their cybersecurity posture and streamline security operations.
How does OPSWAT use AI and machine learning to enhance cybersecurity threat detection?
Our MetaDefender platform detects cyber threats by integrating and monitoring multiple entry points across the entire OT environment, including but not limited to securing workstation removable media ports, monitoring communication between OT assets, governing data transfer and replication between IT and OT networks, securing remote access into OT assets, inspecting transient cyber assets before being introduced to OT networks.
Our OT solution uses a machine learning mechanism to establish asset inventories and network-level communication rules to detect anomalous behaviors within the OT environment. The baseline is established from the learning phase. It is automatically (with options to override manually) updated or adjusted in response to alerts and constant communication monitoring among all assets. To protect edge devices, like PLCs/RTUs, our solution detects cyber threats and anomalous behavior through deep packet inspection (DPI), behavioral analysis, signature-based detection, and self-learning traffic analysis to continuously refine the policies and block malicious intent or human mistakes that lie out of the expected policies.
Our Threat Intelligence service analyzes millions of data entries from thousands of in-the-wild devices worldwide. It develops a cloud-based database with billions of data points for binary reputation, vulnerable hashes, malware outbreak samples, and many others. OPSWAT’s MetaDefender Threat Intelligence utilizes pattern search to query our massive dataset, identifying files using patterns and expressions. Combined with our Similarity Search functionality, this powerful technology provides a comprehensive and intuitive system that detects, analyzes, and responds to all threats. MetaDefender Sandbox (previously known as OPSWAT Filescan Sandbox) offers a variety of features related to URL analysis, including the use of ML-based image analysis for phishing detection.
