What’s Next for Cybersecurity? An Industry Insider’s Look

OPSWAT’s COO, Stephen Gorham, discusses key cybersecurity trends (compliance, AI, supply chain) and advises businesses to strengthen their security posture. Learn how OPSWAT’s solutions address these challenges.

The cybersecurity industry is a constant arms race, with attackers developing new tactics and organizations needing to adapt their defenses accordingly. In this interview, we speak with Stephen Gorham, COO of OPSWAT, a leader in critical infrastructure cybersecurity solutions. We discuss the evolving threat landscape, OPSWAT’s approach to staying ahead of the curve, and how their solutions help organizations of all sizes mitigate cyber risks.

Gorham shares his insights on the key trends shaping the cybersecurity landscape. He discusses the growing role of compliance mandates, the adoption of AI in security solutions, and the increasing focus on securing the ever-expanding digital supply chain. He also offered valuable advice to organizations looking to strengthen their security posture, emphasizing the importance of aligning with security frameworks and conducting thorough risk assessments.

Excerpts from the interview;

Cybersecurity is a constant evolution. How do you anticipate industry changes in the next few years, and how is OPSWAT preparing to adapt?

The industry is always changing, and over the next few years, we will likely see more compliance mandates and government regulations, more adoption of AI, accelerated digital transformation to the cloud, and an increased focus on securing the supply chain. Given OPSWAT’s prevention-based approach and ability to innovate based on customer and market needs, we will continue to help organizations address these changes and the evolving cybersecurity landscape. 

As a cybersecurity thought leader, what advice can you offer organizations seeking to strengthen their security posture and mitigate emerging threats?

My first advice to organizations on strengthening their security posture would be to align with a standard security framework, such as NIST, ISO, etc., to establish a baseline of security practices. I would also advise organizations to thoroughly inventory their assets, including data, systems, infrastructure, and identity-critical business processes, and prioritize them based on their importance to the organization’s operations. 

Additionally, organizations should perform risk assessments to identify potential threats and vulnerabilities that could impact the organizations’ assets and business processes. Evaluate existing security defenses against the identified risks to determine if there are any gaps or weaknesses in the security posture that need to be addressed. Finally, recognize that cybersecurity is an ongoing process that requires continuous monitoring, evaluation, and improvement. Stay updated on emerging threats and evolving best practices, and adapt security measures accordingly.

Also Read: Google Cloud Next 2024: AI Takes Center Stage with New Tools and Partnerships

Are there any recent cybersecurity developments that you find particularly intriguing or impactful? How do you envision them shaping the industry’s future?

Implementing detection as code to automate incident and event management alongside orchestration has caught my attention due to its significant impact on the industry. This approach addresses the shortage of skilled cybersecurity professionals, improves reaction times to threats, and leverages AI capabilities for enhanced detection and response. Organizations can streamline their security operations by automating initial triage and response processes, reducing dependency on human intervention, and enabling teams to focus on higher-value tasks like threat hunting and strategic planning.

Can you summarize OPSWAT’s cybersecurity solutions and multi-scanning technology’s role in threat prevention?

OPSWAT is a global leader in IT, OT, and ICS critical infrastructure cybersecurity solutions and Deep Content Disarm and Reconstruction (CDR), protecting the world’s critical infrastructure from malware and zero-day attacks. We protect organizations in the manufacturing, nuclear, energy, oil and gas, government, and defense sectors, among others, and offer over 20 zero-trust solutions tailored to protect critical infrastructure environments. Our MetaDefender platform leverages Deep CDR, Multiscanning, Proactive DLP, emulation-based sandbox, and country of origin technology to provide OT threat prevention, industrial network security and visibility, secure IT/OT data sharing, zero-trust network segmentation, file scanning, and threat intelligence.

Recognizing the inherent limitations of traditional antivirus solutions, we pioneered the concept of Multiscanning within our MetaDefender platform, aggregating multiple antivirus engines to enhance detection accuracy. A single antivirus engine can detect 40%-80% of malware/viruses. OPSWAT Multiscanning allows you to scan files with over 30 anti-malware engines on-premises and in the cloud to achieve detection rates greater than 99%.

How do OPSWAT’s endpoint security solutions help organizations safeguard their endpoints against threats?

It’s crucial to have the right security for users who access an organization’s network, data, and applications from home or the office. OPSWAT’s MetaDefender IT-OT Access is our endpoint security solution that provides a single integrated platform to offer visibility, security, and control of all the devices on a network. It can provide deep compliance, vulnerability, patch management, advanced endpoint protection, and anti-malware. With our platform, security compliance is addressed, the resources to implement and maintain are reduced, and users have a cohesive experience accessing company applications and data.

With cyber-attacks growing more sophisticated, how does OPSWAT ensure its threat intelligence remains effective and reliable?

OPSWAT helps organizations effectively mitigate cyber-attacks through a proactive defense-in-depth strategy. Acknowledging the inadequacy of traditional antivirus solutions, OPSWAT employs multiple antivirus scanning engines with its multiscanning technology and sandboxing techniques to detect and mitigate threats in both online and offline environments. We also pioneered and leveraged Deep Content Disarm and Reconstruction (Deep CDR) technology to sanitize incoming files and data streams, effectively neutralizing potential threats while preserving functionality. By integrating these advanced approaches, OPSWAT ensures proactive defense against sophisticated cyber threats, empowering organizations to safeguard their digital assets confidently.

Can you elaborate on how OPSWAT leverages machine learning and artificial intelligence in its cybersecurity solutions to enhance threat detection and analysis?

Our MetaDefender platform detects cyber threats by integrating and monitoring multiple entry points across the entire OT environment, including but not limited to securing workstation removable media ports, monitoring communication between OT assets, governing data transfer and replication between IT and OT networks, securing remote access into OT assets and inspecting transient cyber assets before being introduced to OT networks. Our solution uses a machine learning mechanism to detect anomalous behaviors within the OT environment. The baseline is established from the learning phase and is manually updated or adjusted in response to alerts. To protect edge devices, like PLCs/RTUs, our solution detects cyber threats and anomalous behavior through deep packet inspection (DPI), behavioral analysis, signature-based detection, and self-learning traffic analysis.

Our Threat Intelligence service analyzes millions of data entries from thousands of in-the-wild devices worldwide. It develops a cloud-based database with billions of data points for binary reputation, vulnerable hashes, malware outbreak samples, and many others. OPSWAT’s MetaDefender Threat Intelligence utilizes pattern search to query our massive dataset, identifying files using patterns and expressions. Combined with our Similarity Search functionality, this powerful technology provides a comprehensive and intuitive system that detects, analyzes, and responds to all threats. MetaDefender Sandbox (previously known as OPSWAT Filescan Sandbox) offers a variety of features related to URL analysis, including the use of ML-based image analysis for phishing detection. 

Also Read: We All Have a Tech Stack, But Are We Using It Right?

As COO, how do you collaborate with OPSWAT’s technical teams to ensure their strategies align with the company’s broader business objectives?

As customer zero, we provide constant feedback on our products internally, ensuring that improvements and enhancements are understood and aligned with roadmaps. We also participate in many POCs to further validate emerging products’ usability, effectiveness, and market relativeness. 

As COO, I ensure that the product teams understand the changing market landscape and how that may affect the viability of products or features. I also provide adequate guidance and process/policy for a secure SDLC process.