Innovation More Understandable

"My stand is halfway. A hype might be in one end, and a solve-it-all approach in the other.

I consider ML and AI as valuable approximations to leverage behavioral information for cybersecurity; for instance, to detect anomalies. We have a significant restriction with current detection systems: they work based on who the user is, not on his/her behavior. There is no behavioral baseline. Behavior-based intrusion detection enabled by AI is a step forward allowing organizations to be more efficient.

A kind of hype is present in how IT providers market their newest products and how they describe their applications. Some companies suggest something like ML and AI are the “solution to all problems.” Others sell ML and AI “embodied” as assistants to managerial decisions, conveying a robotic way of enforcing security policies and containing incidents. I don’t see myself doing that; I think we’re not there. Nonetheless, we haven’t learned enough —or adequately— about risks from the behavior of the users we protect; even less we can program machines to understand and leverage users’ behavior. The machines’ capability to detect and restrain cyberattacks automatically is still far in the future. I think the human criterion, the human brain is and will continue to be essential for decision-making in cybersecurity. I do not deny these capabilities exists. In some AI-powered customer service applications, you cannot identify easily whether the other party is a robot. There are operations in which ML and AI could add value to our business, but I don’t see it as a replacement for high-order decision-making."

"Not yet. Two reasons for that: first, we have made a strategic decision not to be early adopters of new technology. We are conservative about managing risks, in part due to the market we serve. Investing in the latest solutions is expensive. I see other fronts where smaller investments have a greater impact on what I do with my team. We seek for small, incremental innovations. Second, we are not focused on forefront topics, like, for example, those Fluid Attacks is concentrated on. Our cybersecurity operations reach a variety of technologies. Some are legacy —for example, our core, production plants. Others, cutting-edge tech. In this heterogeneous environment, it is essential to have a strategy and a vision covering all assets.

Nevertheless, there is an opportunity in using AI in Industrial Networks or OT (Operational Technology). It should be feasible to deploy an AI practical application to better support our cybersecurity operations.

We trust on partners like Fluid Attacks, which are doing novel work at industry-level. Fluid Attacks invests resources in exploring and testing with stuff others don’t. Fluid Attacks’ Hacking services are proof of that. A couple of times, I’ve read on the news stuff Fluid Attacks began to prototype and test months before."

"I am a critic of the traditional concept of innovation. Innovation is not an end for us; it is an attribute. For Corona, to innovate is to make things we already do, but differently; is to start doing things we previously didn’t do that support our business goals for real. In that way, we make innovation more understandable, more worldly; we remove the strange “pedestal,” where traditional innovation-speech seem to be. By actively seeking how we can do stuff differently, we create innovation, even if it is not new, but is disruptive for us, and more importantly, it delivers value to the business. We have found (and transformed) processes with no change for more than 130 years!

We have to be very assertive in investments in our business. Those should be centered mostly on detection capabilities, in knowing what is happening. No matter if fixing takes too long after detection. Why? Transparency and honesty. This is a responsible way to manage cybersecurity risks in a company with a traditional vision of risk management because it is easier to ask for resources for protections we don’t have." (Interested in transparency and honesty? Take a look at The F*CK strategy)

"Last year we had an idea: what if we develop customized software for cyberintelligence? We needed to know what was going on beyond antivirus or firewalls alerts. We didn’t want to keep looking at mere associations among events (malware, the status of servers, business rules, etc.). We wanted to go further: to know “the status” of business processes from our cybersecurity operations. That involves mapping all IT assets and creating risk assessments quickly and easy to understand to company stakeholders. In other words, we wanted to establish a smooth communication to the business in the language of business. Think of it, for example, as a risk score linked to payroll processes, available before the start of the payroll cycle, allowing better decision-making.

We worked with another partner in developing a customized solution. We turned to agile methodologies, something new for us. The approach was so disruptive —in our terms— that it wasn’t necessary to include IT stakeholders during development. The technology supporting the soon-to-be solution was on the cloud and container-based. We avoided many committees and discussions. When I presented the product to the company, IT was surprised and told us: “this wasn’t discussed in X, Y and Z committees…” but once they saw the product live, they started to fantasize about stuff they could do by working differently.

An almost entirely functional product was serving us in less than ten months. And we won Corona’s innovation prize, the Prisma award."