Aviva Zacks of Safety Detective caught up with Chris Rothe, CPO and co-founder of Red Canary. He revealed what he loves about cybersecurity, how the threat landscape is evolving, and what Red Canary is doing to change the industry for the better.
Safety Detective: How did you get into cybersecurity and what do you love about it?
Chris Rothe: I got into cybersecurity by way of the defense industry. I worked in national security for a number of years and I naturally made my way from that over to cybersecurity because national defense has a huge cyber focus these days. I ended up working with a group that took technology and tools used for defending the United States government and brought them to commercial sectors.
I love our mission of protecting businesses so they can do their best work without fear of damage from a cyberattack. We care deeply about empowering other people to make their biggest impact without having to worry about losing all their data or money to an attacker.
SD: What are some industries that use Red Canary’s technology and why?
CR: We work with companies across all industries at this point, but our biggest concentrations are in verticals that have the most to protect. Financial services have historically been at the leading edge of cybersecurity because they’re very directly protecting money. They’re a juicy target for attackers, so we have a lot of customers in banking and finance. Technology companies have intellectual property to protect, so that’s their biggest risk from a security standpoint. Healthcare has been a vertical that’s been a little slower to take care of themselves from a cybersecurity standpoint, but they have been making great strides in the last few years.
SD: Can you tell me about Red Canary’s technology?
CR: Our goal is to detect what gets past traditional and even next-generation antivirus or defense products. We think of ourselves as the last line of defense, monitoring everything that happens on every endpoint and looking for signs that attackers are bypassing your security controls or prevention technologies.
The other piece to our product is being an ally to our customers. We don’t just generate alerts back to the customer with no context. We do a full investigation and then if they do have a compromise, we will work very closely with them to help them remediate the threat and understand what they can do to improve their defenses going forward. That overall mission of being their ally and helping them get better over time is what we really care about.
SD: What is your core product?
CR: Our core product falls into the managed detection and response (MDR) area. For most of our customers, what they buy from Red Canary is Red Canary Managed Detection and Response, which is 24/7 monitoring for signs of attack that may have bypassed their prevention technology.
SD: What do you feel is the number one threat in cybersecurity today?
CR: It depends on who you are as a business or as an individual and depends on what you have. We see a lot of organizations like school districts and hospitals getting targeted by ransomware, which is malware where the adversary attempts to extort the organization for money in exchange for getting their data back.
But if you are a high-tech firm that has a lot of intellectual property, you’re more likely to be targeted by a nation-state or corporate espionage. These entities would be attempting to use very quiet techniques to break in and steal your data. For most of the population, ransomware is the thing that’s most destructive and painful to deal with.
SD: How do you feel that the cyber threat landscape will change in the next five years or so?
CR: Information security is a cat and mouse game between defenders and attackers. Big changes that are happening in the IT world are the movement to the cloud and increased usage of SaaS applications. This forces attackers to change from coming straight to endpoints to trying to figure out how to compromise those SaaS applications. Unfortunately, it’s not going to get any less risky or less dangerous. As long as the economies of the world continue to generate money and intellectual property, adversaries will keep looking for novel ways to take it. The good news is that there are a number of things we can do to protect against adversaries. A lot of the changes that are happening in IT help us to adjust and control surface area. That makes it easier to monitor, and we can do more hardening than we have been able to in the past.
SD: How will Red Canary stay ahead of the curve?
CR: We spent a lot of time trying to figure out the data sources and the tap points that we need to look at in the future when those fundamental changes occur in IT. The other part of it is understanding what attackers are doing, how they’re evolving, and the new techniques they’re using to break into companies. Then we can very quickly deploy detection technology to find and stop it.
We think about it from the attacker’s side as best as we can and imagine where the weak points are going to be in the future. We’ve also invested a great deal in education and research—not only for our team but for the community as a whole. The more we can do to strengthen and empower security teams, the closer we get to achieving our mission: creating a world where people and businesses can operate without fear of cyberattacks and be free to make their greatest impact.