The capabilities of machine learning and AI in cybersecurity are just scratching the surface, according to Bryan Lares, who recently joined ExtraHop as VP of Product. With experience leading both endpoint and network-based security product development, Bryan has had a passion for analytics and machine learning since the technology's early stages in the market, making him primed to expand access and lead the innovation of the next iteration of AI-enabled cybersecurity technology. The ExtraHop editorial team met with Lares to ask him about his approach to innovation and the future of Reveal(x) network detection and response (NDR).
In joining ExtraHop, Lares is looking ahead toward expanded cloud detection and response capabilities, increasing visibility in remote office environments and accelerating the analyst investigation process, and advancing the existing threat intelligence capabilities in Reveal(x). As much as Lares turns to technical innovations to achieve these goals, his approach to growth centers around meeting customer needs in a thoughtful way.
A Customer-First Approach
"We want to learn from our customers in an automated, data-driven way." From discovering how customers actually interact with Reveal(x) to building stronger metrics, Lares has a plan for improving the product team's understanding of how teams are really using Reveal(x).
To Lares, a user- and market-centric approach to product innovation means ensuring that every aspect of the design process is market-backed. This means taking into account NDR's role in the broader security ecosystem, including endpoint detection and response (EDR), SIEM, and firewalls, to achieve more seamless product integration. As he puts it, "it's important to understand the unique value for analysts and threat hunters to make their jobs as easy as possible."
"I think we have the best, most customer-centric user interface in the NDR market. Our product design team has done a fantastic job understanding the workflows needed to solve key problems and accelerate the work of security analysts and threat hunters." Lares comes to ExtraHop looking to run with the progress the product team has already made to provide more robust solutions to longstanding SecOps pain points.
Addressing the Skills Gap With Technology
Staffing concerns are a persistent challenge for today's security teams. According to a recent SANS survey, 64% percent of SecOps team members have worked in cybersecurity for five years or less, and "staffing and manpower" was the most cited concern among surveyed SecOps team members. Another ExtraHop-sponsored survey conducted by Wakefield Research indicates that security leaders are concerned about the well-being of their teams—29% reported low morale as a top challenge.
Today's teams are looking toward security automation and correlated threat intelligence to help ease the pressure being put on SecOps teams, and Lares is aware of the product team's duty to support these needs, saying, "we are all aware of the skill shortage in cybersecurity. There's a tremendous need for more smart people to learn how to be security analysts, and as a product, we want to empower them by making their job as efficient as possible from the initial detection to the response. I think there's a lot of work we can do on the automation side to assist time-strapped teams."
To support these goals, Lares and the product team are looking toward expanded threat intelligence, with data sharing and integration to help the broader security community. By enriching data sharing capabilities, security stakeholders—from level 1 analysts to executives— gain a deeper understanding of what it takes to stop complex attacks.
While automation and threat intelligence are critical modern security technology features, there's one simple aspect of Reveal(x) that Lares won't overlook. "Unfortunately product design and user experience sometimes take a backseat in cybersecurity." According to Lares, easy-to-understand workflows are necessary to enable new cybersecurity analysts to be able to easily understand and investigate anomalies. He adds, "ExtraHop does a world-class job at that. I'm biased, but I think we do the best job in the NDR market at providing a really intuitive user experience for our analysts and threat hunters."
With a customer-first vision for innovation, Lares sees the potential for growth. In addition to thoughtful product design, ExtraHop's early investment in cloud-native solutions and secure decryption capabilities leave Reveal(x) well-positioned for future expansion in the fast-moving NDR market. As he puts it, "Cybersecurity is one of the most important problems of our generation," and Lares and his team are poised to help.