#CYLANCE ANTIVIRUS FAILS MANUAL#
You may ask, 'Why are we stuck in the semi-automated to manual phase for detection and response?' In my ' 9 Box of Controls' post, I explain the cost gets higher for an enterprise as it moves from automated to manual. Harkins: I agree - it's not just the data. But if you're talking about widespread infectiveness, then I'm not sure it can be just a data issue. What do you think is the core issue with these failed security products? A lot of complaints have been centered on the fact that they generate so much data it's hard for customers to know what they're looking at and what's important. Why do we have so many? It's because the stuff we bought for 20 years hasn't worked. If you get products that work, then you'll need fewer products. If we were delivering a better outcome, guess what? We would have a reduction in vendors, because we wouldn't be slapping the Band-Aids, bubblegum and baling wire that is being promulgated out in the industry. It's the outcome, and the fact that we're not delivering the outcome that's the problem. So, is it the number that's the problem? No. Malcolm HarkinsChief security and trust officer, BlackBerry Cylance And if I do solve that problem, now I've got 10 other products I can't sell.' I've heard that directly from CEOs of security companies. I've pushed CEOs of a lot of vendors over the years, and they've said, 'Well, I'm not going to go solve that problem because I can't make any money out of it.
#CYLANCE ANTIVIRUS FAILS SOFTWARE#
How many hardware vendors do we have? How many other software vendors do we have? And nobody complains about that, because those are IT capabilities, and some are being used in an enterprise context. If they're delivering me the business outcomes that I need on risk and cost, then who cares if it's five, 50 or 500? Nobody's complaining about the tens of thousands of apps. It's a distraction to the real issue, which is, it doesn't matter if I have five vendors or 50 vendors.
Harkins: I think the industry likes to say there are too many security vendors in order to feed the beast of 'grow and destroy' and not actually solve the problem. Do you feel like there are too many vendors and that's part of the problem? Instead of rewarding them with more revenue and more money for selling us more crap that doesn't work, we should be holding them accountable and culpable for the issues that we've got.Įndpoint security has become a very crowded space. I give speeches and talks on that, and I tell everybody we need to do attribution to the control that failed and focus people on where the security industry has failed to do its job. And I want to break it, bend it and basically expose the fact that the industry, by and large, doesn't actually care if it solves the problem. Malcolm Harkins: Cylance gives me a platform as well to talk about the things that have frankly pissed me off about the industry. In addition to your day-to-day responsibilities within Cylance, you've also been pretty vocal outside the organization about the problems you see with information security. Harkins spoke with us at RSA Conference 2019 about his views on enterprise security struggles, calling out vendors instead of hacking victims, and why CISOs need to change how they operate.Įditor's note: This interview has been edited for length and clarity.
0 kommentar(er)
