At Manchester Digital, we like to interview our members to find out a bit more about what they do and their work in the Greater Manchester digital and technology sphere. This week we're speaking with Javid Khan, CTO at CloudGuard.
CloudGuard AI specialises in affordable cybersecurity for SMEs. Can you explain your approach and why smaller businesses must have robust cybersecurity measures in place?
All businesses must invest in some level of cybersecurity. SMEs are more at risk of cyberattacks as they are likely to have limited investment in cybersecurity. They don’t have the luxury of a full-scale budget to cover all the necessary technology, process, and teams that larger businesses have. In our experience, they’re simply not as mature in their cybersecurity practices, which leaves them more exposed.
Our approach at CloudGuard addresses these gaps by implementing a holistic strategy. We plug in our platform to capture all security events across the customers environment and use automation and AI to enrich, investigate and remediate. This is all underpinned by our operational team, process and incident response frameworks, handles the events end to end, around the clock.
This means our customers don’t need to sink money into new technology or personnel – we plug straight into their existing teams and operations.
What’s the real advantage?
It’s the reason we started CloudGuard to begin with. We pass the savings from our automation back to our customers. So, SMEs get enterprise-grade cybersecurity services at a more affordable price point.
Your company offers comprehensive services from cyber audits to managed services. How does this end-to-end approach benefit your clients, and what are some common security gaps you often identify in SMEs?
We’ve found that when businesses purchase solutions to fix individual problems, they work great in isolation. But as you begin to add more products, and look at their security as a whole, this is where the exploitable gaps begin to show. On top of this, there’s always going to be new and evolving threats, which add to the vulnerabilities between solutions.
So first we need to understand our customer’s current landscape and the maturity of their cybersecurity. That’s why we start with our ASSESS service. It gives us a solid baseline of areas to focus on and prioritise.
Next is PROTECT—our fully automated MXDR (Managed Extended Detection and Response) service designed to manage and respond to threats proactively. This helps mitigate the need for businesses to implement such a solution themselves, which can be costly and time-consuming, especially for small IT teams.
Finally, we have ENHANCE, which is all about continuously improving our customers’ security posture. We do this by adding additional layers of intelligence, such as advanced threat intelligence, vulnerability management, and intelligent endpoint insights.
The security landscape is always changing, and without advanced automation and AI, smaller businesses will find it challenging to keep up.
There's a lot of buzz around AI in cybersecurity. What are some common myths or misconceptions about AI in this field, and how does CloudGuard AI leverage AI technology in its services?
A common misconception about AI in cybersecurity is that it will take over the roles of human experts. At CloudGuard, our approach is to work with AI, not be deluded into thinking it will replace us. We understand the benefits of AI and how it can be effectively combined with human intelligence to proactively hunt and remediate threats quicker!
An example of how we utilise AI and automation is to further enrich the security events we identify for our customers. This involves integrating Indicators of Compromise (IoC) data from various reputable curated threat intelligence feeds and threat signals.
With this enriched information, our automation logic can make informed decisions about how to handle each event once all the relevant data and evidence are gathered. AI helps us summarise and curate this data, respond to our customers, and execute automation remediation workflows before handing over to our human operations. We call this AI agent Ansel.
The key point is that Ansel is used to supplement, not replace, our operations. We've seen a significant reduction in the amount of human work required—transforming tasks that used to take 3-5 hours down to just minutes.
I’ve wrote an article that delves into this more so feel free to take a read if you want to know my full thoughts on this topic.
Can you share a success story of how your services have made a significant impact on an SME client?
A notable success for us was our collaboration with Amazon Filters, a manufacturing company that struggled with conventional security measures. Faced with increasing ransomware attacks targeting their industry, they needed to reassess their cybersecurity strategy.
Amazon Filters first underwent a thorough assessment to pinpoint critical security gaps (our ASSESS service). Then, we implemented an automated threat detection and response system (our PROTECT service) that over a period of 90 days automated 98% of alerts, saving them 52 days compared to manual methods.
Integrating with Microsoft Sentinel allowed us to improve their real-time threat visibility and streamline their operations. This way, Amazon Filters didn’t have to be overwhelmed by constant alerts. Instead focus on growing their business whilst having the peace of mind that their security is in the hands of experts.
As cyber threats evolve rapidly, how does CloudGuard AI stay ahead of the curve to protect its clients? What emerging trends or threats should SMEs be particularly aware of?
Cyber-attacks have truly devastating consequences on smaller businesses. Budgets are tighter which means the chances of recovery can be much more challenging, especially without the right protection in place.
SMEs should be particularly aware of several emerging threats:
- Ransomware-as-a-Service (RaaS): This model has lowered the barrier for cybercriminals, enabling less skilled hackers to launch ransomware attacks. SMEs, often seen as low-hanging fruit, are at risk.
- Supply Chain Attacks: Cybercriminals are increasingly targeting smaller vendors and suppliers that work with larger organisations.
- Phishing and Social Engineering: These attacks are becoming more sophisticated and personalised, making it easier for employees to be tricked.
- Insider Threats: Whether malicious or accidental, insider threats are a growing concern.
The vast majority of cyber incidents boil down to human error, so it’s essential for businesses to remove as much of this burden from their teams as possible. We’re all human, and we all make mistakes.
CloudGuard stays ahead of threats that SMEs face through proactive collaboration with leading industry partners like Microsoft and Recorded Future, alongside our own innovation in AI and automation. We also remain engaged in the broader cybersecurity community, where our senior analysts and experts regularly contribute to industry discussions and forums.
This ensures we’re continuously weaving this knowledge into our own strategies and solutions. All of this is to make sure our customers are benefitting from the latest advancements in cybersecurity.
Thank you Javid.
Find out more about CloudGuard here.
