Message from our CEO: The Panaseer Mission
June 18, 2018
Having spent a career split between building trading systems to generate revenue, and building systems to reduce risk, I’ve come to realise several truths. First, businesses have a mandate to make a profit above all else. Second, attackers do not care about our economics but are very much driven by their own. Third, as much as we may wish to be infallible, people are vulnerable and make mistakes.
The job of the security team ultimately is to outsmart and out-manoeuvre the bad-guys and mitigate the unfortunate mistakes any one of our employees can make in the protection and ideally the generation of those profits. No easy task. Adversaries are more agile than ever, and the asymmetry between attack and defence means they only need to find one hole, meaning we have to cover them all.
The longer I’ve worked in security, the more apparent it is that the holes are everywhere. Old software. A flaky joiners/movers/leavers process. Open ports. Missing controls. Shadow IT. That old laptop left in the drawer at home. Misconfigured tools. That USB stick with the fluffy pink bunny left in the car park outside the office. Tempting phishing emails. The cleaner. The wide-open third-party data processor. Those applications you wrote back in the 90s. Java….
While the holes may be found everywhere, actually discovering them can be a more laborious task than imagined. Doing “good security” is made difficult by the lack of clarity generated by a combination of the dirty data generated about these holes, a growing cacophony of security tools, and the inability to understand what we’re actually meant to be protecting – the devices, the applications, the people, the data.
Who has an up to date device inventory? No? Why not? Because it’s manual, and there’s no reconciliation process to continuously improve it. It’s painful. Now add to this by buying and (almost) deploying and not entirely configuring every security tool we can find on the open market. Bingo – silo central.
Moreover, of course, let’s double the complexity of this challenge with demands for status reports from all stakeholders – you want to see the exposure to new threats for a specific business line in a particular region? Prioritised by business criticality of the assets? What, today? Seriously….
Now we have more tools, less joined up visibility, the highest levels of scrutiny over our program, and our security professionals are scarcer and in higher demand than ever.
This can go on no longer. It is no longer feasible to do it this way. We need:
- to embrace data-driven & automation
- reconciliation engines to better understand our assets
- to get joined up value from all the security tools we’ve bought, making sure we get the basics of cyber hygiene done correctly
- self-service and empowerment for our data consumers
- demonstrate strong control over cyber security risks – confidence when making decisions and describing these to our key stakeholders.
Today we announce the completion of our Series-A funding round. I’m honoured that the work we are doing to create data-driven security programs, both in Panaseer the company and the Panaseer Platform, has been recognised and supported by organisations such as Evolution Equity Partners, Notion Capital and our new investors, Cisco. Today, for me, marks the day that the security industry recognises the demand to evolve from a reactive to a proactive approach – fireproofing, rather than firefighting.
Our mission at Panaseer is to make every enterprise Cyber-Security Risk Intelligent.
What does that mean? It means organisations can start planning for the bad-guys rather than reacting when they attack. Panaseer’s strength is in providing visibility and risk transparency through continuous control measurement via a truly extensible platform. Through a rich understanding of the risk posture of a system, business line or region, organisations are empowered to apply a risk-based approach to their cyber security, focusing efforts across the enterprise on areas of greatest return (i.e. driving risk reduction). The funding announced today will fuel Panaseers’ continued international expansion and product development, to bring more insight, visibility and automation to cyber security.
The Panaseer Platform provides automated visibility of an organisation’s cyber security status, empowering enterprises to take the best value actions to reduce risk, and to report this to key stakeholders. Dynamic dashboards provide role-specific drill-down perspectives of security, allowing the C-suite to Security and IT teams to take proactive action to reduce risk exposure. With insight on digital risk, performance and remediation enterprises are empowered to fireproof rather than firefight.
As a team, we look forward to working with organisations who understand the difficulty and complexity of today’s security operations and risk implications that come from planning for the bad guys. My favourite moment this week? A CISO client said to me – “Our Head of IT looks at Panaseer every day. He makes decisions and adjusts his team’s work based on the metrics. I don’t have to spend hours trying to persuade him to take action anymore – he just looks at Panaseer and knows what to do”.