New Constellation Research analyst Chirag Mehta outlined his approach to cybersecurity on DisrupTV. Chirag is the former Chief Product Officer at SaaS vendors Zipline and iCIMS and held various leadership roles at Google and SAP.
Here are a few takeaways from his DisrupTV appearance.
The variables in cybersecurity. Mehta said there are three key parts to cybersecurity. First, data driven signals and what a company can infer from them and respond. The second part is the human story. "We human beings are inherently trustworthy," he said. And third, what does the response look like? "We're all going to get breached. How can I respond to the test? What does that incident response kind of system look like?"
Design thinking and cybersecurity. Mehta's previous stints revolved around developing applications and products at enterprise software companies. He focuses on design thinking to humanize cybersecurity for CXOs. "You need to be proactive, more outcome based, and risk based," said Mehta. "I'm passionate about helping CXOs find their way and make their organizations more secure."
AI and cybersecurity. Perimeter and network-based approaches to cybersecurity are often flawed because "your employees are everywhere, and your data is everywhere." As a result, "AI has a role in creating a dynamic perimeter and what's going on in my environment," said Mehta. "The dynamic AI perimeter will happen, and the reason is the rise of AI means all of these problems are not solvable by human beings."
"Sophisticated, AI-driven attacks need a sophisticated response, which is AI-driven," said Mehta.
"You're going to have access to a vast amount of data telemetry, all the signals that you can analyze, and you can actually defend, including the behavior of your end users. You can defend against these attacks," he said.
What is emerging is cybersecurity platforms that use AI to become a cyber operating system.
- Zscaler acquires Avalor for security data fabric
- CrowdStrike, Palo Alto Networks duel over platforms vs. bundles
- Cybersecurity platforms spar over data, generative AI, wallet share
-
CrowdStrike launches Charlotte AI, generative AI to uplevel, democratize cybersecurity analysis
ROI and cybersecurity. CXOs have said that cybersecurity budgets have been poached in the last year for AI projects. Mehta said that focus on returns is misplaced. He said:
"Security is cost of doing business. If you don't have security, you won't have business, and then you won't have ROI on anything else. It's not very clear to most leaders that they need to invest into foundational technology so that they can actually have a business, invest in generative AI and everything else in the digital transformation journey. Cybersecurity is not an optional thing."
Cybersecurity is a risk-based investment since one mistake can hit your stock price, result in SEC disclosure and harm the business, said Mehta. Enterprises will use AI to model various threat vectors and have a defense for any given situation.
By nature, defenses will have to become more autonomous. "If the idea is that a human has to get involved when there's an attack you're not going to scale," said Mehta.