Mr. Tom Finn

Kaori Kitamura
October 21, 2022

1. How has your experience as a business executive shaped the way you think about management and product development?

 

When product development is done well, it embraces the front-line of the business; it knows the voice of the customer on both a direct and indirect basis. Product managers are in regular contact with clients, field sales, engineering, technical alliance integration specialists and marketing staff. As a result, they have a multifaceted view of what’s happening in the marketplace. So, when I’m asked how my personal experience has shaped my view of company management, my answer is, regardless of our individual roles/responsibilities, we must all go out of our way to stay a breast of the information being shared across these “channels.” Otherwise, we can quickly lose touch with the real world – the customer priorities that should be directing our business. In my mind, it’s an organizational litmus test.

 

2. What are the biggest challenges facing Claroty that you would be excited to help overcome?

 

Claroty just made a very interesting, strategic acquisition. It bought a highly specialized company in Medigate that,like itself, is distinguished by its deep domain expertise (in Medigate’s case,it’s the healthcare sector). As Claroty continues to grow, our challenge is to avoid tradeoffs that could diminish that competitive advantage. We must remain fluent in the languages and nuance of the sub-verticals that comprise our addressable market. That’s why how we define problems, articulate solutions, select use-cases and match our experts with clients is increasingly important. Where do I see myself? Being part of the team that addresses that challenge. Not insane ways business values our customers expect to receive.  

 

3. Howdoes your product compare to the other cybersecurity products on the market?

 

Our platform is distinguished by vertical specialization/relevance, feature/function breadth and ease of use. While these advantages are difficult to balance across the nuanced requirements of different sectors, it can be done. And when it’s done well, you can move from what may appear to be mutually exclusive objectives to a community synergy with added benefits. The technical challenges to achieving what I’ll call an “integrated life-cycle framework” are sewn into Claroty's product development fabric – very much by desig. That's why, even at first glance, you'll see obvious industry-specificity in our interfaces, supported use-cases, etc. From assetphotographs, to classification schemes, to threat correlations, to customizable risk scoring frameworks. This facilitates our ability to provide mitigation and remediation plans that make sense to specialized user workflows. In other words,the ease of use we are known for is not just based on interface design, but instantly identifiable industry use cases and workflow relevance. We meet our clients where they live. We do not attempt to convince them that the features and benefits of a solution created for a hospital can be abstracted to satisfy the needs of an automotive manufacturer. Put simply, by eliminating the abstractions, we reduce the distractions that confuse users and hamper their effectiveness.

 

4. What do you think is the most pressing cybersecurity challenge facing companies today?

 

Where to begin? We could talk about the need to secure increasingly distributed processes and workflows. Or, we could talk about the accumulation of layered defense products and the resulting explosion in false positives. Obviously, one of those problems is fairly general and the other is more specific. So I’m going to focus on a problem that is treated as general but in my opinion is very specific – and pressing. I’m speaking about resource optimization. Not just how we buy and deploy cyber technology, but how we select, train and deploy our people who are expected to use it. Staffing shortages are not going to be resolved anytime soon. Demand is outpacing supply, so something has to give. If I had a dollar for everytime I heard someone talk about the need for cross-functional collaboration I’d be rich. And that's the problem, it’s a lot of talk that often seems void of meaningful action. For example, the latest solutions deliver automation that provides organizations an opportunity to quickly eliminate outdated workflows and reassign staff to more meaningful work. They also provide a common data foundation that can and should be shared across departments. Staff who use these tools are naturally upskilled and quickly benefit as professionals, but are their new capacities being recognized by leaders, re-coordinated, and leveraged? I could go on here, as it’s a subject I’m passionate about. Let me just say that in light of the dynamic nature of the threat, professional roles and their collective responsibilities-mix must evolve. Cybersecurity is a team sport. To effectively run the right plays, we need to develop some new formations.

 

5. Segmentation is an essential industrial cybersecurity control, but traditional means of segmenting industrial networks are prohibitively costly. What are the next trends in your industry?

 

The network segmentation solution market is being disrupted. Legacy solutions with visibility to both managed and unmanaged assets can actually work, and new solutions that take an altogether different approach are emerging. You used the phrase, “prohibitively costly” and so the disruption I’m referencing shouldn’t be surprising. Because there isn’t enough room in this interview to provide a comprehensive answer, let me just point out what’s changed: Visibility to assets is now available. And it is available from claroty at a level of completeness that isn’t always fully appreciated. Its not just about asset discovery and some attribution anymore. “Clarotyvisibility” now includes asset utilization, authorized workflows and, notably, appropriately vetted security policy baselines. Claroty now auto-generatesdACLs and passes them via meaningful integrations to segmentation products.What I just described dramatically accelerates traditional approaches. However,when that same intelligence can be stored at the access switch layer, which is what the disruptor’s solutions are now doing, segmentation can occur as devices connect, meaning a basic level of segmentation can be achieved in days to weeks versus months to years. Now the truth is, that baseline will require refinement, but the policy rules-effects can now be studied in simulation tools to eliminate potential disruptions. Claroty also provides this capability. As a practical matter, I believe the right approach to segmentation will tend solely on a combination of legacy approaches, visibility-enhanced VLAN hygiene improvements and the real time solution I just described. But enhanced visibility is and will remain the common denominator. It’s why segmentation initiatives are no longer science projects, but scopable and achievable undertakings.

 

6. No industrial network is immune to threats, so how Claroty detect and respond to the problem quickly and effectively when they surface is imperative?

 

Effective threat processing is a function of how much you know about your connected landscape. In terms of the details, t definitely a case where “more is more.”

The more granular our visibility to assets is,the more timely, accurate and complete our threat correlations will be. If I don't know asset serial numbers and location, then I can’t process a product recall very effectively. If an OS vulnerability has been detected and I don know which devices are running that OS and their location, then a quick response is not possible. Knowing the status of an asset (e.g., disconnected, connected, in-use) is also critical, as decisions about when and how best to take an asset out of service is clearly important. Claroty provides unmatched visibility and our threat research organization, Team82, is committed to privately reporting and correlating vulnerabilities for clients and affected vendors in a coordinated, timely manner. In other words, we’ve got all sides of the threat processing problem covered, with the exception of the bad actors themselves. We’re still working on that!

leave a reply