Despite a dearth of highly-qualified IT security specialists overall, the availability of new opportunities for innovation should make it easier for novel security companies to bulk up their Australian and regional employee numbers, the recently appointed Asia Pacific general manager of nascent security provider Cylance has predicted.
After around six months in stealth mode, venture capital-backed Cylance – a nine month-old company whose Presponse product and service capabilities will be rolled out over the year – recently opened a Sydney office from which regional GM Paul Wilcox and his evolving team will service the entire Asia-Pacific region.
Presponse, which examines binary or DLL files for telltale characteristics of malicious behaviour, had shown a “near perfect” detection rate in trials and customer beta testing to date, and would soon ship to into a market where innovative security tools have rapidly appeared in response to the dangers poised by targeted advanced persistent threats (APTs).
“We’re not picking things apart or detonating them,” Wilcox told CSO Australia. “The approach we’re using is more actuarial: we might look at 10,000 characteristics we determine that might be bad, then plot a piece of code at a certain point on the map and determine that it’s a threat or not.”
“We only need 100 characteristics to make a good decision, although if it gets hard we may need a thousand. And we can escalate it to the cloud if we need to. We’ve got a group of people going out there, sniffing out what’s going on out on the Internet, and looking for vulnerabilities.”
Cylance made waves last month with the high-profile discovery that building control systems at Google’s Sydney headquarters were open to exploitation because they were running an outdated version of Honeywell’s Niagara framework that allowed the extraction of usernames and passwords.
While that area of security “wasn’t something we sat down and did the business plan around,” Wilcox said the subsequent uproar – and revelations that countless other companies were similarly exposed – had reinforced the importance of building-systems integrity in most companies’ overall security postures.
“Whereas historically one might have thought that would be limited to critical [utility] infrastructure, it appears that it plays out to the broader enterprise market,” he explained. “Pretty much everybody has one.”
Such notoriety may have raised the company’s local profile, but it also highlights what Wilcox believes is a culture of innovation – reinforced by the Presponse system’s attempt to “skin the cat in a different way” – that will put him in a strong position when recruiting IT security specialists to bulk out his regional operations.
Although Australians “gravitate towards new technology a lot quicker than most,” he said, anecdotal reports of IT security skills shortages were real. “The elite top echelon of employees that companies like us are looking to grab, is getting harder to find,” he said. “A lot of them are going overseas and taking positions elsewhere.”
“However, we’re fortunate that the cutting-edge stuff we’re doing tends to attract people a bit more easily. The ones that are really on the cutting edge, and have really acute minds, are looking to jump into a company like ours. Since we announced what we were doing, I’ve gotten a lot of phone calls from a lot of really good people who want to know what they can do.”