As part of the Cisco Investments team, I‘ve had a number unique opportunities to interface with leaders across several domains. The global startup landscape is vast and includes many of the solutions that we are using every day in the new, borderless enterprise. I’m talking about collaboration tools, IoT, artificial intelligence, and perhaps most importantly, cloud and security. One theme I’ve heard again and again, is that the attack surface has shifted from on-prem to the cloud. Our own security experts agree.
“The cloud is the new frontier for cyberattacks,” says Raj Chopra, senior vice president and chief product officer for Cisco Security. “To better support the security needs of our customers, we need real time visibility into what is happening on the cloud from early detection through to remediation.”
To this end, Cisco Investments has made a series of investments in response solutions, one of those being Gem Security, whose purpose-build Cloud Detection and Response (CDR) platform significantly shortens the time to detect, investigate, and contain cloud-native threats. CDR is an emerging category that holistically addresses the entire detection and response lifecycle for multi-cloud, including Cloud Investigation and Response Automation (CIRA).
I recently sat down with Arie Zilberstein, CEO and co-founder of Gem Security, to discuss their solution and how it fits with Cisco’s security goals.
Gem’s founders have spent decades in security, particularly in incident response. What they realized, while investigating cybersecurity incidents, is that the cloud was a vulnerability. More and more of the attacks were happening in the cloud, and there wasn’t a good solution for enterprises to see, detect and respond to incidents in real time.
Cloud Pain Points
One of the major challenges in cloud environments is the lack of real-time visibility. Without the ability to see what is happening in these environments, it becomes difficult to answer basic questions about user activities, their intentions, and the methods they are using. This lack of visibility can create opportunities for malicious activity to go unnoticed and can lead to late threat detection, only being discovered after significant damage has already been done. As a result, response times are slowed down, as it takes longer to understand the full extent of the situation and take necessary actions to mitigate harm. Gem recognizes this need for faster and more efficient incident analysis and response in real-time, offering a solution that helps prevent further damage.
Filling in the Gap
Gem bridges the gap between traditional security solutions and newer approaches like extended detection response (XDR) solutions. Many existing detection/response tools, like XDR, focus on endpoint and network telemetry but are not tailor-made to handle the dynamic and complex nature of multi-cloud environments. Most cloud security solutions today focus on security posture but aren’t built to enable a security operations team to address real-time threats. These themes were clearly evident in Cisco’s 2023 CISO Survival Guide: Emerging Trends from the Startup Landscape. The Cloud Native Application Protection Platform (CNAPP) concept, which addresses the “left side of the boom,” does not go far enough. Tellingly, 74% of CISOs identified investigation capabilities and lack of visibility in the cloud as top technology challenges. Other top pain points include high spend on cloud security monitoring with no visible ROI, cutting through the noise from multiple cloud logs, and lack of cloud security skills and expertise.
As we found in the Guide, this clearly demonstrates that the modern security operations center (SOC) needs “to seek dedicated real-time and ‘right-of-boom’ solutions which address the issues of cloud detection, investigation, and response.” The lack of real-time visibility results in blind spots and challenges for security operations teams in monitoring and responding to incidents. Gem recognizes the need for a solution that provides the necessary capabilities to effectively address security incidents in real-time, and its innovative platform redefines security operations for the cloud era with CDR.
Gem in Action
Despite having only launched in early 2023, Gem is already helping secure cloud operations for dozens of global organizations in diverse verticals including financial services, hospitality, healthcare, manufacturing, energy, and technology/software. With a customer base that includes several Fortune 500 companies, Gem addresses their challenges by closing blind spots, streamlining detection engineering pipelines, and significantly accelerating incident response. With the existing cloud security posture solutions and the ‘Shift left’ approach, customers are required to deal with thousands of alerts that are pointing to potential vulnerabilities and misconfigurations. But, with Gem Security and the ‘Shift Right’ approach, customers can focus on fewer alerts per day that address issues happening in real time in the production environment.
Fitting with Cisco
Gem is specifically designed to seamlessly integrate with widely used SOC tools and complement existing Security Information and Event Management (SIEM), and XDR solutions. Gem’s CDR platform provides deeper insights and expands the possibilities within the cloud environment. Gem acts as a bridge between a comprehensive XDR solution that handles detection and response across different domains and the requirement for a specialized cloud-focused solution.
The Future of Gem
As cloud technology continues to play a vital role in infrastructure, the importance of CDR is also increasing. Cloud adoption continues to accelerate, and CDR is positioned to expand into a vital component of the security operations center of the future. The recognition and growth of CDR reflect the growing need for efficient and automated solutions to address security incidents in the cloud.
Watch the entire video interview below:
To learn more about Gem Security, contact us at work-with-cisco-investments@cisco.com or visit www.gem.security.