Interview Security

Compliance is Necessary but it Lags Behind the Innovations of the Bad Actors

Started in 2007, Lookout has got presence in all the regions including Asia Pacific, Europe, Middle East, and North America. The moto of the company is to help enterprises by providing combined solution of access and detection. We spoke to Aaron Cockerill, Chief Strategy Officer, Lookout, to know his regional strategy. An Excerpt.

Briefly tell us about Lookout

Originally it started in 2007 focusing on mobile security of individuals or personal mobile devices. We received quite a bit of interest from corporations and large businesses seeking to offer security on mobile phones, and in 2016-time frame, we introduced the ability to secure enterprise phones and tablets on all OS including iOS, Android and Chromebooks. Then we started offering security for enterprises for all mobile devices through integration with EMM solutions. The way our product works till today is ‘we secure enterprise data and protect it from being accessed by a device that may be potentially compromised’.

If you think about the way that modern operating systems work like iOS, Android and Chrome, they all run applications in isolation and they don’t allow easy modification of the operating system unlike more traditional operating systems. These devices are typically battery operated. We could not scan or do what a typical antivirus solution would do, so we focused on protecting the corporations’ data since they were seeking to achieve. Therefore, our solution has always been focused on protecting corporate data from it being accessed by corporate devices. We have larger growth more recently and expand it into securing SAS applications, corporate private applications and securing access to the broader Internet like a secure web gateway.

Now that people are working in hybrid work styles – working from home or working from anywhere, we are able to offer security across all of corporations’ infrastructures, whether it be SAS applications, privately hosted or on cloud and across any operating system.  

What is your competitive advantage and how do you differentiate from the competition?

What Lookout really excels at is determining risk and then protecting data, based on that risk. We have an integrated solution for devices accessing the Internet. We are able to filter out malicious attacks, phishing attacks, and so on. Whether the employees are connecting from home or connecting from the workplace, it doesn’t matter where they’re connecting from.  For us, we have the ability to monitor that connection to access the sensitive data. Similarly, when a user is accessing a SAS application – say Salesforce or Workday or Office365, we filter and control that access either from on-Prem or from cloud, we apply both data protection policies and anomaly detection policies across all of those different channels of communication, regardless of the device or networks the user is using. So, the big differentiation from Lookout is we allow you to do a centralized management of data protection policies and security policies for any device connecting from anywhere and consistently monitor no matter what application or data set you’re accessing. We have a better assessment of that risk because we look at all the different types of devices that are accessing the data or extending into the mobile set.

Most corporations have the ability to determine if there is malware on endpoints. In most cases, they simply try and remediate that endpoint but what we do is when we determine that there’s malware on an endpoint, we control access over all of the channels.  By implementing that controlled access, we downgrade the access, but do not cut it off completely. We have a centralized ability to apply data protection and security policies across all the different types of infrastructure that a corporation may have, and then we can ultimately provide access in any scenario to the infrastructure, the corporation needs to do business.

“Lookout really excels in determining the risk and protecting the data based on that risk.”


What are the challenges for the CISOs in various geographies? 

Not only we focus on providing access to infrastructure and accessing risk, but we also have threat intelligence capability. We have our own research into threats and attacks. So, we see different threats in different geographies.

In North America, we see the trends around ransomware – that is pretty global and threat for every region though. But specific to North America, the number one concern is ransomware at the moment.  and the responses that we see from the CISOs tend to focus on the detection of the ransomware and Malware. One of the things that we see from the ransomware perspective is that it’s not about just the encryption of the data to disable that business but it’s all about the theft of that data. By the theft of the data, the bad actors gain leverage over the corporations because they threatened them to sell the data or make the data public and that compels the businesses to pay the ransom. So, ransomware is the big problem for the North America across both small business all the way to very large enterprise.

In Europe, we see also ransomware, but we’ve seen a lot of financial fraudulent attacks. We have seen applications that masquerade as a real banking application and encourage you to do financial transfers. Therefore, the individuals and companies end up in having funds stolen. We also see a lot of financial attacks trying to impersonate the organisations that had paid financial aids during the pandemic. So, a lot of social engineering attacks happening as people were struggling through the pandemic and working from home in general.

In Asia too malware and financial attacks are observed but then in Asia what we see a lot more in general phishing and social engineering attacks. So, attacks around trying to exfiltrate data, trying to get employees to do things that they would not normally do. A common mid-market attack for example is bad actors masquerading as a supplier into another organization and requesting for the accounts payable system to pay money into a different account and that results in the bad actors receiving payments for the services rendered by the original vendor.  

“It is a fact that most companies had to take a greater level of risk in order to enable the remote workforce and enable hybrid work style.”

How do you help your clients who are struggling for lack of skilled manpower?

This has been a struggle in our industry for many years and it has been exacerbated. It’s gotten worse in the last couple of years. What I see from most customers is that it’s a combination of a lack of skills – especially for the corporations into IT who are focused on security that existed even before the pandemic. But then what happened was companies had to rapidly move their applications to the cloud and rapidly enabled remote workforces. For example, opening up VPNs to all the employees to allow home computers to connect to the corporate networks, effectively bypassed the corporate firewall. And all of a sudden, the security infrastructure had thousands of tickets to say that all of these devices are now connecting into the network and it was a very scary time for a lot of IT organisations. So, it was not just the lack of skilled personnel, but most companies had to take a greater level of risk in order to enable the remote workforce and enable hybrid work style.

Most of the countries have recovered and brought back a good number of people to the offices but we also see so many companies have moved things rapidly to the cloud. They don’t have a good understanding of their overall risk along with the resource gap, there has to be reassessment vis-a -vis understanding risk in the new situation.

To my understanding, security companies need to be better at solving the problems of the customers instead of alerting them. I think we can do much better from a security vendors perspective by having better automation and integration with tools across the company’s infrastructure. So instead of alerting, we actually have to take automated action so that the security personnel aren’t inundated with alerts.  

Secondly, I see that happening through the channel. We are seeing an increased in Managed Security Service Providers (MSSPs). That’s a good thing because especially the mid-market companies can’t afford to hire people. These are the two things that I see will help address that situation of lack of skillsets.

Whether compliance-based cyber security poster is better vis-à-vis the need-based security posture?

As a general rule regulations and compliances aren’t able to keep up with technological advances. So, I don’t think that simply complying to regulations gets you protected from ransomware or malware. Obviously, compliance is necessary for the regulated verticals and but unfortunately it lags behind the innovations of the bad actors. Regulation does not protect you. It is the minimum bar. The CISOs that I talked to are very concerned about how to protect their organisations beyond regulations that will protect them.

What is the kind of investment you have in Middle East?

 It is an important market for us. We’ve made considerable investment to be on the ground supporting in the Middle East market. We also see many of our customers – multinationals – having presence in this region. For example, we filter Internet use on devices, whether you’re at home or at work. As it turns out, the filtration of the Internet for most organisations is very regional. So, what you would filter in one country is different to what you would filter in a different country. So, we had to address those capabilities specifically for the Middle East. We also had to address from a product perspective as most regional governments have some level of a requirement for data sovereignty. Our threat intelligence relies heavily on the ability for us to gather anonymized telemetry from all the devices we protect. We’re able to see, for example, if any device having the same physical hardware, it has a different operating system. We look at hundreds of indicators of compromises across a device to see if it’s been compromised.

If we see devices with an anomalous fingerprint from operating system perspective then we question whether that device has become compromised. It almost as crowdsourcing anomaly detection for questionable firmware on a device. We need, however, to maintain that information specific to different regions when it comes to data sovereignty. So, one of the big requirements around this was specifically out of the Middle East. We had to design a way that we could exchange that information yet still isolate the information so that it was never left the Middle Eastern borders or never leaves the EU and so on for compliance with GDPR. So, we have focused on enabling business in those regions, even though we’re able to aggregate the data from an anomaly detection standpoint. Then, obviously, we’ve also done considerable localization to specific languages in Asia, Middle East and Africa, etc.

So, it is an important market to us from both local market and multinationals perspective that we service having points of presence in these regions.

What is your commitment to the region in terms of support?

We have regional support in all of the regions as we have physical presence but since we sell through the channel partners, typically the first level of support comes from the channel partner. 

As a CTO where do you want to see Lookout a leader brand?

I think the most important thing we’re doing is we are combining the access to data with a company that excels in threat detection. If you look most companies that provide access to the infrastructure, they rarely have any threat research capability. If you look at the security companies that are focused on threat research, they rarely have the ability to provide access. We’re combining those two things. I think that is really important because it is going to differentiate us in the area of automation.

Today if you choose a best of breed product to identify threats, you have to then integrate that into the tools that control access to your data. In our industry, unfortunately, integration between those tools is pretty poor. So, if you want to automate the protection of your data because it’s difficult to get trained security personnel and you want more quickly address breaches, in our opinion, you need to have the company that’s looking for threats able to actively respond to protect your data. And I don’t think it’s possible to do that effectively through integration between several companies. We believe that it is far more effective to have the company that delivers your data, also be the company that protects it. So, we think that that will be a significant differentiator for us over the coming years.

What is your expectation of growth for this fiscal year?

I would say that India has been the fastest growing territory in personnel for last couple of years. Now we do not have any development in Africa. We look at Middle East for commercial activities. I see the growth to be increasingly decentralized. We are hiring people with the right skill sets as opposed to be in the right place. We continue to work in a hybrid work style, and we found it to be productive. We want to have people spend more time in an office but for innovation, working together and solving problems as a group, not necessarily to come in and simply work in a cubicle.

We do have targeted hiring in in specific regions, but it is not restricted to any cities or any site. I would like to see that if we find right people potentially in Africa or in the Middle East, they are going to be working from anywhere.

Related posts

NinjaOne and SentinelOne Join Hands to Enhance Risk Mitigation and IT Security

Enterprise IT World MEA

AI-Driven Attacks expected to surge in 2024: Trend Micro

Enterprise IT World MEA

Tenable Ranks #1 for Fifth Consecutive Year in Device Vulnerability Management

Enterprise IT World MEA

Leave a Comment