Tanium’s Erik Gaston on Most Common Cybersecurity Misconceptions

Tanium’s Erik Gaston on Most Common Cybersecurity Misconceptions

Interview by Maja SkokleskaMaja Skokleska
Published: April 06, 2023

Who Is Erik Gaston

Erik Gatson is a thought leader and business development executive with over 20 years of experience helping companies across industries achieve rapid transformational IT growth. He currently serves as the VP of Global Executive Engagement at Tanium, an endpoint and managed security solution designed for leading organizations to manage and secure their endpoints against the growing attack surface.

Did you know that between 2013 and 2016, Yahoo was exposed to a cyberattack where three billion accounts were affected? The company’s slow reaction cost it a $35 million fine and 41 class-action lawsuits.

Companies like Microsoft, Facebook and LinkedIn have also experienced some of the biggest data breaches in US history.

This implies that all organizations, no matter how big or small, are exposed to cybersecurity risks.

The consequences: theft of valuable, sensitive data, damaging personal consumer information and potential loss of reputation.

In this interview, we speak to Erik Gaston, VP of Global Executive Engagement at Tanium, to address the most common cybersecurity misconceptions. We also dive into how organizations can educate themselves to better understand the risks and best practices related to defending their systems, networks and data from malicious attacks.

Tanium logo

Spotlight: Ensuring cybersecurity for organizations is a significant IT challenge, particularly as they expand and become distributed. In your experience, what are the biggest issues that companies face, and why is technology crucial in mitigating these risks?

Erik Gaston: Cybersecurity became a much bigger challenge for organizations, especially in the wake of the pandemic when employees went home to work, testing legacy architectures that built most industries.

As a result, the edge of our network has become convoluted and hard to define, especially as we continue to add more devices, consume more third-party SaaS solutions, and produce more data than ever before on the device.

The issue most companies are facing is the basic fact that many of the point solutions and processes that we used to rely on have become irrelevant, forcing CIOs, CISOs and Boards to redefine their strategies to meet the demands of the expanding attack surface and mitigate risk.

This is done by taking an outside-in look at your network in real-time and asking yourself, “What do we look like to an attacker?” To answer this, it is critical to have well-integrated, portable, modern platform solutions that allow you to orchestrate real-time data on fewer control planes, giving teams across security management and IT operations command and control of every endpoint and common language around threats and incidents.

What are some common misconceptions about cybersecurity? How can businesses educate themselves and their stakeholders to better understand the risks and best practices?

There are several common misconceptions about cybersecurity. The biggest of which is a business leader believing their participation in the space isn’t necessary. As a result, organizations that do not seek close alignment with LOBs, CIOs, CISOs and their teams, operate with the mistaken assumption that the security team is responsible and accountable to manage business and reputational risks daily, among other things.

This could not be farther from the truth as it needs to be a shared responsibility. Business stakeholders need to understand the impact of having poor IT hygiene & carrying too much technical debt, or the ramifications of a debilitating security breach.

The reality is that the “blast radius” of an incident directly affects them and their customers. It is critical that they know the correlation between IT and business risk and work with security and IT operations leadership to ensure programs are properly funded to address these risks.

Let’s talk about the Tanium XEM platform. What is its capacity to safeguard teams, endpoints and workflows from major attacks?

The Tanium XEM platform provides customers with full visibility, team alignment, control, and response of every endpoint in their environment. XEM is the only platform in the market that allows teams to perform complete endpoint discovery in real-time, in-depth assessment, prioritization and cross-platform remediation all from one lightweight agent.

By having a single source of truth across IT security and operations, teams are able to see real-time anomalies and changes, allowing them to act before a situation becomes a much larger issue.

Additionally, the XEM endpoint addresses hygiene needs, ensuring that your hardware, software, and data are always up to date. We know that most vulnerabilities happen on assets that are not patched or out of date and we encourage customers to be proactive with updates.

You work with large enterprises like Barclays and Whirlpool. How do you ensure your clients’ data are protected and their privacy is maintained?

A customer’s data is the most important asset to protect. Tanium was purpose-built to address all modern data privacy regulations and has a long history of working with the most regulated industries at scale including Financial Services, Healthcare and Federal. We have been following and meeting the data privacy needs of each industry and customer since inception.

The platform itself is tuned to give a real-time view to customers with the understanding that having fresh data is critical to meeting the demands of today’s security teams. Tanium as a solution is built around data privacy and allows customers to have control over sensitive data to easily adhere to regulatory guidelines.

Recently, your company introduced the Tanium Certificate Manager feature. What is its function and how does it assist users?

Tanium XEM can help prevent service downtime and save hundreds of hours of operational work by discovering your certificates, sending alerts when they are expiring, and identifying where you are most vulnerable.

Announced just earlier this month, the Tanium certificate manager delivers complete visibility on the location, health, and status of your certificates from across your IT environment. It identifies the location of stored certificates and provides a faster, more accurate view of certificates across endpoint estates.

The certificate manager also ensures IT and security teams are confident of certs authorized Certificate Authorities (CAs). Additionally, it delivers strong, secure communication to help quickly find non-compliant certificates that need to be replaced, such as those with short key lengths or weak hash algorithms that could compromise the connection and allow traffic to be decrypted.

Many companies have shifted to remote work in the past three years. How does Tanium support remote workforces and ensure that endpoints are secured, even when users are working from home or outside the corporate network?

The move to fully remote workforces during the pandemic challenged most of the architecture that traditional industries were built on. Tanium’s unique ability to discover every endpoint or asset connected to a network through its linear chain architecture allows companies formerly struggling with these deliverables to effectively deal with the challenge confidently.

Tanium helps teams find and understand how many assets they have, what is running on them, where they are located and what data is coming in and out of each asset in real-time. Its bi-directional agent enables teams to push updates and quarantine assets if they pose a threat or carry significant risk.

What recommendations would you provide to budget-strapped businesses to reduce their cybersecurity risks?

When budgets are tight, great becomes the enemy of good. When it comes to cyber, it is important to do a few things to weather tough times:

  • Ensure your processes are up to date following the pandemic. Everyone on a team must know their roles and is “training like they fight” every day in the space of cyber.
  • Take an integrated platform approach to your tooling. While tools are critical to our teams and the ability to detect and respond to cyberattacks, there is an endless amount of money a company can throw at tools in the space. As a result, what we have proven is that the old method of “spray and pray'' is no longer effective when it comes to cyber tooling. Instead, find tools that complement each other, integrate easily, and allow teams to manage across different environments without a lot of change. Having a single control plane for each key domain area is important, as it helps create a common language across departments, which is critical during an incident.
  • Focus on Hygiene! When it comes to cyber, the best defense is often a good offense. Keep your estate and assets up to date and relevant, especially with patching. Always know where your assets are, and what data they are producing, and ensure they are always in the best possible state.

Many experts believe that AI chatbots such as ChatGPT are assisting hackers in their nefarious activities. What is your take on this?

Unfortunately, this is becoming truer by the day. While ChatGPT and AI chatbots are fascinating technologies, there are cases where we are clearly seeing they help cyber criminals in their pursuit to be disruptive.

AI technology enables hackers to scale and drive more velocity through their businesses to deliver more sophisticated attacks. They can now go far beyond their own natural abilities with the use of AI bots in this space. While AI itself is useful and critical to advance technology evolution and legitimate business, we still must be conscious that an agnostic technology can be used for both good and evil.

Finally, what cybersecurity trends or new developments can we anticipate this year?

In 2023, be on the lookout for a few things:

  • A move from ransomware to extortion. As cyber criminals seek to drive recurring revenue models in their businesses, we are seeing a trend from ransomware to heightened cyber extortion.
  • An uptick in the recruitment and placement of cyber talent to the Board of Directors. BODs are becoming increasingly accountable for the cybersecurity measures and approaches of the organizations they govern. In 2023, the US Securities and Exchange Commission is expected to complete a proposal to require companies to disclose details about cybersecurity oversight and attacks, including which board members have security expertise. As a direct result of this requirement and the growing argument for accountability in all boardrooms, the recruitment of seasoned cyber professionals will increase.
  • Cyber Insurance is going to be a hot topic for 2023. With breaches becoming more frequent, attacks stronger and the ramifications of an attack more severe on victimized organizations, more interest is being shown in cyber insurance.

Thank you for your time, Erik Gaston. Best of luck to you and Tanium!

Keep up with Tanium on LinkedIn and read about other successful businesses here.

Subscribe to Spotlight Newsletter
Subscribe to our newsletter to get the latest industry news