Pierre-François Guglielmi, Rubrik: Preparing for cyberattacks remains essential for CISOs to adopt a good posture in the face of cyberattacks
April 2023 by Marc Jacob
At FIC 2023, Rubrik will present these new features, such as Rubrik Zero Labs, its new cybersecurity research entity and its specialized team called the Ransomware Response Team (RRT). For Pierre-François Guglielmi, Field CTO EMEA of Rubrik, preparing for cyberattacks and its technical part remains essential for CISOs to adopt a good posture in the face of cyberattacks.
Global Security Mag: What will be your news at the International Cybersecurity Forum 2023?
Pierre-François Guglielmi : In terms of recent news since the beginning of the year, we have had several big names in cybersecurity who have strengthened our board of directors, such as Mark McLaughlin, former CEO of Palo Alto Networks and John W Thompson, former president of the board of directors of Microsoft and the former CEO of Symantec. Last winter, Rubrik also announced the launch of Rubrik Zero Labs, our new cybersecurity research unit, whose mission is to analyze the global threat landscape, report on emerging data security issues, and provide organizations with the research-based best practices for securing their data against the growing threat of cyber events.
Global Security Mag: What are the strong points of the solutions that you are going to present on this occasion?
Pierre-François Guglielmi : At Rubrik, in terms of technological solutions, we have 3 distinct pillars: data resilience, data observability and data recovery, which allow us to offer solutions to customers and build an appropriate response plan. These 3 pillars are encompassed by the Zero Trust Data SecurityTM architecture, an architecture concept dedicated to strengthening security, which is the first point highlighted by us.
Rubrik has a specialized team called the Ransomware Response Team (RRT), a working group specializing in ransomware recovery. Rubrik RRT’s virtual team is made up of experienced individuals and is comprised of seasoned critical incident managers and support staff available 24/7.
And then finally, as mentioned above, we launched our cybersecurity research entity Rubrik Zero Labs which is led by the former vice president of Mandiant, Steven Stone.
Global Security Mag: This year the theme of the FIC will be Cloud Computing, what are the main cyber threats to the Cloud?
Pierre-François Guglielmi : First, the cloud is no less prone to cyberattacks. Unfortunately, it does not protect itself automatically. The danger is to think that not to secure its environments under the pretext that it is in the cloud, and that the cloud provider secures its infrastructures. It is the customer’s responsibility to protect and secure their data in the cloud. And there would be no reason not to do it in the cloud. With solutions to fight against cyber attacks in the cloud, we end up with a better seal against risks.
Global Security Mag: What are the advantages of Cloud Computing?
Pierre-François Guglielmi : With the cloud, we can more easily find a variety of services, whether with cloud service providers or with third-party solutions. It’s also easier with the cloud to find managed services. These can add an extra layer of security because customers do not have access to these services and infrastructures, creating a separation in their responsibility and therefore an additional barrier to cyberattacks.
Global Security Mag: How should technologies evolve to counter these threats?
Pierre-François Guglielmi : There is a simple way to develop technologies: the various cyber and cloud solution providers such as cloud service providers, software publishers and suppliers must be as close as possible to what is happening on the ground. Indeed, exchanging with customers and receiving feedback from those who have been affected by an attack, makes it possible to enrich knowledge on these subjects and have an eye on how the situation is evolving. Thus, the IT and security teams can take note of the various comments and experiences to evolve the solutions.
At Rubrik, we launched our cybersecurity research entity, Rubrik Zero Labs. Our teams are listening to conversations shared with IT or cybersecurity leaders, listening to what they see, threats on the market in the face of these cyberattacks, but also those who are preparing for these attacks. Monitoring the evolution of threats and groups of cybercriminals is essential for the evolution of a company’s product roadmap.
Global Security Mag: In your opinion, what place can humans have to reinforce the defense strategy to be deployed?
Pierre-François Guglielmi : Firstly, as mentioned above, it is necessary to be as close as possible to what is happening on the ground. This can result in different ways. It is not just surveys that can provide important information to strengthen the defense strategy to be deployed, but there are also conversations with CISOs, management teams in order to know how to advance and strengthen these defense strategies.
General safety education and awareness by employees remains important. Good support for employees with security training, for example, also remains a means of advancing people at the heart of corporate protection. At Rubrik, the “Save the Data” workshops are awareness workshops aimed at individuals to raise awareness of several important points with regard to the protection of companies.
Global Security Mag: What message would you like to convey to CISOs?
Pierre-François Guglielmi : Preparing for cyberattacks and its technical part remains essential for CISOs to adopt a good posture in the face of cyberattacks. Moreover, it is important not to neglect the solutions that make it possible to recover from an attack and continue to rely on security solutions. Regardless of the security layers on the infrastructure, it is necessary to have cyber-resilience solutions and this remains a step that is part of the preparation.
Finally, the development of a crisis plan is essential in order to be better prepared on D-Day. For example, setting up a crisis unit, a trust unit and above all involving HR means having the right reflexes to best counter attacks and prepare for them. Another important point for CISOs: do not forget to manage and maintain the classification of sensitive data, thus reducing the risk of non-compliance with regulators.