However, how quickly a platform is introduced depends on the customer themselves, their company, their use cases, their existing contracts and so on. We also strive to reduce costs to encourage customers to migrate and simplify their platformization process. In addition, we must not lose sight of the fact that a cybersecurity approach must be comprehensive – after all, we are talking about a global chain.
When it comes to the cost structure of the solutions, Palo Alto has a reputation for offering powerful but expensive technology. What do you say to that?
Reisinger: Compared to the level of protection we offer our customers, our technology is not that expensive. On the other hand, the costs also reflect all the innovations that are in our solutions.
How do you assess your main competitors – especially Fortinet and CrowdStrike?
Reisinger: The cybersecurity market is fragmented, but we are the market leader. Nevertheless, we have to convince people anew every day.
The current, extremely turbulent geopolitical climate is having a significant impact on security and customers’ IT purchasing decisions. Does this also have an impact on your company, which is a US player operating in Europe? Or to be more specific: Are you observing a trend towards local options among public sector customers?
Reisinger: CISOs with a lot of responsibility know that a wealth of telemetry data is essential for effective protection. That’s why we’re not seeing any decline in demand. In addition, each region and country has its own legal framework and regulations, which we fully respect. In fact, we were one of the first companies in the world to sign the European AI Act. We have also secured the relevant national certifications.
Our view of sovereignty is that we need to find a balance between ‘perfect’ and ‘zero’. When we talk about sovereignty, we can refer to hardware, for example. On this issue, we must accept the interdependence that exists between different global markets – for example in the area of chips. On the other hand, when we talk about data sovereignty, it is something that can be easily achieved.
We implement the Bring Your Own Key policy for many customers to ensure that telemetry data sent from their devices is encrypted and protected. We are not interested in accessing personal data that our customers work with. We only use telemetry, application identity, user and device data. This is precisely why we were able, for example, to detect the attempted compromise via SolarWinds, even though it was carried out with the help of machine learning tools.
Speaking of the threat situation: In your opinion, how does the current war in Iran affect this?
Reisinger: Our Unit42 team recently published a report outlining how the military offensive launched by the United States and Israel has activated the Iran-aligned cyber ecosystem. This created a scenario of digital confrontation that has an impact far beyond the region and combines hacktivism, political campaigns and pressure on critical infrastructure.
In this context, the issue of sovereignty is relevant again. Or the question of what companies can do if their infrastructure is bombed, for example. The question is what the concept of sovereignty means in an emergency situation. Some of our customers in the Middle East are already rethinking their sovereignty strategy due to this situation. Ultimately, it becomes clear that the concept of sovereignty is fluid.
“We must prevent AI from suffering the same fate as other technologies”
Looking to the future, we face significant challenges in the area of IT security as the post-quantum era approaches. How do you see this – and what are you doing in this area?
Reisinger: We are already in the preparation stages. For example, we launched Quantum Safe Security to help companies prepare for the post-quantum era. Because the big question that scientists and experts are currently asking is when ‘Q-Day’ will occur. The estimates are roughly between 2029 and 2035. In addition, the integration of CyberArk’s technology into our platform will help ensure that the credentials used by machines cannot be decrypted or compromised by quantum computers. In the future, cybersecurity must be real-time, highly automated and simple for customers – or, as we call it, modular platformization.
What do you think is currently the biggest challenge for IT security decision-makers and CISOs?
Reisinger: Definitely shadow AI. We must prevent AI from suffering the same fate as other technologies in the past – keyword shadow IT. AI implementations must go hand in hand with robust cybersecurity. The same applies to AI and identity management.
Another problem is the fragmentation of solutions: I recently spoke to an executive from a large European bank. During the conversation it emerged that the institute uses 60 different solutions. The gaps between these systems are an invitation for attacks. (fm)
This article is im Original published by our Spanish sister publication Computerworld.es.
