Meeting Jeff Paine, CEO & Founder of ResponSight in Sydney, overlooking Bond Street, he soon explained why he shows so much enthusiasm and positivity. He has a unique and leading approach, and based on his 20 years’ experience, he knows it is greatly needed.
“ResponSight looks very, very, closely at the link between the user and the piece of technology they’re using,” Jeff explained. “Our differentiator is the end user behaviour, rather than just operation systems, or what the hardware and applications are doing.
We know from hacker activities and knowing the behaviours of threat actors, we know they can make the machines lie when they’re compromised. I’ve also seen this over my ten years’ experience in red teaming, penetration testing and security assessing. ResponSight’s approach is more objective, by not providing machine data, but instead the relationship between the user and their activity on that machine.”
“The GDPR crystallises the fact that companies have been too comfortable collecting too much data for too long, and now they risk a spotlight shining into the shadowy corners of their data collection and management practices.
The reason many enterprises have collected data historically is simply because it could be collected, not because it was necessarily needed. This has resulted in a scenario in which many organisations don’t know what data they have, where it is stored, or how to manage or delete data. The introduction of Australia’s Notifiable Data Breaches scheme places further pressure on enterprises to rapidly mature their data acquisition and management practices.
My message to all businesses is to not collect data you don’t need in the first place. Further, establish strong data deletion policies so you don’t keep unneeded data after the fact, and don’t use data without consent from the data subject.
If your business operates globally, rather than doing one thing for each region and legislation, look at the GDPR as the benchmark and invest in solid privacy practices. Even in the absence of regulation, the notion of data control and distribution is a growing concern for consumers, and organisations need to be on top of it.”
ResponSight comprises three key elements, the ResponSight Collector, ResponSight Aggregator and ResponSight Cloud Service, each working in conjunction. “By combining large volumes of raw numerical telemetry and selected metrics, it’s possible to build activity and behaviour profiles about users and their devices, without ever knowing who that user is or what that device is.” The ResponSight Collector on the end point device itself, is looking at pure telemetry, the metrics and numerical statistics of what the end point is doing. The design philosophy is to not collect private or sensitive data. There isn’t a need for rich and potentially sensitive data for security. It has been proposed security and risk technologies currently collect too much data, often not required or potentially not even valid anyway. “We do all of our analytics through analysing the statistical telemetry data that comes from the hardware itself, largely ignoring the operating system,” Jeff confirmed.
The ResponSight Aggregator is a virtual machine, acting as “traffic cop” to the Collectors delivering data bundles, and integration to third party solutions, such as SIEMs, provides reporting dashboards. Because it is only statistical, the network footprint is minimised by design, resulting in being lightweight, at less than 1Gb and low performance requirements, at less than a VDI. “The ResponSight has a very light weight footprint and we don’t suffer a lot of the challenges you would get with more centralised technologies, that an enterprise might invest in and then have a large repository problem.” Jeff highlighted. “The lightweight nature of ResponSight still provides the high value risk profiling and risk analytics outcomes for the enterprise to make decisions.”
The ResponSight approach is also heavily focused on integration, including vendors but also service partners. As a unique analytics tool, there is broader application, with use by leading consultants and managed service providers. Jeff highlighted, “We are also working with vendor partners, where our solution is complimentary. Large SIEM providers are also commonly seeing integration provides additional value from information not previously being captured. Really asking as a business – how do we apply what capability exists on the market in a way that suits our priorities and our business requirements and objectives?”
The Responsight deliverables are not a traditional alerting scenario, but instead reports on a profile of the organisation’s risk at a point in time and over time. The enterprise can see if their investments in technology are ‘moving the dial’, in whether risk is going up or going down and even the difference between business units or location. This insight allows the focus on setting priorities for spending, resource allocation and more informed security operations.
Being a new cybersecurity start-up there is the challenge of achieving an enterprise client base. “It has certainly been an interesting space,” Jeff assured. ResponSight is my fifth start-up and second cyber centric start-up, so I’ve had some experience. Coming from a large enterprise consulting background, I come from a heritage where you could just say the brand name and you’d get the meeting.”
Jeff’s long history in IT, cyber security and software development, includes with some of Australia’s top organisations as a virtual Chief Security Officer, advising executives and boards on security strategy, capability development and integration, and improving cyber security awareness. Jeff previously held the role of Director of Cyber with PwC and Managing Principal Security Consultant at Dimension Data, where he provided technical security and governance, risk and compliance services to large enterprise, financial services and government customers.
“We’re not in the market with an unknown name,” Jeff affirms, “we’ve been around for three years but going through a R&D process. We’re only new in the market with sales this year. Our developers and data scientists have been working hard for some time. But I do take the point that in the Australian ecosystem, there are challenges around maturity and for large enterprise to understand where they can apply technologies in a way that suits their business needs. We need to combine that with our brand awareness in the market.”
Jeff notes, “the market is not limited by size or type of organisations. Naturally, we are initially focusing on financial, critical infrastructure, energy, utilities, professional services and government. These are organisations with a large profile, with large employee bases, but are also operating outside the corporate network, or walled garden, and are often mobile and moving. There is always a challenge of containing risk in these environments and our goal is to deliver risk profiling capability and awareness to executives of large enterprise, regardless of where they’re based.”
ResponSight has been designed specifically to address the problems incurred when deploying security and risk technologies – how do enterprises get the required outcomes without actually creating another target for attack? Responsight readily discloses what the solution is doing, how it’s designed and how it all works, with website published solution overviews and the decision-making benefits.
ResponSight will also show the raw data being collected, without claims of “proprietary IP” over enterprise data and the data is otherwise useless in another context. The approach and design is without impact or visibility to the user, ensures a new vector for attack into the enterprise is not created; there is no private or sensitive data stored on systems that could be targeted for attack; and that ultimately builds a profile of enterprise risk and actionable intelligence for boards and executives to set useful priorities.
Visit www.responsight.com