Q&A: Revolutionizing Cyber Resilience: Automating Security Remediation Beyond Manual Tasks

Rekha Shenoy

Rekha Shenoy

Backbox_Rekha-Shenoy_c28fd70a-fae9-498c-8ecb-3bfff272b6b0

Insert at the top: Originally published on CyberRisk TV and edited for length and clarity.

This discussion focuses on the disconnect between security monitoring, which has become more mature over the years, and remediating security vulnerabilities, which are still stuck in the Dark Ages. My guest is Rekha Shenoy, who will talk about this challenge and how cyber resilience requires a more continuous approach to remediation, one that does not depend on manual work but one that can be trusted not to cause outages.

Q. Would you tell us a little about yourself and your journey to being CEO of BackBox?

A. I’ve been in the cyber security business for about 20 years, starting as an engineer and moving into product marketing, product management, and other areas. In that time, as the attack landscape has evolved, I’ve seen cybersecurity companies and technologies grow, evolve, die, and come back. I love taking new technologies to market and growing them, not because they’re cool technologies but because they solve real-world problems. When I have an opportunity to find those kinds of rare jewels, it’s an honor to be part of that growth and to succeed in that area. What I’ve discovered over the years is that trying to figure out where our CISOs are struggling and trying to add value and help address those challenges isn’t always obvious. It’s not just technology; being part of this ecosystem is exciting.

At Backbox, where I’m the CEO, we’re solving new problems CISOs face in keeping up with the evolving threat actor landscape.

Q. What types of problems are you seeing that BackBox is trying to tackle?

A. When you think about networks – corporate networks or industrial networks, cloud or hybrid – they are continually evolving, scaling, and becoming more complex to support business needs. AI is also adding complexity. Meanwhile, the challenge that network engineers have in keeping up with vulnerabilities and security in general, whether it’s security policy or compliance policy, is still very much in the Dark Ages. A mountain of manual work is being done on nights and weekends, one device at a time. And why is it manual? Because they don’t trust automation not to cause an outage.

BackBox is an enterprise-grade cyber security solution that brings cyber resiliency to that side of the fence. Every network engineer will tell you they’re overworked. We automate the remediation of vulnerabilities in a way that gives them complete visibility into the work being done and confidence that it can be done properly. We reduce that burden so that they can spend their time on more value-added activities, which is all that new network complexity coming their way that’s required to support the business.

Q. How do you get over the hurdle of trusting automation?

A. Let’s start with enterprise-grade backup and recovery being the product’s core. When we say enterprise-grade, we don’t mean just backing it up and having the previous version. BackBox maintains version history, and it shows you what the changes were. It captures that so you can restore to a previous, known, good state. The ability to have that at your fingertips is step one.

On top of that, the system has thousands of automations for over 180 device manufacturers. All that available automation allows you to do this type of backup and recovery. We also do configuration checks to find out what changed and automate the reconfiguration of those devices.

In addition, we now bring in vulnerability intelligence. If you think about vulnerability management traditionally, you tend to think of Windows Patch Tuesday. That may be a mountain of work. But think about the amount of work if you’ve got hundreds of different device types in your organization. The first thing you’ll do is spend all weekend trying to figure out four pieces of information: the device manufacturer, the device type, the device version, and the firmware version. Then, you correlate that against a vulnerability. No human should spend their weekends reading all of that paperwork and correlating CVEs. 

BackBox does all of that for you. When we identify those with active exploits against them in the wild, we prioritize them. We take the mountain of work and reduce it to the small subset that applies to you.

Finally, we allow you to run that automated update in a test environment to prove that it continues running and provides the necessary availability. Then, you can deploy it to hundreds of devices with confidence. At that point, our traditional customers will integrate with their typical workflow systems and run these automations. Say, BackBox reports back that 96 succeeded and four failed. Instead of network engineers trying to figure out which of these patches apply to their devices and patching manually, we’ve reduced the amount of work to look at these four devices that need to be taken care of.

The key is to not think of automation as something that does things at night but something that you have your hands on and is doing exactly what you expect. We have enterprise and managed service provider customers who rely on this daily and are raving fans of ours because we’ve built automation that they trust.

Q. Are you waiting for your clients to do vulnerability scanning to discover things, or is discovery part of your offering?

A. Both. An important point is that sometimes vulnerabilities aren’t in the National Vulnerability Database (NVD) despite being exploited. Instead, they are published by the device vendor and many vendors don’t provide a depth of vulnerability data on their devices. We pull CVE data from NVD and CISA, as well as vulnerability information from device vendors and provide all that data to our customers.

Also worth noting is that there used to be this wall between security and networks. The security team did the vulnerability scan, which generated a lot of paperwork and risk ratings of critical, high, medium, and low. But your critical vulnerabilities were still 16 pages. There was still a mountain of work because network teams didn’t know which vulnerabilities applied to their devices.

AI is actually breaking that wall in some ways. In the past, when a vulnerability was discovered, it was usually weeks or months before an exploit was readily available and became a real threat. That’s turned into days because people use AI to write these exploits faster. Then, non-technical bad actors can take advantage of vulnerabilities and get to you a lot faster. Anyone still living in the days of annual patches is out of luck. Quarterly patches are late, too.

The challenge is to help network engineers catch up. That’s where we come in. We offer a pragmatic approach so network teams can make remediation a daily task. This approach makes more sense and delivers more value because security and network teams are now communicating to go beyond cyber monitoring to achieve cyber resilience. You don’t get credit for finding and monitoring. The priority is the ability to build resilience to threats as they happen and recover quickly.

Check out the podcast for more detail or learn more about BackBox by visiting https://backbox.com/product/. Ready to get started? Request a demo to see our solution in action.

Related content

January 14, 2025

How BackBox Validates Vulnerability Data That’s Relevant to You

Read Now
December 26, 2024

Top 5 Things to Know About Cyber Resilience for Network Devices

Read Now
November 20, 2024

5 Ways BackBox Helps Organizations with the EU Cyber Resilience Act

Read Now

See for yourself how consistent and reliable your device backups and upgrades can be

Request a Demo
Contact Us