Today we sit down with Samir Mody, Vice President of Threat Research at K7 Computing. K7 has been a long standing member of AMTSO and we’re excited to interview them. Samir initially spent almost 10 years at Sophos and had spent the last 3 of those as SophosLabs’ Threat Operations Manager. In 2010 he joined K7 and has steadily risen in ranks to be where he is today. Samir manages K7’s membership of the Cyber Threat Alliance and has worked with IEEE.
Why are you and your company an AMTSO member? Tell us a bit about why you joined AMTSO, and when?
K7 Computing became a member of AMTSO soon after its inception circa 2008. We joined AMTSO for a couple of reasons, one of which is that we have always well understood the need for all stakeholders in the cybersecurity industry to cooperate and collaborate with each other to help fight cyber threat actors and make the global digital space safer. It is with this ethos in mind that our Founder, Mr. Kesavardhanan, became the CEO of AVAR, another multilateral cybersecurity organization based out of Asia.
A second reason is, of course, that AMTSO’s mission of improving the quality and efficacy of cybersecurity product testing was an important one. There were, and still are, many ill-conceived tests out there which do not reflect the true capabilities of a solution to protect users from real-world threats in real-world scenarios. This is not good for the cybersecurity industry as it leads to a wasteful use of resources, responding technologically as well as PR-wise to unfounded test results. As a vendor of a cybersecurity product, it is obviously important to promote good, fair, responsible testing which helps to accurately highlight legitimate areas for improvement.
Good tests which subscribe to AMTSO’s principles of testing also provide customers a reliable path through a maze of products and solutions, often confounded by aggressive marketing claims, to find the product that best suits their needs. It should be easy for customers to see how a product performs vis-a-vis competitors in identifying and tackling threats pertaining to their environment. Doing well in a well-run public test allows us to highlight the pedigree of our brand for all to see.
Thanks for the summary. Why else are tests of your products important for you, and what’s your expectation of a good test?
A good test is one that is fair, accurately reflects real-world scenarios, and exercises a product’s full gamut of protection technologies to determine true efficacy. It is understandable that exposure of all tested products at the same time to identical attack scenarios with a statistically relevant number of vetted malware samples requires automation and carefully-controlled test environments. So good testing is by no means easy. Nonetheless, it is important for Testers to focus on methodologies and evaluation criteria which promote test environments and attack patterns which mimic a real Enterprise or Consumer user’s threat scenario as closely as possible. Hence Testers ought to keep upgrading their methodologies to keep up with current malware trends.
Cybersecurity vendors don’t create technology to pass tests. We do it to protect our customers, and so it’s critical that our involvement in tests results in enhanced protection and elevated user experience for our customers. Good testing can help support this by accurately identifying weaknesses in a product’s ability to, say, fully arrest a threat, and providing meaningful feedback and evidence, including artefacts, that can help us validate and troubleshoot identified issues, and provide robust solutions.
As you have been with our organization nearly since the beginning, can you tell us how have you seen the evolution of testing since AMTSO has been created?
The AMTSO Standard is the culmination of many years of concerted effort by AMTSO to promote fair testing grounded in sound test methodologies and processes based on the fundamental principles of testing, which were formulated at AMTSO’s inception. The Standard was forged by both Testers and Vendors in collaboration, and encompasses valuable criteria to determine whether a test has been conducted in a way deemed to be minimally acceptable to both sets of stakeholders. AMTSO-compliant tests are certainly more conducive to enhancing product efficacy, thereby improving user protection, which should be the ultimate goal of cybersecurity solution testing.
Moving to K7 specifically, what types of problems does your company (and software) try to mitigate?
K7’s mission is to create cybersecurity software which thwarts malware and other threats in order to keep users cybersafe across platforms and devices. To this effect, we conduct threat research which keeps us abreast of the latest threat landscape, and develop innovative technology and solutions taking into account the evolving tactics, techniques and procedures of threat actors.
And what types of problems are keeping you and your company busy at the moment?
Without a shadow of a doubt, the biggest thorn in our side, and probably so for most cybersecurity vendors, is the scourge of potent, highly-damaging and ubiquitous ransomware. The Ransomware-as-a-Service model has attracted many petty criminals into fray, and they are able to cause havoc at scale.
That’s certainly true, and a concern for many businesses and consumers. Apart from ransomware, what is most concerning in the industry to you at the moment?
Apart from ransomware, the last year has demonstrated that popular software, like Microsoft Exchange Server, Kaseya or the Apache/Java combo, can have very serious vulnerabilities which can be very effectively exploited in the wild by determined cyber adversaries, whether nation states or the small fry. The headaches for us can be very severe regardless of the precise nature of the adversary.
Digital uptake with new devices and platforms is progressing at a relentless pace. The advent of IoT, many within an OT environment, along with the increasing networking confluence with IT infrastructure is increasing the attack surface enormously. In addition, low-level sinister threats at device boot level provides another dimension for us to consider. All of this greatly increases complexity within a short time span, and will challenge us all in the provision of robust cybersecurity solutions.
However, in this industry we are constantly pushing boundaries and engineering new methods and solutions to tackle threats and adversaries across the different platforms to remain true to our mission of safeguarding people’s digital and even physical lives across the world.
Is there anything you’d like to plug or announce for you or your company?
The K7 engine will soon be incorporated as a trusted Arbiter when establishing ground truth in the classification of artefacts to be evaluated on the Polyswarm Platform.
Sounds exciting, another great example of collaboration and contribution to threat intelligence sharing in the industry. Thank you so much for doing this interview Samir and we’re looking forward to hearing more from K7 in the future!