2912: Sphere 24: WithSecure's Antti Koskela Talks Luminen and Co-Security

[00:00:00] Welcome everyone to a special episode of the Tech Talks Daily Podcast. I'm your host Neil C. Hughes, and I'm coming to you live from Helsinki at the Sphere event brought to you by WithSecure. And although this is day one of the event, I've already seen two great keynotes.

[00:00:20] I've had their interim CEO who was talking about how they're not just creating an AI co-pilot like everybody else, they're actually putting AI to work for their customers. And there was also a fascinating keynote about digital empires and regulation by Anu Bradford, a professor at

[00:00:38] Columbia Law School, not to mention the former president of Estonia. So many world-class speakers here, and what I've especially loved is so many different nationalities from around the world. I've been speaking with people from Germany, Italy, Austria, France. It's so good to hear

[00:00:53] conversations about people collaborating and making a difference, and talking about how technology is impacting their industry. But just after he got off stage, I grabbed the interim CEO of WithSecure, and he agreed to sit down for a few minutes and talk about some of the announcements and discuss

[00:01:11] their latest groundbreaking innovation, Luminen, which is a gen AI cybersecurity tool that promises to supercharge IT teams around the world. So have you ever wondered how mid-market companies can navigate the complex landscape of cybersecurity solutions that often seem tailored exclusively

[00:01:30] for large enterprises? Well, my guest today is here to shed light on this very challenge, bringing a European perspective to the forefront. And as a seasoned global software business executive with a passion for driving success in leading organizations, I think he's uniquely positioned

[00:01:50] to discuss how WithSecure is addressing this distinct need for mid-market firms with innovative and accessible cybersecurity solutions. But before we dive headfirst into the specifics, let's talk about the sphere unconference, which is where I am right now. And sphere is not just

[00:02:09] a physical space, it's almost a state of mind that transcends walls and boundaries, welcoming ideas, open communication and collaboration. At least that's the kind of message that I've picked up while being here. And it's all about co-security, a concept that's been actively created and refined

[00:02:29] within these very walls. And unlike traditional conferences, I think sphere is more participant driven. It's an unconference, meaning it's designed to be inspirational and interactive. And this year, the focus is on global megatrends in cybersecurity with quite a lineup. But one of

[00:02:46] the things I love most about this event is the co-creation of a manifesto through active participant engagement where attendees are encouraged to contribute their thoughts, their feedback and ideas all via the online platform, fostering a more collaborative environment

[00:03:02] where the core values of co-security, collaboration, synergy, participation, trust are not just discussed but actively practiced. Seems like the perfect antidote to conference hangover, and let's face it, we've all seen that before. In case anybody listening doesn't know who WithSecure are, they

[00:03:19] were formerly known as F-Secure Business and they've got a long-standing reputation as a reliable partner in cybersecurity. They're trusted by IT providers, MSSPs and businesses and some of the world's largest financial institutions and tech providers. But Luminum, their newest offering,

[00:03:37] leverages advanced large language models to significantly enhance the efficiency in today's busy and often understaffed cybersecurity teams. Ultimately, the tool aims to simplify complex tasks, providing contextual guidance and delivering precise actionable recommendations. And by automating actions like this and offering deeper analysis of security incidents,

[00:04:04] Luminum ensures that even non-security experts can navigate the cybersecurity landscape. So today's guest will delve deeper into these strategic initiatives, focusing on WithSecure solutions, how they're tailored to mid-market and how the European approach to cybersecurity

[00:04:21] is shaping their offerings. So how can mid-market companies leverage Luminum to enhance their cybersecurity efforts? What does the future hold for cybersecurity in a rapidly evolving digital landscape? Well, buckle up and hold on tight as I beam your ears all the way to Helsinki,

[00:04:39] where you can join me and the interim CEO of WithSecure. So a massive warm welcome to the show. Can you tell everyone listening a little about who you are and what you do?

[00:04:53] My name is Antti Koskala. I'm the interim CEO of WithSecure. I've been here three years as a chief product officer, and we've been building all the great stuff for the event and things we

[00:05:05] publish here this year. Well, it's a pleasure to have you with me on the podcast. I saw you on stage just a few moments ago. Incredibly hot here, isn't it? I went for a walk last night. It was

[00:05:14] still in the 20s at 10 o'clock at night. Is this usual? This is not usual, and it was 28. This must be some kind of record. Usually Finland is definitely cooler in May. For everyone listening around the world that can't attend this event,

[00:05:27] how would you describe Sphere24? So Sphere24, as Sphere in general, is a co-security unconference. We use these words quite intentionally. So co-security first. So we believe, especially with mid-market, nobody can do it alone. So you can't do all the necessary

[00:05:49] research as a mid-sized company or the local partner. You need to team up with somebody like WithSecure in a way to close that gap. And I think that's what we use the word co-security for. And unconference, we wanted simply have a different type of conference. We didn't want

[00:06:05] to have just our own product pitches all day long because you need to earn that. And we wanted to get interesting people to talk about interesting things and share the latest. So we have here professors from the US, Anu Bradford talking about European regulation,

[00:06:22] former president of Estonia, Thomas Hendrik Ilves to talk about his experiences. So it's a quite reputable speaker turnout we have. It really is. And what also makes you stand out for me is, yes,

[00:06:35] we're at a tech conference and yes, AI has been mentioned several times. But there's a great phrase you used on stage today where you said, this is not just another co-pilot. We're actually

[00:06:45] putting AI to work for you. Can you explain what that means and what product we're talking about here as well? So often when you use a chat GPT or something similar, so it's interpreting

[00:06:59] the text you are, or if you import data into that, you talk about the data. But there's a risk that the model can hallucinate. And many of you have experienced that one many times. But what generative

[00:07:13] AI also is, it's a natural language processing. So in a way, the prompt is a code itself. So it's actually transformer algorithm to be precise. And what we have done is that we have

[00:07:27] carefully in a way designed the prompts as almost as a programming language. And they are interacting with the data. And then we are with the use of application programming interfaces, we are then exposing the results, which we think are not hallucinating for the user interface to get

[00:07:47] meaningful outcomes. And also, it makes you stand out and a little bit different is if when we look at the cybersecurity landscape, it often focuses on large enterprises. But how do mid market companies needs differ when it comes to cybersecurity solutions? And how are you with secure addressing

[00:08:04] these unique requirements? Because it seems they're often forgotten about. Yeah, they are definitely forgotten. And they are forgotten because the in a way large companies and their allies, they have built the cybersecurity playbook that we know today. And it is a human centric playbook, often

[00:08:20] builds around having a lot of people in your security operations center, having visibility on all the data that is coming up emphasis on the human work. But what we really

[00:08:31] want to do is to turn it around is that how we can get AI to do the data crunching and automate the work. So we keep human in the loop, but you don't necessarily need a cyber security expert to make

[00:08:44] the decision, you need a regular IT admin should do the work. And that's what mid market companies need. Yeah. And given your extensive experience in the European market, I'm curious, what distinct challenges do mid market companies in Europe face in terms of cybersecurity compared to their

[00:09:01] counterparts in other regions around the world? What are the differences that you see here? One of the key things that is troubling me time to time in Europe is that we are still

[00:09:11] quite late in the adoption of cloud and SaaS type infrastructures. And there seems to be a thinking that we can solve security problems with the on premise infrastructure, infrastructures. I don't subscribe to that view. Because in today's all modern development,

[00:09:30] all programming, all AI, it happens in the cloud. Because we don't today code applications, applications emerge from the data using the AI, just like how limited. And so that's a big thing

[00:09:45] is that how do we develop a cloud first mindset? And the second one, of course, we have different language variants here that we have. I think our regulatory environment is positive for the security.

[00:09:56] And it's actually putting more pressure like in IS two, and so forth, which is the new security standard. Another big topic here from the conversations I've had on the show floor is the democratization of cybersecurity. What does that mean to you? What it means for me is that

[00:10:13] we companies who are serving mid market, we need to team up. And we need to collectively close this gap to minimum effective security for the mid market customers. And we need to together find them feasible, viable and affordable choices, because they need to have access, they need to

[00:10:32] have access, good cybersecurity. With the rise of global mega trends, such as AI and digital transformation of almost everything, how is it with secure adapting its offerings to ensure mid market companies can keep pace with these changes, while maintaining robust cybersecurity measures,

[00:10:49] because a lot of businesses are challenged to do more with the same or more with less at the moment. It's a big conversation, isn't it? So I start from the fact is that it's a bit like with

[00:10:58] the national borders, such as building a fence around the national border doesn't really help the security. Cybersecurity is the same is that you can't just build a fence around your infrastructure. VPN has a role to play virtual private network, but it's not the playbook for

[00:11:15] this decade, or this millennium. And what you need to do there, you need to understand the key parts, which are the issues affecting security, of course, they are the endpoints. It's securing the perimeter, those will still be there. But getting good grip on your identities

[00:11:33] is the key. Because if you look at digital infrastructures, what is the attack path is often through the identities, they want to get access to your active directory, and then misuse credentials, but even start granting credentials for the criminal activity.

[00:11:51] That's often what happens in ransomware. So detecting these identity things, understanding as a part of your exposure role of identities, that's key. And I then making sure the configurations of the cloud and SaaS services are done and the posture is correct. It's not

[00:12:08] rocket science, it's like a good hygiene, good IT hygiene. And most of these tools, it's the boring part. Let's look at the good hygiene, wash your clothes, do your laundry, keep your house in order. Those are the type of things we need companies to do

[00:12:24] when it comes to good cybersecurity and the tools will help them. So can you elaborate on the concept of co-security, what that means and how it has shaped the strategic direction of which secures offerings, particularly for those mid market businesses?

[00:12:39] Often in security, there are managed services that I do something on your behalf. And that's in the direct business relationships, that's very common, that I run a security operations center for a customer. But we do that as well, obviously. But with the co-security service,

[00:12:59] we would like to productize the security elements in a recurring way so that they are orderable from our elements cloud, so that I'm buying a detection and response. There's an event, click,

[00:13:13] I can elevate it to which secure, so we can have a look and help you with the one instant. Oh, I only look at these eight to four, click, you can take care of the 24 by seven.

[00:13:26] Or we go all the way up to manage detection. So we want to productize the services so that they are consumable in sachets and chunks, especially to meet the affordability requirements for the

[00:13:37] mid market. If we were to look ahead, what do you see as the most significant cyber security threats facing mid market companies in Europe? And how can they better get back to a more proactive approach to cyber security rather than reactive and firefighting to prepare and mitigate these

[00:13:54] risks? So mid market companies need to understand is that they are not protected by the virtue, they are small. They possess valuable information. And in today's digital world, they are part of digital supply chains, which are interconnected. Like in the case of the

[00:14:11] famous ransomware with the Mars, it was on Mars, it was TNT Express, which was the logistic company. And that's where it all started. So ransomware, I would keep, that's my number one thing as a mid

[00:14:24] market. And in order to counter that one, you actually need all the elements of the new cyber security playbook as we talked about here. And obviously, this is a huge event and it's gonna be very important for you, I would imagine because you're so passionate about collaboration,

[00:14:38] is all the different conversations you're having with partners, journalists and attendees alike. So after all the conversation on the show for all and being around so many different people from the industry, what will you be reflecting about when this event is over? You must be

[00:14:53] bombarded with so many ideas. What are you going to be thinking about? Of course, as a business, I'm thinking about how do we scale these things fast enough? And it's really that work with the partners so that they have a reach to these mid market

[00:15:06] customers, especially in the European countries, that we in a way deliver the value to the mid market. I think that's the key of my things on my to do list. And then this event is a big

[00:15:18] thing. So with secure is a new brand. So I think a sphere is a key part of us establishing a strong European cyber security brand. And by the virtue of doing this one, so the byproduct for us is that

[00:15:32] we get the brand recognition that we need. So we don't need separate vehicle for this one. And for anybody listening that can't attend the event, maybe they want to go online and find out

[00:15:41] a little bit more information about it, your vision for with secure and indeed the gen AI stuff. Where would you like to point everyone listening? So the key source of information is our web page www.secure.com. There we will have all the data

[00:15:54] from the event available. And of course, please follow our LinkedIn page. So a huge thank you to today's guest for taking the time out from an incredibly busy schedule to come and sit down with me atmosphere event in Helsinki. And I think his insights have been

[00:16:08] incredibly enlightening. But this is all about co security collaboration. So for everyone listening, I hope you gained a deeper understanding of the unique challenges mid market companies face in the realm of cyber security and how with secure is trying to step up to meet these needs

[00:16:23] with innovative solutions like luminate. But this event has been a showcase of collaboration, open communication, shining a light on the power of participant driven approach to cyber security. And it's clear to me that the future of cyber security is not just about cutting edge technology,

[00:16:40] but about building strong partnerships. And that culture of co security that I've mentioned a few times, or I've also said multiple times, our sphere is a different type of conference that focuses on collaboration and bringing together interesting minds to discuss pressing issues.

[00:16:56] So as we wrap up, let's reflect on the broad implications of what we've discussed today. And in a world where digital transformation is accelerating and AI is becoming integral to almost every aspect of business. How can companies, especially those in the mid market,

[00:17:13] how can they stay ahead of the curve? How can they ensure robust cyber security measures while adapting to new technologies and new trends? And perhaps most importantly, how can they foster a mindset of co security to build stronger and more resilient ecosystems?

[00:17:31] This is where I hand the microphone over to you. Let me know your thoughts, insights, opinions, whatever it may be to tech blog writer outlook.com, Twitter, LinkedIn, Instagram, just at Neil C Hughes,

[00:17:43] easiest guy in the world to find. So let's keep this conversation going. Let me know your thoughts on the future of cyber security for mid market companies, how you see AI shaping the landscape.

[00:17:55] But enough from me, I'm going to hit that show floor now. I've got another guest lined up for us already. So I'll be reporting back shortly. But thank you for listening today. And until next time, don't be a stranger.