© 2021 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Jonathan Gill, Panaseer: “organizations have a greater need for automated measurement”


Establishing proper defenses is a crucial move for dealing with cyber threats. But it seems like deploying them effectively is an even bigger challenge for companies worldwide, resulting in giant losses.

As many as one in every three breaches happens because of untimely patches, reminding us that prevention is always the best solution to cybercrime. Considering this, the best way to go about cybersecurity is by identifying and understanding your vulnerabilities before threat actors do it first.

Jonathan Gill, the CEO of Panaseer, talked to us about the importance of security controls frameworks and automated risk assessment in the current cybersecurity landscape.

Panaseer has been growing exponentially since your launch in 2014. What was your journey like?

I joined the company at the start of the year with a clear mandate to scale the business. Panaseer’s growth had been both structured and successful to date, from an on-premise proof of concept to product development and customer collaboration, then market validation and cloud-based proposition. The result was the growth of 3.3X in 2020, with even bigger growth expected in 2021.

We are now serving two primary markets – North America and English-speaking Europe. We have achieved all the key indicators of growth across customers, revenue, and people. We now have more than 100 team members and are continuing to recruit across the whole business, with the biggest percentage of vacancies being US-based.

You take great pride in your Continuous Controls Monitoring technology. Can you tell us more about it?

Security leaders need to know that they have full visibility of all their assets, their control status, and how they can optimize those controls and prioritize actions. However, they are faced with a number of challenges to achieve this - with issues surrounding manual processes, untrusted data, and an increasing number of tools that provide a multiplier of complexity and a lack of business context and ownership. The upshot is that only 40% of senior security leaders are confident in their security posture.

These issues cannot be solved with spreadsheets or business intelligence tools – ultimately, it is a data science problem. Panaseer’s Continuous Controls Monitoring (CCM) platform brings together data science and big data technology to uniquely correlate data from all security tools, enabling security leaders to identify and measure missing assets and control gaps and advise on underperforming controls.

You put a lot of thought into maintaining a happy and engaged workplace. Share with us, what are your key values at Panaseer?

Values are very important to me. You can have the best product in the world, but if you aren’t inspired by the people you work with and look forward to working with them, then you won’t have any fulfillment.

Interestingly, our values do not include ‘happiness.’ Yes, I want people to be happy, but it can be an incredibly subjective way of feeling that philosophers have been trying hard to explain for millennia. Rather, our values, culture, and behavior are geared towards people becoming the best versions of themselves, in and out of work, through inclusivity and enabling people to feel accepted and comfortable in their own skin. Our team members are encouraged to be vulnerable and to bring their authentic selves to work, and in return, the business benefits from the broad spectrum of experience and thinking of a truly diverse workforce.

Our values are: lead with compassion, be curious, live authentically, stay low ego and own it. They complement each other to give our people clarity on their roles and goals, psychological safety to be receptive to feedback and challenges, and the right culture for everyone to grow, develop and thrive.

You often mention the importance of having security controls frameworks in place. What are the key points enterprises should know about implementing these frameworks?

Frameworks are guides those organizations can use to secure, measure, and attest their security status – they provide a lens by which to view a certain type of question or susceptibility to a certain threat vector. They may not be mandated, but given that so many regulations ask for details on framework alignments, it is very important to adopt the best practice by implementing the right ones.

However, the main issue with frameworks is that the underlying metrics used to measure are usually not prescribed. That's why, for example, the Center for Internet Security, Inc. (CIS®) developed its Control Assessment Specification (CAS) framework, with input from Panaseer on its latest iteration. The newly developed ‘version two’ of the CAS framework will provide guidance on the metrics a company should use to assess how well they are complying with 'version eight’ of the CIS controls.

This development partnership combines CIS’s authoritative voice on best practices and our expertise in security measurement. We are now reflecting the CAS framework ‘version two’ within our CCM platform. Moving forward, we will work together to develop future versions of CAS that are tailored to automated measurement.

How did the pandemic influence enterprise cybersecurity? Did you notice any new methods being used by threat actors?

It certainly brought new challenges with an increasing threat and landscape and changing technology and business landscape. Fast shifts to home working and cloud-based systems, with businesses under pressure to accommodate new ways of working, plus expedited on-boarding of new tools, will have put security teams under a lot of pressure. Methods that threat actors use seem to have stayed largely similar, but the volumes have increased; ransomware attacks quadrupled during the pandemic, and the National Cyber Security Centre recently cited them as “the most immediate danger to UK businesses."

In your opinion, should small businesses and large companies approach cybersecurity differently?

They both have the need to secure and measure their businesses, according to the risk appetite of senior leaders. The difference is how they go about achieving this. In a smaller company, it’s much easier to have visibility, whereas in a large organization, you have a much more complex environment, so it does require a different approach.

What security issues are often overlooked but could pose a significant threat to one’s company?

Cybersecurity control failures are listed as the top emerging risk in the latest Gartner, Inc. Emerging Risks Monitor Report. This is because despite businesses having invested in the controls to defend themselves, attacks are still happening when those controls are not deployed effectively. With CCM, this problem is now possible to address.

These types of attacks are generally known, unsophisticated, and only succeed because they hit systems that haven't been patched yet or that don't have security controls monitoring them. As we shift to the cloud and threats increase, getting this visibility becomes more complex. Organizations have a greater need for automated measurement instead of relying on manual reporting to continuously monitor what is and isn't protected, whilst understanding the criticality of systems so that business and technology owners can drive remediation, both on-premise and in the cloud. This approach provides the confidence and ability to prioritize protection and enhance overall cybersecurity posture, which minimizes risk to attacks such as these.

What would you consider today’s cybersecurity must-haves, especially for enterprises with a mainly remote workforce?

Ultimately, security leaders need data-driven actionable insight that starts with the state of their assets and control coverage.

Just think about it from the perspective of a resource. Security teams are currently spending over half of their time developing manual reports for the board, regulators, and auditors, etc. These manual reports are massively prone to error and are also a huge time-suck – there are currently four million unfulfilled cybersecurity vacancies, and 83% of security professionals say they feel overworked. With automated access to accurate real-time data, security teams can better spend their time making a difference – using the data, rather than just collating it.

And finally, what does the future hold for Panaseer?

As CCM adoption increases, Panaseer is looking to accelerate and scale its operations to meet this growing industry requirement. We want to build upon our triple-digit growth and drive even more value for existing and new customers.

Put simply, we see ourselves as the company that can help organizations prevent the ‘preventable breach.’ By getting the right telemetry in the hands of security leaders, which is automated and trusted, they can be much more confident that their cybersecurity safeguards are switched on and working effectively at all times.

Leave a Reply

Your email address will not be published. Required fields are marked