Video: 10 Minute IT Jams - An update from Absolute Software in 2023
Cybersecurity is changing fast. Nico van Someren, Chief Technology Officer at Absolute Software, says much of the old thinking about digital defence can no longer keep up with today's challenges.
Absolute Software's reach is impressive. The company's technology is embedded in more than 600 million devices around the world, providing what Van Someren calls "mission-critical performance with advanced cyber resilience." Its platform secures everything from an organisation's laptops to its network connections, and it's designed to work even in the most demanding, hybrid work environments.
Van Someren explained the company's dual approach. "Absolute Software has a range of products but they fall into two categories," he said. "One set is about providing security for endpoint computers, PCs, Macintoshes and so forth. The other line is for providing secure access technology." For the latter, he highlighted their zero trust network access platform, which combines "very advanced VPN technology" with "powerful error correction and flow control and network continuity support."
Such robust connectivity is particularly crucial as more staff work from varied locations. "We have users in more and more places, and we've been seeing the incipient death of the perimeter security model for a long time," he said. This move away from the old idea of a tightly controlled company boundary means organisations increasingly need sophisticated solutions to monitor access and defend devices no matter where employees are located.
Their endpoint technology is equally far-reaching. It is built into the BIOS – the firmware etched deep into a computer's hardware – before the machine even leaves the manufacturer. "We work with most of the PC OEM vendors to put our BIOS component into the ROMs of the machines before they even ship," Van Someren explained. "It sits dormant until we send it a cryptographically signed message that says wake up and attach yourself to this particular customer."
Once activated, the software is the first to run when a device boots up, giving absolute oversight of each machine. This allows organisations to "collect telemetry about what software is installed, what hardware is deployed," he said. If there's a problem, "you can reach out to those machines, run repair scripts if necessary, deploy new software and generally manage those devices in a remote way."
Importantly, this resilience remains even if the device is lost or stolen – or if a thief tries to wipe it clean. "One of the first things that thieves do now is that they will, after they've checked to see if the device has any valuable data, just wipe it. They want to get rid of all trace of the original owner," he said. "Even when they do that, that will remove most security tools but it won't remove us because we come back up out of the BIOS."
Looking at broader trends, Van Someren sees organisations grappling with the complexity of hybrid work and hybrid infrastructure. While many once thought cloud would answer all security prayers, reality has proven otherwise. "Increasingly we are seeing organisations saying no, actually there are some things we will always keep within the firewall, and we will always have a firewall to keep it within," he said. This creates what he described as a "hybrid at both ends model", where some users and services are still office-based while others are in the cloud.
As a result, the requirement is clear. "We need a very rich network access solution to mediate and secure those connections and work out what is an appropriate connection in a given context," he noted.
On cyber resilience, Van Someren pointed out that the industry is hitting diminishing returns in simply adding more endpoint security controls. "It's sort of like, you know, if I spend twice as much on a Hi-Fi, it won't sound quite as good, if I spend twice as much on a car, it won't go twice as fast," he said. Organisations, he argued, are "reaching a point of diminishing return where we can squeeze the risk down so far but we can't squeeze it any further by piling on more controls."
To truly manage risk, companies must focus not just on blocking attacks, but limiting their fallout. "Risk has two dimensions," Van Someren explained. "There's the probability of attack and there's the impact of the attack. The other dimension is about how long does it take to recover, how damaging is any individual attack." With high-profile ransomware attacks hitting global headlines, recovery becomes key: "A lot of that turns out in practice to be about how quickly can you recover."
Asked about artificial intelligence, Van Someren expressed a nuanced view. While he acknowledged that AI, especially recent advances in large language models, has captured the world's imagination, he resisted the hype. "I think I have a somewhat contrary view compared to many," he said. "A lot of people believe that AI is the future of everything, it's a complete panacea, we're all going to be replaced by automation." Instead, he sees it as "just another tool in an ever-expanding toolbox."
He pointed out that while AI is improving, it still struggles with more complex tasks and creativity. For all the concern about AI being used to generate new forms of attack, he remains measured. "It's important to understand that while these systems exhibit a fair amount of general knowledge, they don't exhibit general intelligence and they're actually not very creative." If anything, AI is more likely to regurgitate existing attack patterns – the best protection against which is still making sure systems are patched in a timely fashion.
Finally, the perennial debate: should organisations focus more on defence or their ability to respond? Van Someren said, "The diminishing return we're seeing on defence does suggest that actually a rebalancing towards response, towards reducing impact, is probably a better way to spend our funds." Absolute protection is impossible, he argued: "We're never going to get our risk of breach down to zero and if we have a security model that's going to allow for lateral movement at all, then we're in trouble. We've got to do better at containing and better responding."
He concluded, "If that means taking some of the spend away from prevention in order to do that, that's probably going to allow us to reduce the risk to our organisation overall."