Alex Hesterberg, CEO of Superna, speaks with Mark Johnson, Chief Growth Officer of CoStrategix, in a video interview about transitioning from a reactive to a proactive approach to cybersecurity, AI’s growing role in cybersecurity, training AI to detect subtle threats, enhancing integrations, and empowering existing tools.

Superna is a global leader in data protection and defense for cyberstorage and hybrid multi-cloud.

From reactive to proactive: automation, intelligence, and incident prevention in data security

Hesterberg notes that many organizations operate global teams and often rely on managed security service providers to oversee their security posture. He mentions that his team has worked closely with the integration partners to bridge visibility and response gaps between systems.

“We’ve worked a lot with integration partners to figure out what they know and what we know, what they see and what we see, and how we can best come together from a technological and automation perspective, to make incident management more automated and easier when something does make its way to the storage layer.”

Delving further, Hesterberg says that the first step was to bridge the gap via automation, allowing trained teams to take incident response measures and equipping teams with the right tools.

Addressing the first gap, he mentions informing security orchestration platforms (like SIEMs, SOARs, and XDRs) in real time when a threat is detected. For the next step, Hesterberg discusses having bidirectional integrations with top-tier security companies, through which they can be notified of threats and take action before anything reaches the storage layer.

This proactive approach, he explains, shifts their position in the security lifecycle: “Now we’re not responding with a very tiny blast radius and instantly recovering. We are officially left-of-the-boom; we are now ‘the incident never occurred.’”

Next, Hesterberg reveals that the next wave of innovation focuses on leveraging the unique visibility his company has in terms of how critical data is accessed. “We have a keen understanding of where your critical data is and what users, what servers, and what services access that data.”

From a scanning, patching, and upgrade standpoint, Hesterberg shares that large organizations often face the daunting task of addressing hundreds or even thousands of systems flagged for vulnerabilities daily. To help streamline this process, he says that his team is working on a new capability that integrates with the tools these enterprises already depend on.

This upcoming feature will surface, in a prioritized way, the specific servers or services that interact with an organization’s most critical data, highlighting the assets that matter most.

By narrowing down the list, Hesterberg notes, teams can focus on the most potentially dangerous exposures first.

Instead of trying to patch everything, he says, “If you know the 15, 20, or 50 that are most dangerous, potentially most dangerous, you’re going to prioritize them.” This valuable insight is based on data his company already sees and will soon start delivering directly to customers.

AI’s growing role in cybersecurity

Speaking of the future of cybersecurity, Hesterberg steers away from long-term projections. Instead, he focuses on the near future, suggesting that over the next two to four years, AI will deliver significant cybersecurity advancements. “We’re going to see a massive cybersecurity benefit from AI.”

Adding on, Hesterberg acknowledges the concerns surrounding AI’s potential misuse, especially the speed and scale at which threats could emerge. “Things could be just launched instantaneously all at the same time. And if you’re not watching for the actual attack, if you think you’re just going to be in a recovery mode, that doesn’t work when you get hit seven times in 40 minutes.”

He cautions that solely relying on recovery strategies isn’t viable in an age of rapid, repeated attacks: “You can’t be in recovery mode all the time. You might be in perpetual recovery mode.”

However, Hesterberg says that while the risk of cybersecurity threats increases, he is looking at the AI opportunity as a chance to not only combat it but also get better all the way.

Hesterberg explains that his team has been working on AI models designed to operate directly within a customer’s environment. These models are being trained to recognize and predict slow-moving, subtle threats such as gradual data exfiltration or long-term malicious activity, he adds. Unlike attacks that happen in a single burst or exploit a zero-day vulnerability, these threats unfold over days, weeks, or even months.

The goal, Hesterberg says, is to use these models to identify which users, services, or hosts exhibit behavior that aligns with those slow-burn threat patterns. This requires processing and correlating large volumes of behavioral data, using both small and large language models.

He notes, “That’s a difficult thing to be able to predict unless you’re looking at a lot of data, a lot of behavioral data.”

Enhancing integrations and empowering existing tools

Another way to look at it is as an indicator of compromise, says Hesterberg. He says, “We consider it another way to see indicators of compromise, which then allow us to capitalize on the integrations we’ve built into the SIEMs and the endpoint protection capability providers.”

By providing detailed, actionable data to these platforms, security and managed service providers can become “smarter and more intelligent more quickly” about their environments.

Ultimately, it boils down to automating as much as possible, says Hesterberg. “As quickly and as quietly as these attacks can happen, we want to just as quickly be able to respond and take advantage of all the automation investments our customers have made,” he adds.

Thereafter, Hesterberg states that there is no reason to bring another tool to the market: “We are not showing up saying, here’s yet another tool for you to manage.”

As he puts it, many of the customers may not even know the product exists explicitly because it is designed to work silently behind the scenes, surfacing relevant incidents directly within platforms they are already using.

He says, “They just know that there’s an incident popping up… telling them exactly what happened, telling them what the action taken was, and giving them all the information they need to kick off the workflows that they’ve been trained to go do.”

According to Hesterberg, security teams should not have to understand storage operating systems and storage teams should not be required to master complex investigation workflows.

Wrapping up, he states that organizations can capitalize on no new tools and automation, and the investments and training to protect their assets.

“That’ll be a big part of the next two to four years: more automation, leveraging of AI to combat increasing threats, and continuing to bridge this gap between security and the most precious endpoint,” he concludes.

CDO Magazine appreciates Alex Hesterberg for sharing his insights with our global community.