What real-time code detection solutions have you found success with?

ExtraHop does endpoint installs and other things. They can take an action but the policy and initiating that action can be cognitive labor that says there's a compromise. Then I have 10K nodes that I'm going after right now, locked down because I have zero trust, and I have an actionable thing to do something about it. To me, there's just no other way to get your arms around it because it's so big.

There has to be a system to say everybody's compromised, so I'm going to contain it and make sure I put that policy in so I'm able to scale. That's where digital labor becomes so critical. The manual processes, the people that are going to do X, there's no way in hell that's going to scale. With IoT, the devices that are attached out there are going to be in the 100 billions, but the censors behind it will be a trillion. How do we scale to those numbers?

That's less than 10 years away, it’s happening right now. So there's a way to approach this, from a technology standpoint, that is different than we do today. Because with a castle and moat structure, a compromise won’t be found for a while. And then of course, they have the keys to the keys. They can generate their own keys and will appraise any system they want.

We've been prototyping and testing Rapid7 and we like them. On the application security side, the code side, they're definitely good. We did find some false positives and you always run into that challenge early on when a new product is being launched. The piece that we have really focused on is automated penetration testing. That's become a key area for us: you no longer want to rely on Point-in-Time Assessments of what happened 1-6 months ago. There are a lot of technologies out there now that are doing a good job of continuous testing. We have pretty good control because our repositories are secure. There is a workflow around authorization in terms of how code gets deployed, 2% have to review it so there's manager approval.