Subscribe to the Next Level BizTech podcast, so you don’t miss an episode!
Amazon Music | Apple Podcasts | Listen on Spotify | Watch on YouTube
Transcript is auto-generated.
Josh Lupresto (00:01)
Welcome to the podcast designed to fuel your success selling technology solutions. I’m your host, Josh Lupresto SVP of sales engineering at Telarus And this is Next Level Biz Tech.
Everybody welcome back. We are here still in, you know, security awareness month, October, spooky, scary, lots of good, bad stuff, fun stuff to talk about insecurity. So ⁓ we’re down the track still. Shadow IT isn’t the villain. It’s about complacency and everything that that entails. So on with us today. We’ve got the senior director of security technology and strategy for Akamai, Tony Lauro. Tony, welcome on, man.
Tony Lauro | Akamai (00:25)
Thanks.
Hey, thank you, Josh. Thanks for having me on.
Josh Lupresto (00:46)
⁓ We got a lot of stuff. You guys got a lot of stuff to talk about at Akamai, so ⁓ we got to jump in. Walk us through, first of all, for anybody that doesn’t know you, just a little bit about your background, how you got into this role over time. I feel like I read something on your bio that you went to law school. Walk me through how we got here.
Tony Lauro | Akamai (01:07)
Well, I was going to go to law school. was studying law and then kind of figured out that somewhere along the way I was like, man, computers are really kind of a thing. You know, the internet came around, you know, maybe eight years earlier. And it was one of those things where I was like, you know, I really enjoy technology. I’ve always played on computers. We had a TRS-80 and a Commodore 64 growing up.
Josh Lupresto (01:36)
Yeah.
Tony Lauro | Akamai (01:36)
So
we had access to stuff because my dad was a nerd as well. So I kind of switched majors and started focusing on ⁓ connectivity, networking. And funny enough, early on in the late 90s, I worked for a US-based telecom provider. And I was like, who are our security people? And they’re like, well, it’s the gray beards, the Unix guys, right? Now the irony is now I’m becoming a gray beard in my older age.
So I was like, well, let me do this. Let me make like a bi-weekly meeting ⁓ that goes over all the hardware that we have within the company and then all the software revisions that are on that hardware. And let me compare it to bug track that just came out and let’s identify if there’s any glaring vulnerabilities in the services and the software that we’re using. ⁓ did that and kind of, I was like the security,
awareness person for a little over a year. And then we had an attack and they’re like, who’s the security guy? They’re like, Tony. So I got to triage the attack and build out kind of the response plan, or I was building out the response plan kind of loosely before then. ⁓ And that’s kind how I got into security. So I’ve been doing cybersecurity and operations since the late nineties and ⁓
This is just something I’m passionate about and I love talking to people about it.
Josh Lupresto (03:06)
love it. ⁓ Walk me through a lesson learned, right? In these last 10 years, back then, mean, whenever, just either a lesson that you’ve had that maybe a great mentor has given you or something that you went, man, I gotta not do that again. I’m not gonna forget that. Give me some lessons you got.
Tony Lauro | Akamai (03:24)
Yeah, you know, I think one of the big lessons, and I think this is a lesson for all of us really, is the idea that you’re going to get distracted. You’re going to get distracted with ⁓ the latest news in the media, maybe even the latest technology. ⁓ But the hardcore truth is that the basics and understanding the basics and really focusing on doing those well and doing those right is probably the number one.
lesson I’ve learned over the years. ⁓ Cause you can, you can spend a lot of cycles trying to, you know, be up with the latest and greatest, or you can really focus on doing the basics right. And lots of times in life in general, that’s a really great methodology to follow.
Josh Lupresto (04:12)
I like it, I like it. It’s the same one, we ⁓ had a great sales trainer ⁓ guy, motivational speaker come in and he was Kobe Bryant’s ⁓ guy for a little while. And that was one of the things he would constantly ask Kobe Bryant, like what are you doing? Why are you always doing free throws? mean you’re like the number one guy in the world right now. And that was the exact same thematic. was if I can’t be good at the basics,
why would I practice a dunk or why would I do this if I can’t get a free throw right or if I can’t get a jump shot right? So I love that. You get distracted. Great, great theme. ⁓ Okay, so when we think about complacency, we think about shadow IT, we think about all these things, right? Inevitably, ⁓ customers need help with the technology. That’s why we’re all here. And you guys have a ton of stuff. As I was trying to think of…
Tony Lauro | Akamai (04:44)
Yeah.
Josh Lupresto (05:04)
Okay, what do we want to talk about? went, all right, I got to figure out how to whittle it down because we only have so much time. So let’s establish, I’ve got three things that I want to start to unpack a little bit within your guys’ tech stack, but let’s take into consideration for a second that people already know you for two great things. You guys have an incredible CDN platform, DDoS, web application firewall, that’s known, and maybe I’ll have you seed that just a little bit.
But there’s three things that I want to talk about here, and maybe you can kind of set the stage. I want to talk about micro segmentation today. I want to talk about an offering that you guys have called Linode and about AI security. So set us up a little bit for the foundation for anybody that doesn’t know who Akamai is, how you’ve gotten to where you’re at, and then we’ll move into some of these products.
Tony Lauro | Akamai (05:56)
Sure. ⁓ You know, it’s an interesting story. was a research project based out of MIT ⁓ in the late 90s. And the idea was, how do we solve the worldwide weight? And that means you open up, you get online, you go online, ⁓ and then you dial up a website and you go make a pot of coffee because it took so long for everything to load. So the original founders of Akamai
built out a content delivery network, which puts servers closer to where all the users in the world are. Now, the interesting aspect that came about pretty quickly is that if I’m going to a popular social media website and I’m in Singapore, I’m going to hit and knock on my edge server right down the street from me in a little colo building. There’s probably a stack of a couple thousand servers there. ⁓
But the attackers, if they attack that social media website, they’re hitting the servers right down the street from them geographically. So this was a very quick kind of turnaround where we said, man, if someone’s attacking a website that’s on Akamai, the security policy for that website can be enacted before the data request ever leaves the local geography that the request begins from. So when you think about this from a web application security perspective, ⁓
Doing web app inspection is slow. Well, not if you distribute it across hundreds of thousands of servers around the world. And DDoS, man, DDoS is massive. You’ve got this funneling effect of all these pipes coming down into one and then causing an outage. Not if you can stop those attacks where they began instead of letting them, ⁓ you know, kind of build and funnel. So that was kind of the founding, you know, kind of idea around the security stack of Akamai.
And then as you kind of see how, you you probably say, man, if you guys are seeing, we see about a third of the world’s web traffic every day. So we’re gathering telemetry and intelligence. Who’s attacking who, are they doing it in a novel way? Is it something we’ve never seen before? Or can you gain insights about an attack against someone else when they come to your front door, you already know about it because there’s a shared collective intelligence. ⁓
So when you start looking at micro segmentation as a little pivot here, you say, what kind of threat intelligence can we gather and identify about how the devices in your environment talk to each other and create a policy map around that so that if something were to happen, like you accidentally click on a malicious link ⁓ or execute malware, we can immediately identify this looks different based on all these other ⁓
Josh Lupresto (08:17)
Yeah, yeah, yeah.
Tony Lauro | Akamai (08:41)
pieces of information we have, and then kind of limit the scope of the expansion of that bad effect in your environment. So if it’s malware, only infects one machine. Ransomware infecting one machine is a lot harder to say, give me a million dollar bounty, ⁓ versus if it affects, you know, 3000 of your servers. Yeah.
Josh Lupresto (08:59)
Well, let’s think about that, right? So for
the advisors that are listening, ⁓ maybe they’re walking into somebody that has a very limited security team or has just antiquated security. So let’s think about maybe what you see commonly. Maybe we get into an example here, but I want to think of, what is micro? Some organizations might not even understand what micro segmentation is. They might say like, well, you know, we got some cool Cisco gear and we put a VLAN up and
The accounting server is not on the same server that the guest wifi is. Isn’t that micro segmentation? Is that enough? So maybe walk us through why that’s not enough to your point. think you were starting to go there a little bit. And then maybe is there an example that we can kind of think through of, here’s what they had. Here’s why that didn’t work. And here’s what this did.
Tony Lauro | Akamai (09:49)
Yeah, the main problem with traditional segmentation techniques is usually around VLANs and separating devices logically across different network IP space. And then maybe creating rules that say this network can’t talk to this network, right? ⁓ The problem with that is one, as environments grow and get more complex, ⁓ the…
the logic in which you start doing that separation starts to break down. For instance, ⁓ if I am a pen tester, so I’m simulating the hacking technique, right? I get into the network from your computer, Josh, because I tricked you somehow. Sorry about your luck. ⁓ And then, yeah, right? And then now I have access to do what your computer can do on the network. So I might not be able to talk to the finance servers.
Josh Lupresto (10:33)
Click on the link, always the click.
Tony Lauro | Akamai (10:44)
But the finance servers use a shared database that one of the apps you use also communicates with. So now I go to that database server, I get access to that, and now I talk to finance. This is how red teams move across networks. And generally speaking, I’ve actually heard it put this way. ⁓ Attacks happen so easily within a network, not because of the squishy inside and kind of, ⁓ you ⁓ with the soft gooey center or the soft chocolate center.
example, but because devices talk to each other within the network, because that’s how business gets done, right? You can’t not have the devices talk to each other. So the attackers really just follow this logic by scanning, seeing what you can already talk to, compromising, and then re-scanning, right? ⁓ So micro segmentation, specifically software defined micro segmentation, ⁓ puts an agent or some kind of visibility on each of these workstations and each of these servers.
And it builds out a map. What is the normal communication process look like, Josh, from your computer, the app that you use, ⁓ even down to who started that process on your computer, ⁓ talking to that database server or from a server perspective, ⁓ how did that device, you know, how did those services start up? Who’s connecting it to it? What resources, shared resources does it connect to? And then it creates kind of a visual map that you can now create policy around.
that says, hey, we know this is how these applications actually work. Because come audit time, I’ve been this person where they’re like, hey, the auditors are coming in. Where’s our application data flow diagram? And then I’m usually kind of going through my notes. like, ⁓ I have a Visio diagram I built six months ago when the app was deployed. And that’s all I have as far as documentation. So from a visibility and observability perspective, ⁓
Having a live view of how devices talk to each other and an auditable view gives you lot more leverage to really create meaningful policy as opposed to just kind of hoping that what you put in place at one time continues to work over time.
Josh Lupresto (12:55)
Awesome explanation. ⁓ Let’s put a bow on it with one question. Everybody loves, everybody that listens to this loves the discovery questions, right? So let’s presume that I got some customers in my base that have some antiquated security, know, maybe they think their Cisco ASAs are enough, even though they’re 19 years end of life. ⁓ What’s the discovery technique where we know there’s lack of segmentations, there’s maybe VLANs are enough kind of mindset.
Tony Lauro | Akamai (13:03)
Yeah.
Josh Lupresto (13:21)
If you’re giving a question to an advisor to then go ask to some of their prospects that have this, what is that golden question to uncover?
Tony Lauro | Akamai (13:29)
Yeah, I mean, first of all, I love Cisco ASAs. They’ve done an amazing job. So can’t knock them. But I think a good discovery question is if you were to be audited right now and I were to ask, show me how everything on your network talks to each other and start at the network port and protocol level, then go to the application level.
And then go down to the process level and make, you know, make sure that the SVC host that EXE in your, in your, your server is spawned by a proper, you know, DLL, a proper process instead of a malicious malware process, right? That’s been embedded there. If you can’t tell me all of those things, you don’t have the observability of your environment. You’re kind of looking for the problem based on the bad effect that the problem creates in your environment.
instead of proactively being able to identify that there’s a problem. I think that’s kind of the, it’s really kind of like, show me, you know, cause the moment we do like a proof of concept or a proof of value with this type of technology, that the, you know, the brain starts turning and the eyeballs open up real wide. They’re like, wow. I mean, just the discovery process has shown me so much more than I currently have visibility into. mean, that’s a huge draw for, for customers to be able to see that.
Josh Lupresto (14:57)
Yeah.
Tony Lauro | Akamai (14:57)
And it’s useful because now you can actually do something about what you didn’t know was there.
Josh Lupresto (15:04)
So as my kids would say, if your auditors come in and you can’t do this, you’re cooked. So I love, I love you. I love your question. Awesome. All right. Let’s go on to, let’s go on to the next product here. Talk to us about what Linode is. How did that come about? Where does it fit? What does it do? What’s the problems that it solves? All that good stuff.
Tony Lauro | Akamai (15:09)
You’re so cooked. For sure.
Yeah, so Linode is a ⁓ Occamize cloud delivery and compute platform. And the way that this came about, ⁓ we acquired Linode a few years ago, and it was kind of built on a problem set that Occamize wanted to solve itself. We’re a big multinational company. We’ve got over 12,000 employees. ⁓ We needed to build our apps to be highly performant and highly secure, closest to where the users that were using it actually lived. ⁓
And we ran into some problems where, you you say, Hey, we’ve got these compute regions. We’ve got an East coast and a West coast compute region with our other cloud provider that we were using. And then something happens to the East coast region. And everyone gets, of course, thank God everyone gets failed over to the West coast for delivery, right. And for their apps and everything, if you built it that way. So one, you have to contract for all those availability zones.
But two, now your East Coast users are going traversing the whole country all the way to the West Coast ⁓ for that app to function. And that created a lot of issues. So we saw a really great opportunity to say, what if we were to have a cloud platform and compute platform built on the backbone of the Akamai delivery platform? So we’re already serving, you know, the…
the Olympics, the NBA Final Four, all the biggest media events in the world go across Akamai. If your kids download games where they’re building a wall while they’re battling each other, that game gets delivered across Akamai, right? So these are real great opportunities for us to say, we could build a cloud delivery platform and compute where customers can build their tools and their apps that they want to build.
across a platform that is ⁓ geographically ⁓ diverse. So instead of having two availability zones, for instance, in the US we have seven and soon 12, right? So that when you’re building something, your users can get access to that ⁓ and your customers obviously as they’re building their apps and building their edge compute ⁓ and all their virtualization, everything they wanna build, it can be done so.
on a platform that’s a lot more diverse and a fraction of the cost. Let me not forget to mention that part.
Josh Lupresto (17:51)
So should we be thinking of you as the same way we think of a traditional infrastructure, hyperscaler play? Do you want to be thought of in that? hey, think of us for this, but we have all these other things that you’re inevitably going to need because we’ve got vertical integration across the board. Is that how you want advisors to think of you beyond what they may know as a CDN, WAF, DDoS, you those kinds of things.
Tony Lauro | Akamai (18:10)
Yeah.
Yeah, that’s absolutely right. You know, the idea of Occamai as a platform and as a partner, ⁓ you know, with the advisors as they’re building out these relationships with their customers, we can do so many different things. It doesn’t all have to be done at once. As the company that you’re working with matures, we have capabilities that can help them mature along with that process, right? ⁓ And yeah, as we look at the risk on the internet, right, if you use the internet to run your business,
⁓ It’s not there for your business. It’s a public platform, right? So all the things that come along, the risk that comes along with the internet, we can share telemetry with the biggest company in the world that we’re protecting and blocking attacks for. You can take advantage of that. When that same threat actor comes to your front door, you can say, we’ve already seen it. We’re just going to drop that traffic on the floor and not even have to deal with it. So that collective intelligence is part of that story as well.
Josh Lupresto (19:11)
love it. let us not only let us help you build the infrastructure, but let’s leverage the power of the laugh with the WAF leverage the power of the segmentation. So let’s block these threats before they even make it to any considerable part of your core infrastructure. It’s a by the way, we blocked this for you, you can still go on your lunch meeting. You’re welcome. Here you go. Your life would have been really hard without this like flex. I love that.
Tony Lauro | Akamai (19:37)
Yeah,
that’s the idea. Instead of the 2 a.m. phone call, you see a report the next day that says, hey, we blocked one of the largest attacks we’ve ever seen and you never even heard about
Josh Lupresto (19:47)
I love it. All right, final product here. I am under my quota for today. I know we’re recording this early in the morning, so I’m under my quota today for the amount of times I’ve said AI. So let’s talk about AI security. You guys have a ton here. It is pretty unique, and this is a thought that’s on everybody’s minds, right? We’ve got agent kits, we’ve got open AI doing product releases, we’ve got all these other guys doing product releases. This thing is moving a thousand miles an hour, and everybody’s trying to build, trying to design.
we’re helping people design left and right. So from a AI security, what is the play with Aqaba?
Tony Lauro | Akamai (20:25)
Yeah, the play, mean, you’re right. Everyone’s talking about AI. At RSA, a couple years ago, maybe people were talking about Zero Trust or SASE, ⁓ but you could throw a stick up in the air at RSA and it would come down and hit a person in the eye. And it’s almost a hundred percent guaranteed that that person would have been talking about AI when that stick hit them, right? ⁓ It’s wild. But what we found out, kind of building out this technology, talking with our customers,
⁓ we found out that security around AI is not a new problem, right? It’s not a new problem to solve. You look at the concept of just say you have an LLM in the background. This is the database, a data set, and then you have a user interface, maybe a chat bot. This sounds a lot like SQL injection, right? I can make a request into a database. And if you don’t sanitize that input and validate the output that comes out.
there’s your SQL injection. Now I got access to something I shouldn’t have access to. So Firewall for AI, which we’ve developed, sits in front of a large language model and it watches to sanitize those inputs. Is this request, does it look like you’re trying to bypass guardrails? Does it look like you’re doing something malicious in nature? ⁓ And by the way, all these data sets have their own guardrails.
but at the generative red team hacking challenge at DEF CON, DEF CON 30, so three, four years ago now, the average time to bypass guard rails was 42 seconds. you know, not gonna put any context around that, but needless to say, additional security is probably needed, probably a good idea. So watching the input that goes into the input request that goes into the dataset. And then of course, upon response.
Am I getting a valid response? Am I getting a response that’s leaking PII information? So you can identify the PII that you don’t want to share, the content types, et cetera, and say, this looks like whatever happened in the front end that we didn’t catch, we’re going to catch it on the response back to make sure we’re not sharing ⁓ sensitive data. And you can also have it look for things like hallucinations, toxic responses, sometimes tricking a data, an LLM into saying something,
malicious in nature. Heck, know, big airline in the upper North America region, they had someone trick the chatbot into quoting them $0 for an itinerary. And they legally had to honor it because that is a legal entity of their business. Right? So there’s a lot of manipulation that can happen. And Firewall for AI sits in front of those systems and validates the input. And then also watches that output, that response to make sure that it’s legit.
Josh Lupresto (23:14)
I like this because everything is about trust. And to your point, like you talked about earlier, micro-segmentation, ⁓ you might wanna get in and then try to find the accounting server. You can’t find the accounting server, but you know that the accounting server trusts my user, so go after me, or go after this other thing that has a system of trust. Seems like AI, to your point, foundationally, than all the other problems, it’s not any different. But where I think the opportunity in lies here, I think of things like this,
And our advisors listen to things like this and go, okay, who do I talk to about that? Like, who really needs that? Is that this customer? Is that that customer? And I think it’s kind of like when we started, early on when we started the security practice, we would talk to end customers that partners would bring us into, and they would say, I’m not big enough. I’m not a big enough customer to care about, you know, ⁓ needing this MDR thing. Like, isn’t Norton enough? Or isn’t McAfee enough? You know, that kind of thing. Like, signatures are great. And the reality was, no.
Tony Lauro | Akamai (23:53)
Yeah.
Josh Lupresto (24:13)
If you have an IP address or you fog a mirror or you’re on the internet, you are a target, right? And so taking that’s a, I took a mindset shift for that and it was a very slow and methodical journey. And, and now I think AI, what, what are your end customers? Put yourself in the shoes of what your end customers are after. They’re after getting more daily active users on their platform, more monthly active users, more customers, however you want to frame that up. And how do you get there? You get there with speed, you get there with rapid development.
and you get there with whatever you got to do to get people on the platform and do consumption and use your minutes, right? Everything has been driven about consumption. So are there great tools out there that help label and classify data? And we talked about that a lot and we’ve sold a lot of those deals. Absolutely. To your point, who’s checking the math? How do we check the math now on somebody’s, I built a great chat bot, I didn’t have one before, I’m so excited about my chat bot.
Tony Lauro | Akamai (24:48)
Yeah.
Josh Lupresto (25:07)
and my chat bot has access to my knowledge base and my database and my tooling, I’ve got to imagine that this is kind of a fit for everybody. If your customers are chasing AI and they’re being told and you’re helping them how to implement AI successfully, it just feels like this wedges into every one of those conversations, doesn’t it?
Tony Lauro | Akamai (25:27)
It does. And you know, like I mentioned, the, first venture into ⁓ AI for most companies has been chatbots, right? Cause it’s easy to consume. It’s easy to figure out what that use case looks like. Hey, I’m going to offload requests to my help desk, ⁓ to my, ⁓ my call center. And when you have a chatbot answering questions, ⁓ it kind of simplifies the, the human workload within the organization and that saves money.
Right. ⁓ so I think that’s kind of the interesting case. Of course, there’s a lot further developments that are going to be happening in the future. ⁓ you know, you’re, ⁓ a mortgage company and I, ⁓ send a document to someone who’s buying a house. They signed the document, they send it back. ⁓ can I validate that when they upload and send this document back that they’re not doing anything malicious that
You know, all the required areas are signed, et cetera. Right. So there’s a lot of different kind of use cases and different businesses that these are going to start to, that firewall for AI is going to fit into. So it’s just, it’s all about the evolution and, building the foundation. Like I mentioned before, building the tool to work on behalf of the user, instead of just saying, here’s a hammer, go build a house. It’s like, here’s the framework, you know, they’re ready built walls.
you just connect them together, that kind of thing. So we’re trying to take the heavy lifting away from the customer and provide them a platform where they can modularly build out solutions with great technology to solve all these different issues.
Josh Lupresto (27:09)
⁓ As we get to the final couple thoughts here, I want to get back to this theme. We’re talking about it, but this theme of shadow IT, this theme of complacency. So we’ve got rogue tooling that if we think about what our end customers are dealing with with all their employees, things like that. So think we look at, as we look at AI in the future, we see the bad guys are using this the same way the good guys are using it. So how does, when you think about the next gen threats,
and you think about our customers, our partners, their customers, where does complacency creep in? Like how would you advise the advisor to think about your customers and complacency?
Tony Lauro | Akamai (27:53)
Yeah, you know, actually, it’s kind of funny that that’s the theme. Because for years, I’ve had people say who’s Akamai biggest competitor, and I would say complacency, right? It’s basically thinking, I’m doing enough already. This is not a problem. Why would they attack me that kind of situation? Right. ⁓ I think ⁓ the first example of how AI is being used from by threat actors would be AI based bots. Right. So the idea.
that ⁓ attackers can use bots to run automated scripts to do things that they want to do, ⁓ didn’t really become as difficult of a problem to handle until most of the requests on the internet were API driven. So APIs are, if you have your favorite Black Mirror device, when you hold it up to your face, that’s sending an API call.
back to authentication service, back to any app that’s updating, it’s all API calls. In fact, almost every call out from an LLM calling to different model repositories, et cetera, is an API call. And APIs are used because they’re lightweight and they’re built for automation. What attackers love to do is use AI to interact with this automation. We’re already expecting it. So identifying and having efficacy of how you identify what an AI bot is trying to do.
against an API that’s already expecting to see automated requests is a very interesting. It’s almost like a change in scope, a dichotomy of, ⁓ you know, threat actor techniques and, ⁓ defender responses. Right. So that’s one big area. The other big area, you know, when you think of the old school Nigerian Prince scam email, you know, I’ve got $11 million. I want to move it to the United States.
You’re the lucky person in Nebraska that I’ve picked out to help me get this transfer going. Nowadays, I can say, Josh, I’m going to scan LinkedIn. I’m going to see the people you’re friends with. I’m going to compare that to your Facebook and say, oh, you went out on a golf outing with Tony and a couple other people. I’m going to now reach out to Tony and say, hey, this is Josh.
Remember we went on that golf thing, we did this podcast together. I just need a little bit more info for something else I’m working on. Do you mind sending me blah, blah, blah? Right. And that the, again, having the telemetry to create those connected, those connective tissues around your storyline now makes the Nigerian Prince scam seem, you know, archaic. Now I’m going in with rich details about relationships and friendships and all this stuff. And attackers are already doing that.
And you can jump forward months or years and say, ⁓ someone heard you on a podcast, they took your voice, they synthesized it. Now I’m getting a phone call that as they talk, it translates into your voice and it sounds even more real, right? I mean, there’s a ton of stuff going on there, but ultimately to your earlier point and to the point at the start of the show, ⁓ the basics, the basics are.
Are you doing, are you practicing security awareness? Do you understand when something seems out of bounds, out of sorts, why would you ask me to send you $3,000? Unless it was for a really good reason. And do I have multiple means of validating you are who you say you are, or this is a legit situation without having to do it in a rush? Because attackers always make it seem like a rush.
so that you don’t have time to think, right? So the basics still have to be handled even when the technology changes.
Josh Lupresto (31:39)
Yeah. Yeah.
I love it. Final thought then here to kind of close this out. What is on the Akamai roadmap? Staying ahead of what’s next. This stuff is moving so fast. Where do you want us to think about over the next six to 12 months? Anything different? Same things to focus on? New products coming? Close it any way you want.
Tony Lauro | Akamai (32:05)
Yeah, you know, one of the big things that has been kind of an operational challenge for most customers ⁓ on the internet is I’ve got all these tools and they’re all best in breed tools from great vendors that do great jobs, right? That’s not the question. The question is when I’m doing security and I bring in all those security logs into a centralized location, into my SIM or log correlation tools, ⁓ and this vendor says,
this is a bad risk, the risk level is 10. And then this other vendor says, this is a bad risk, the risk level is magenta. And the other vendor says, this is a bad risk, the risk level is F, you’ve got an F. Just the operational task of bringing that data into a backend and trying to sort out and normalize what the risk levels are is a huge problem. I don’t know anybody that’s talking about that. Maybe some hardcore, know, ⁓ SIM vendors are.
⁓ but when you think of delivering security as a platform where customers have access to all these different tools, ⁓ and they can build out in a modular way, the right stack of security that they need. And, yeah, all the telemetry for threat intelligence is shared across those tools. That is a huge operational, ⁓ hurdle that, ⁓ that Akamai has been working on for quite some time. And we do a really good job of.
of doing that for our customers. So that’s on the operational side. I think on the future side, I think the idea of AI and its development, sharing threat intelligence across the different tool sets, you I already mentioned, but when you look into all the different areas that you have to slice and dice and get observability into before you can make a rational business decision, that’s the other avenue that companies don’t have a really good handle on.
You don’t, know, you well, you probably want to be surprised, Josh, but how many companies just say, yeah, we lose a hundred thousand dollars a month based on this, but ⁓ we don’t want to curb it because the user experience could be negatively affected and it’s worth it to us. Right. So the risk tolerance is different for different organizations, but being able to zero in and narrow down on working as a partner with these companies to, ⁓ to fix those problems that they’ve long.
thought were unfixable, that’s our goal for the future.
Josh Lupresto (34:39)
I love it. Great place to wrap it. Tony, awesome stuff, man. We could go on for a while. There’s lots of things to talk about here, but I appreciate you coming on, man. Great stuff.
Tony Lauro | Akamai (34:46)
yeah.
My pleasure, thank you. Thanks a lot. This was a great conversation and ⁓ I hope the audience gets a lot out of it. So thanks for having me, Josh.
Josh Lupresto (34:57)
Love it. All right, everybody that wraps us up for today, as always, don’t forget, these are dropping every week, middle of the week, early morning, whether you’re on Apple, you’re on Spotify. Don’t miss out and use these tips to talk to your prospects, your customers, and let us know. Leave us some comments, let us know what works, and good stuff for today. All right, that wraps us up. Senior Director, Security, Technology, and Strategy at Akamai, Tony Lauro. Today’s episode, Shadow IT Isn’t a Villain, Complacency Is. I’m your host, Josh Lupresto
Till next time.