Ankush Johar
Director
HumanFirewall, headquartered in London, having its offices in Dubai, Singapore and India, is a 3rd generation Phishing Simulation based Security Awareness and Training Platform. According to a report published by Verizon, more than 93 percent of data breaches reported globally originated at the human layer. HumanFirewall has been combating this problem statement since it's existence. Let us put some light on its unique approach in the security awareness space and how the market has responded to their strategies.
In conversation with Ankush Johar, Director, HumanFirewall
How does HumanFirewall differ from any other security awareness provider? How difficult is it for an organization to build their in-house security awareness strategies?
Phishing-based security awareness and training platforms can be termed as thermometers offering a point in time reference to preparedness. They treat symptoms of risk. HumanFirewall on the other hand, attacks the disease, being fully designed to remediate real cyber-attacks alongside driving measurable uplifts in awareness and preparedness across the enterprise. HumanFirewall enables Security Operations to mitigate attacks across the enterprise in seconds. This is driven from a deep understanding of security operations and by providing analysts with automated investigation intelligence to enable accelerated fact-based decisions, coupled with orchestrated remediation at the touch of a button.
HumanFirewall leverages machine learning alongside a gamified approach to develop awareness programmes that are specifically tailored to the individual user, providing a dedicated awareness pathway for each user. Not only do you gain clarity and significantly enhance your cybersecurity preparedness, but also the capability and effectiveness of automated security operations. True end-to-end cybersecurity lifecycle management.
There have been numerous email phishing scams in the recent past where dangerous malware has been
installed at an organization’s system. Give a concise idea about the ways in which HumanFirewall tackles problems like these?
The problem is twofold. Firstly, we aim to address the problem of human weakness in cybersecurity. Through no fault of their own, humans are the easiest target in the attack chain. HumanFirewall drives a positive psychological and behavioural shift in the human layer of the organization. To change humans from the weakest link into a core control, where one vigilant user can protect the entire enterprise. This is achieved through individualized awareness programs designed to create and embed a culture of alertness and reporting.
HumanFirewall automatically provides security operations teams with all the information required to respond to the threat
This, in turn, creates a second problem of increased demand upon security operations teams. Our solution utilizes automation and orchestration to alleviate the demanding overhead and enable accelerated fact-based decision and remediation at the touch of a button. HumanFirewall automatically provides security operations teams with all the information required to respond to the threat. This includes orchestration of IoCs to other controls across the enterprise to increase the umbrella of protection. These IoCs can also be orchestrated to collaborative intelligence partners and suppliers. Process optimization through automation and orchestration coupled with a tangible uplift in awareness and preparedness is the very heart of HumanFirewall.
Maintaining an interesting engagement level with the users has been a challenge with educators throughout. How does HumanFirewall deal with it whilst being a promising solution for the security teams as well?
Other products that focus on security awareness and training through phishing simulations are 1st and 2nd generation tools as they train the users and measure their performance on their dashboard. We, on the other hand, have taken this to the next level, i.e. as a 3rd generation tool. The points that differentiate us from our competitors are:
• Gamified Learning Approach: Our researchers and previous reports state that the user engagement on security
awareness training was very low. Hence we’ve transformed our training content into videos (multilingual), quizzes and easy SCORM compliant material that focuses on user-friendliness and interest.
• Remediation of Real Attacks: Our dashboard empowers employees to report suspicious activity and enable the administrator to take actions by going through threat intel automatically provided by the dashboard and save the entire organization in seconds. Automation by setting certain rules on the dashboard can also be done.
• HumanSOAR: A 360-degree protection can be achieved as HumanFirewall broadcasts the threat intel to all other cybersecurity investments done by the organization like Network Firewalls, Anti Virus, SIEM, Email Security Gateways and ensures that malicious entity is not trying to attack from any other channel.
• Federation in the CyberSecurity Community: As soon as the dashboard picks up threat intel, it is federated amongst all our customers and cybersecurity communities as a blacklisted source to safeguard them through precautionary measures beforehand.
• Native Integration with O365 and G Suite: HumanFirewall can be natively integrated with G Suite and O365 amongst other major Email Service Providers. Human Firewall can also be implemented on-premise, for organizations that have in-house data centres.
You have to keep up to the pace in obliterating every new type of challenges occurring in the cybersecurity space. How is the current position prepping the organization for future endeavours?
HumanFirewall currently has more than 250 customers globally across all industries and is growing rapidly ever since its existence. Our customers include global industry leaders in Retail, Banking, Insurance and E-Commerce sectors. We have testimonials from our customers terming HumanFirewall to be the “best in class” product as we constantly innovate and add fresh content to our product on a monthly basis. HumanFirewall also raised a seed funding from Infosec Ventures, a UK based cybersecurity venture fund, focused on solving big problems.