Transcript
Mike Matchett: Hi Mike Matchett with Small World Big Data. And we are here talking about the latest and greatest, especially some of the things we saw at RSAC 2025. Uh, we have Cyware here today and we're going to talk a little bit about threat intelligence near and dear to my heart. Being a former intelligence officer, how do you get intelligence on what's going on and what do you do with it? So just hang on. Hi, Jawahar. How are you doing? Welcome to our show. Jawahar Sivasankaran, President: Mike. I'm doing very well. Thank you. It's a pleasure to be here. Mike Matchett: Uh, so, uh, you know, we, uh, we got around to RSAC 41,000 people there, uh, you know, lots and lots of vendors. Sorry we didn't get next to you guys that show, uh, in order to see this, but we're catching up here as soon as we can. Uh, so let's talk a little bit about, um, what was going on for you, uh, at, uh, you know, this month in cybersecurity, you had some new announcements. Um, actually, before we even get into that, maybe you could just tell our audience what is the threat intelligence that you're covering? What is the, uh, the scope of that and why do people need it? Jawahar Sivasankaran, President: Yeah. Hey, Mike, listen, we operationalize cyber threat intelligence. That's what we do. I if you go back ten years ago, we've had organizations take, uh, an approach where it was not well connected when it comes to threat intelligence. But fast forward, uh, beyond the first generation of the tip platforms, threat intelligence platforms, this is where cyber truly stands out. Uh, what we do is we make customers. We help customers make sense of cyber threat intelligence. Uh, and truly operationalize the value that they're putting into their threat intelligence programs. Uh, and that's what Cyware we do. We also have an actioning component where we do low-code, no code orchestration as well as the response piece. Uh, but the core anchor, the premise of Cyware is we operationalize cyber threat intelligence. Mike Matchett: All right. So, you know, some of our audiences is very, very highly knowledgeable about security and cyber threats, but we've got some people out there who may just be starting to become aware of some of these things. So let's talk about threat intelligence a little bit. What are we what do we mean threat intelligence? Does it mean that we've got, uh, an event that happened like we might have in our SIEM, or are we talking about, uh, some some other, more sophisticated ways of looking at something going wrong? Jawahar Sivasankaran, President: Yeah, it could be a combination of any of those things, Mike. I mean, traditionally, if you look at it, you know, within the SOC, the security operations center, you had log management, then you had SIM technologies, then you had, you know, the kind of the first gen saw technologies coming in and help automate. But where customers, organizations, their focus right now is I want to take a more threat centric approach. And specific to that, this threat intelligence could come in any shape or form. So it truly depends on what kind of organization you are. This could be indicators of compromise. This could be IP based information. This could be domains. This could be dark web data, so it could be a combination of any of those things. But where we are taking this and where we are seeing is a convergence of traditional CTI. Some of the things that I mentioned, but also that CTI getting conversion to cyber threat intelligence, getting converged with exposure management, with digital risk protection, uh, and that's where cyber truly stands out in terms of how we are differentiating ourselves in the market, where we are offering a truly unified threat intelligence platform for our customers to get the right value from their threat intelligence investments. Mike Matchett: Yeah, because it definitely seems like, you know, people can focus and develop expertise in one area or another and create basically creating their own security silos, uh, which doesn't really help them. And one of the themes that we noticed, uh, happening here now in cyber security in 2025 is this convergence and break down of those silos in a number of ways, Like it's not it's not enough to start monitoring the dark web unless you're actually going to do something about it. When you find information. Right. It's not enough to find that there's a leaked credential, unless you have an ability to quickly do something about that leaked credential. Right. You have to bring it together. And I'm glad to see you guys are taking the lead in that. Um, so is that, you know, use a curious word. You know, we talk about automation, but you use the word actioning on this. Maybe explain like why you use the word actioning. Jawahar Sivasankaran, President: Yeah. Part of it is that you don't want to automate bad processes. The last thing you want to do is automate some something that's not right. And that could be false positives that you're seeing in your environment. Or maybe these are low priority events that you're you're automating. So focus for us is helping our customers with the right orchestration and automation strategy. And this is why we're super proud of what we've built with our orchestration framework with a low code, no code approach for the playbooks, and the other part with the action piece is we go and connect that back to our strengths, which is threat intelligence, right. So customers that do look at threat intelligence, they're able to look at threat intelligence. They're there, you know, do an enrichment. They're doing processing. They can do correlation all with the cyber platform. And then hey, there's the action piece that comes out through the orchestration and the automation. And that's how we bring it all together. Mike Matchett: I'm probably going to steal that from you. Start talking about Actioning. It's going to enter my vocabulary. And that's going to be something the word I use going forward. Jawahar Sivasankaran, President: A hyper orchestration along with Actioning hyper. Mike Matchett: Orchestration. Jawahar Sivasankaran, President: As. Mike Matchett: A. Jawahar Sivasankaran, President: As as a requirement to do actioning the right way. Mike Matchett: So you know what's coming next. You almost could probably you probably got this question a lot, because everybody at the show is also talking about AI and AI agents. And, you know, okay, it's you know, we can enable the human in the loop. How is how is that informing what you guys are doing? How is that affecting? You know, what you're delivering in your roadmap. Jawahar Sivasankaran, President: So Mike, so we have a clear focus on AI and a multi-agent strategy. So you can think of it as an agent AI strategy that we have in place. But what we didn't want to do is we didn't want to go out there and build another LLM wrapper to solve one, two, three, four specific problems. Right? Kind of the sock bots that you're seeing really prevalent in the marketplace. Uh, our strategy is to build a multi-agent strategy with, again, a true focus on threat intelligence. So we're we're taking a phased approach. So right now you've got a knowledge base that we have in place where you as a customer you can do NLP queries on any of the threat Intel information that you want to analyze. Right. So those are things that we have in place. But where we are building up our AI strategy is this multi-agent approach where again, you know, driving actioning again, driving, sharing of that threat Intel information or what we could do with that threat intelligence to enrich and correlate some of the things that you might be doing with existing investment that you have within your sock. So the approach we're taking is a lot more holistic in nature. Uh, and then the other thing, as I mentioned, is we're staying true to our roots, which is operationalizing threat intelligence. And then AI enables that, uh, versus going too far from who we are. Mike Matchett: Right? So you're not just selling. Hey, we got AI in the box. We're doing what we're doing, and we're gonna use AI to augment and enhance that in the best way possible. I like that. I like that. So, uh, so you've got a very unified approach to threat intelligence, and you've just added credential management to that in addition to some of the other things you do. Um, you know, you mentioned, um, on there, uh, and this AI thing coming along. Uh, tell me a little bit about, um, uh, where you see the market going. What was sort of the some of the big trends you heard at RSA, and why do you think those are significant? Jawahar Sivasankaran, President: I think definitely there's, uh, there's a notion of platformization that has come back, if you will. Best of breed versus platform approach. Right. You know, there's we've definitely seen, uh, a new, uh, seen some new energy getting injected into that argument going back and forth. And if you look at cyber Webair a small company, at the end of the day, uh, but we do have a platform approach, and customers are asking for a platform approach from us. Right? They don't want a point product. Uh, and right from the get go, that's kind of how we built cyber as a platform, right? This is a true platform that we're helping our customers with. So it's not just here's one point product that works in its own island, and the other product is not talk to product number one. Uh, so that platform approach is clearly something that we are driving into the marketplace. And that also aligns with some of the things that I mentioned with the unified threat Intel strategy. So that's clearly one thing that we're seeing. Uh, and then the adoption of AI is real, even though there is, you know, we're starting to see, hey, uh, there's there's, uh, there's a curve, a wave that we all have to go through with this AI adoption. Uh, but that is true for both leveraging AI for security As well as security for I. So we got to secure all of those AI systems that are out there. So from a threat information, we're clearly starting to see that it's still early days because those llms, those AI apps, uh, adoption is just taking off on the enterprise and the IT side. And that brings about new threat vectors that we've not seen in the past. So these are net new threat vectors that are focused on AI models or llms or applications. And again, cyber is right in the middle of that transition as well. So it's both security for AI as well as AI for security. Mike Matchett: Yeah I think that's going to be probably the interesting topic next year is once we have AI agents, how do you identify them? How do you secure them? How do you know what they're doing is the right thing to do, while we're also using as much agentic AI as we can to protect ourselves at the same time? So, uh, interesting. Uh, all right. Well, you know, we'd love to talk a little bit more and maybe see a little bit more of what what you're doing firsthand. But this is where we got to end here today. Joe. Uh, if someone wants more information on Cyware, they want to talk about threat intelligence, they want to talk about specifically cyber threat intelligence, how do you fold that in? How do you augment the existing tool suite that you have? What does it mean to be able to have intelligence added to the things they're already doing with logs and events, and the rest of it? Where would you point them at? Where should they start? Jawahar Sivasankaran, President: Mike, the best place is to go to Cyware.com and request a demo. Um, we'll definitely have somebody engaged pretty quickly with, uh, with you. Uh, and then we can go into different types of models for us to have an extended engagement. Uh, but Cyware.com - Request a demo - that's the best place to start. Mike Matchett: All right. Cyber threat intelligence with Cyware. Cyware.com . Thank you for being here today, Jawahar. Jawahar Sivasankaran, President: Mike. Thank you. Thank you for the opportunity. Mike Matchett: All right. And that take care folks.
