Interview – Paul Hague – BlackDice
Interview Paul Hague
DAN ASSOR [00:00:02] Hi and welcome back. We’re now going to go straight to our next guest, and that is Paul Hague over at BlackDice. Hi Paul, how are you doing?
PAUL HAGUE [00:00:11] Hi, morning very well thank you, how are you?.
DAN ASSOR [00:00:13] Good, I’m fine. Thank you for joining us. So it’d be great to hear Paul to start off with what the inspiration was for the business and BlackDice?
PAUL HAGUE [00:00:25] Yeah, sure. We actually started out as a parental control business. We had some horrible problems with one of my children and we were looking for ways to try and solve some of those problems for the kind of parents and families. And then after a while, it just became obvious that those particular things were building were a small part of a much larger issue around device management, device behaviour, and how we keep networks, broadband networks safe and secure. So we kind of came from a not particularly pleasant place, I suppose, from a family. But created something that hopefully is beneficial for all.
DAN ASSOR [00:01:16] Why do you think BlackDice is needed and what sort of problems does it solve?
PAUL HAGUE [00:01:20] Well, there are broadband networks and home networks kind of appear to have been left behind a little bit corporates, as you heard from kind of DarkTrace and Clearswift we’re kind of the other end of that and in terms of age as well. But they tend to have been left behind. So where you have routers that are insecure. So there’s a report where there’s around a 127 common routers, which are inherently insecure. You’ve got devices that are insecure and the connected devices are only growing and growing and growing. So we’re talking about billions of billions of connected devices over the next few years. And I think that from that point of view, there needs to be a mechanism by which those networks are also made safe and secure. And the problem only gets larger is we’ve you know, as people have kind of hinted at previously as we’re in this situation, the odd situation in which we find ourselves with people working from home. Then that problem again only gets larger and larger and you end up with issues around home networks being secure. Then potentially that leaves corporates open and then potentially that leaves the operators and service providers open as well. So we see it as a much wider issue and security ends up being only as safe as the weakest link. And at the moment, we see those particular issues as the weakest link.
DAN ASSOR [00:02:52] Sure. And why is device behaviour such a key indicator for you to think?
PAUL HAGUE [00:02:59] Well, it’s all about patterns of use. And once we see and once you understand how a device is supposed to behave and what its normal is and potentially what its normal is across a network of effective, you know, thousands, tens of thousands, millions of devices, you can then start to understand whether or not that behaviour looks slightly odd and there are particular things that you need to look at and feeding that into the wider environment that we have. And that’s why how that device is behaving gives you early indicators that something might be wrong.
DAN ASSOR [00:03:42] Sure. And I’ve read that you mentioned quite a bit about the vaccine for threats. What do you mean when you talk about a vaccine for threats?
PAUL HAGUE [00:03:52] Well, a lot of what we try to do is predictive. So we’re not we’re trying to avoid a situation, similar with the kind of antivirus and those things where they are fixing an issue that’s already there. You know, those particular solutions are more around curing something that’s already happened. We see our technology more of a vaccine that is trying to look at those trends and those indicators predict when something’s going to happen and allow you to take action before some things actually happened and that’s why we kind of see ourselves more of them, more of that kind of vaccine environment where we’re protecting you right at the beginning rather than after the fact when something’s already happened.
DAN ASSOR [00:04:38] Sure, that makes absolute sense in terms of your customers. Can you just give us a sense of who they might be?
PAUL HAGUE [00:04:45] Yeah, we sell into telecoms operators and service providers. So organisations that supply broadband networks into either homes or businesses. We also sell into routine manufacturers as well, because what we do is allow those operators to create trust. We allow those operators to create cybersecurity products extremely quickly and importantly as well, we also give them insights into their edge network, which they don’t currently have so and a lot of the insights so far kind of finishes at the router and it becomes quite difficult for them for problem-solving to identify threats, to see where vulnerabilities are. We give them that kind of view as well. And so from an operator point of view, it just means that we give them the ability to create new core services that reduces churn, creates new revenue streams. And it’s really that operator market that we’re targeting.
DAN ASSOR [00:05:48] Sure and why do you think Machine Learning is so important withn this?
PAUL HAGUE [00:05:52] It’s the huge amount of data. So if you’re looking for patterns, if you’re looking to try to predict, if you’re looking for those little fingerprints that potentially identify that something is likely to happen, doing that by human eye in hand is impossible. The data volumes are way, way too large. So Machine Learning allows us to consolidate all of that data from the device behaviour that we were talking about through to the enviromental side of things where we may be looking at IP reputation and other bits and pieces around that. That allows us to churn through huge amounts of data, spotting patterns, spotting fingerprints over time, and allows us to make those kind of predictions that we need going forwards.
DAN ASSOR [00:06:41] Sure and in terms of the biggest threats that you’re seeing, and I guess you might predict for the future. What do you think the biggest threats are the next coming months and years?
PAUL HAGUE [00:06:52] Well, as I was saying before, the root of vulnerabilities that we were speaking about. And some of those things do need to be fixed. IoT is inherently insecure and there are privacy issues around that and that’s a kind of a short term thing that needs to be fixed, I know the EU regulations came out the day around IoT security in that kind of certification process, which is a good start in terms of solving that. I think the biggest threats over the next few years are going to be around 5G and specifically around eSIM because as soon as you start to virtualise hardware into a software environment in a network, that software environment is a much easier target than hardware. And so when you look at the potential for infiltrating that software and creating malware that potentially from a sensor point of view or a network can compromise Machine Learning just by adjusting data flows. It can compromise intellectual property around that as well. I think over the next few years, that kind of security problem is going to become bigger and bigger. And part of the issue with that, of course, is that when there’s always a rush with new technology, the rush is to get the new technology out and I kind of fear that some of those security issues associated with that kind of virtualisation, that kind of new software, that kind of eSIM, has the potential to reap havoc and I think that needs to be certainly be addressed over the next few years.
DAN ASSOR [00:08:30] Sure, I absolutely agree. And I guess finally, before we wrap up Paul, it would be great do you think we’ll ever solve this privacy, national security problem? I know you work with the government so would be good to hear your views.
PAUL HAGUE [00:08:44] It’s a really thorny problem and it’s not, I don’t think there’s an easy answer, I really don’t and you end up getting both sides of the argument, becoming somewhat intransigent and struggling to kind of meet in the middle. I think there does need to be an open and sensible debate from both sides around how do we manage expectations of both sides? How do we manage the rights of privacy of an individual to their data and potentially remaining anonymous compared to the issues around national security. And I just don’t think we’re really having that debate, there seems to be arguments on the side but I do feel that especially with smart home automation and the amount of information that’s collected by technology companies, there needs to be that sensible debate about how we manage those two issues going forward.
DAN ASSOR [00:09:44] Sure. Absolutely. Absolutely fascinating. You know, as a father of two small children myself, I wish you every success with this endeavour. So thank you very much, Paul. Unfortunately, that’s all the time for. Slight change the schedule. Next up, we’re gonna have Richard Archdeacon from Duo Security. But we’re just going to go for a quick break encourage you to like and comment and also connect with people that are currently live on this live Linkedin Event.