What's Up with Tech?

How AI Is Changing Cyberattacks And How Enterprises Can Proactively Test Defenses To Stay Ahead

Evan Kirstel

Share episode

Interested in being a guest? Email us at admin@evankirstel.com

The fastest way to lose a security battle is to wait for it to start. We pull back the curtain on a proactive strategy to break the attack chain—disrupting reconnaissance, lateral movement, and exfiltration—by uniting offensive testing with integrated blue team defenses that actually prove what works. John Grancarich Chief Strategy Officer Fortra, joins us to explain how red and blue can operate on a single vision that prioritizes the real prize: protecting data wherever it lives.

We dig into the AI-fueled threat surge—hyper-personalized phishing, deepfake-driven social engineering, and automated vulnerability discovery—and get specific on how to respond. John walks through a three-part AI model security of AI to safeguard gen AI pipelines from prompt injection, data leakage, and shadow tools security from AI to detect AI-powered threats with behavior-led models and security with AI to augment SOC teams by automating triage and enrichment. The result is a realistic path to faster incident response, fewer false positives, and more time for human judgment.

Data sits at the center of the story. John shares why Fortra acquired Lookout’s cloud security business and how capabilities like CASB, secure web gateway, and ZTNA now pair with endpoint and network controls to create a unified data security approach. With consolidated discovery, classification, and policy enforcement through one console, teams can spot risk sooner and stop exfiltration with less friction. We also talk culture: practical awareness programs, phishing simulations, and the simple discipline of slowing down before clicking. Finally, we look ahead to a unified platform that brings red and blue together, a new DSPM rollout, and the bold goal of enabling the 10x security engineer.


Support the show

More at https://linktr.ee/EvanKirstel

SPEAKER_00:

Hey everybody, important topic today as we talk about breaking the attack chain in the enterprise and reimagining how enterprises can stay ahead of attackers with Fortra. John, how are you? Doing great, Evan. How are you doing? Thanks for joining. Really intriguing and important topic. Before that, maybe introduce yourself. And how would you describe the core mission at Fortra?

SPEAKER_01:

Yeah, absolutely. So uh so my name is John Grantrich. I am Fortra's chief strategy officer. I've been with the company for about seven years. Originally started in product management and then over time move into a variety of different roles. So today I oversee product and platform strategy, our commercial team and marketing as well.

SPEAKER_00:

Fantastic. And uh breaking the attack chain is one of your taglines. That's a pretty powerful statement. Um what does that mean in practical terms for your customers?

SPEAKER_01:

It is. So one of the things we wanted to do this year was really kind of rally the company around what we thought was a compelling and exciting mission. And in cybersecurity, the attack chain at its simplest is a sequence of steps that cyber attackers follow. And that's everything from initial reconnaissance on a target all the way through typically exfrating some data, something that can be used for monetary value or some leverage. And one of the things that we saw here at the company, you know, we're all security experts kind of looking at the market, is that most security companies and most security tools typically focus on just one part of the attack chain. And that's typically on the blue team or on the defensive solution side. And what we decided to do is really kind of something different, which was to really focus on breaking the attack chain at multiple points. And that includes offensively. So what we really think of this, when you kind of break it all down, fundamentally, what we want to do is shift the focus from waiting for attacks to happen to actively testing whether our defenses can actually stop them. So in security, what you'll see a lot of is this kind of typical detect and respond approach. What we're doing here is proactively simulating real-world attack scenarios. And these are things that Evan are on the order of nation state level sophistication. So we've got some of the best security people in the world who are really kind of figuring out how these the most advanced attacks in the world happen. Then we use the blue team side or the defensive side to defend against them. So that's really where break the attack chain comes in. It's kind of bringing the red and the blue together or the offensive and the defensive together.

SPEAKER_00:

Wow, amazing approach. And the threat landscape uh seems to change week by week, at least what we know of it. Uh, how do you at Fortra adapt to these shifts?

SPEAKER_01:

Yeah, it's absolutely changing all the time. I think, I think part of the challenge of the work, and also what makes it really interesting, is that it is changing all the time. There's really not that much that's static about it. Threats are becoming faster, they're becoming more automated, and they're also becoming a lot more personalized. And this is where we see AI come into the fold. Uh, we are seeing a significant rise in AI generated attacks. So these are things like AI generated phishing, AI-generated deepfake. So we have seen some amazing examples of deep fake technology being used in phishing-related attacks and then automated vulnerability discovery as well. So attackers will use AI to basically do some really rapid and thorough scanning across environments to see where their vulnerabilities are uh can be exploited. So we've seen definitely seeing a rise in that. We also see that organizations are adopting cloud tools, SaaS tools, Gen AI tools at an increasing rate, and that just expands the attack surface. So, what we try to do in response to that is provide some of the key tools that organizations need, things like data protection, brand protection, offensive security to really provide a layered and integrated approach, and that is also intelligence driven. So you really have to combat AI with AI. Uh, otherwise, you know, you you're gonna be outgunned in that battle.

SPEAKER_00:

Yeah, speaking of which, uh, AI and ML are being used, not just by the defenders, but the attackers. It's it's uh just a wild environment. But so how has that changed or reshaped your approach to security operations and threat response?

SPEAKER_01:

Yeah, it's it's definitely influenced our thinking a lot. And it's something that, you know, because of the dynamic nature of the business, there is no one and done here. You're always kind of evolving your strategy and how you respond to it. So when we think about AI here, we really think of it in a few different ways. So one is I think I'll call it security of AI. We see what organizations are doing with AI in their own environments. They're using it to increase productivity, they're using it to leverage automation. What we want to do here is help organizations protect their gen AI and AI pipelines from things like data leakage, prompt injections, and basically shadow AI. It's really easy for these AI tools to kind of proliferate sort of all around an organization. So we really want to help organizations harness that better so that they can leverage it for their own advantage. Another way is really what we call security from AI. So this is where we're using AI to detect AI-powered threats like phishing, impersonation attacks, using some technology that we've built internally, which has really been a very powerful way of kind of, I think, bringing to life what I was saying before, using AI to combat AI, uh, which is absolutely uh critical, I think, in this world. And then defensively, security with AI. So we use AI to enhance the great work we're already doing with detection. We're automating uh incident triage and then better supporting SOC teams with it. So it's kind of really a few different ways of using it that we bring together. We also really focus on what I'll call a more pragmatic approach here. There's obviously an enormous amount of hype in the space. I mean, I don't know of a technology topic that occupies more of our thought cycles than AI today, but what we're really focused on is using it where it adds value. So identifying anomalies and detecting anomalies, aiding email threat classifications, things like that. And then agentic AI, we're looking at that too, and we're starting to incorporate that more into the work that we do. And these are really autonomous systems that act like digital security teams, but not fully autonomous. We want to make sure that there's still a government, uh human in the loop rather, that's kind of governing the work and providing some human oversight.

SPEAKER_00:

And speaking of human oversight and expertise, where do you see the role of humans uh in a year or two, you know, in this increasingly automated world?

SPEAKER_01:

Yeah, it's a great question. I think in security itself, we're always going to need skilled professionals. There's so much domain expertise that's that's out there. And security is such a varied, diverse, and complex field. You're still going to always need humans there. But I think what we see is an opportunity to take the great skilled people that work in cybersecurity today and really amplify them. And what we've come up with is the idea of what we call the 10x security engineer. So can we take the average prototypical security engineer or security analyst today and essentially magnify his or her ability to do security work an order of tenfold? And if so, what would that look like? So you'll always need humans in the loop. You need humans to govern the systems and figure out where uh you know the AI and the tools and the automated technology should work. But I think there's an absolutely huge opportunity here to take what a person can do and magnify that by an order of magnitude. And we're we're just scratching the surface of that.

SPEAKER_00:

Love it. What a great philosophy. So um we're in uh cybersecurity awareness month every year in October. Um, any uh initiatives, campaigns, fun marketing gimmicks that you guys are are launching this year?

SPEAKER_01:

Yeah, sure. So so I think I'd like to say that at Fortra every month is Cybersecurity Awareness. I mean, we we sure are paranoid about a lot of different things. Good, good paranoia. I think we have to be these days. Um, but but we do use Cybersecurity Awareness Month uh in the month of October to bring even a little more focus to it. So we are running uh, you know, some campaigns focused on AI safety and responsible adoption. This ties into a lot of what you and I have just been talking about. Um, how to break the attack chain. So we're educating people on how to rethink uh what you can do in terms of breaking the attack chain from end to end. We've got internal events, security trivia, phishing simulations. Um, our security team loves to uh see you know where they can pull one over on the rest of us here, and they keep us sharp and on our toes, which I love. Um, and we've got a ton of thought leadership content. And you know, we do webinars, um, we've got a lot of blog posts. We've got a huge research team here called Fire. So the Fortrait intelligence and research experts, these are some of the best people in the world in terms of just researching um what's what's happening out there. So they're pushing blogs out, they're pushing social content out. Uh, we just think it's a great time to engage customers and and even our internal teams and building a stronger security culture. And so uh we're all about it. We're all having a great time with it.

SPEAKER_00:

Yeah, I love that. And the gone fishing challenge that that looks fun. Uh, what are you hoping people learn from it, maybe beyond the uh the interesting infotainment value? Uh what are some of the takeaways that you're hoping to get across?

SPEAKER_01:

You know, I think when when you look at security and you think about, and you and we talked about this before, right? That you have this very dynamic landscape. And and and if you read the news every day, it seems like there's always something new that you haven't heard about before. It's some new threat actor group or some new novel attack, and all of that is true. But one of the things that I really hope that comes from this is that just by taking care of the fundamentals, right? If you're if you're a consumer of technology, if you're a user of technology, just slow down for a moment, be a little more mindful of what's coming through your email box, what's coming through your text messages, what outreaches are being made to you, and maybe just have a little bit of skepticism about what you see and slow down for just a moment. And if you just do that, take care of some of those fundamental things in terms of what watching what you're clicking on and making sure that it is what it's supposed to be. And if not, you you know, hopefully safely uh move right past it. Just take care of that. And those, I think, if nothing else, you can get some good reminders. And even for me, somebody that works in the field every day, um, I actually enjoy my cybersecurity awareness training. Uh, I love taking it because they test me and and none of us has it all figured out. We are all ultimately vulnerable. We are all ultimately busy, distracted people who have stresses and all sorts of things going on in our lives. If nothing else, it's a good reminder to slow down for just a moment and make sure that what you're clicking on is what you think it is.

SPEAKER_00:

Absolutely. And the sophistication of the attacks is really unbelievable. I've been approached by several attackers with, and I'll, you know, I consider myself, you know, a semi-pro kind of, but the deep fake AI, deep fake voice, and spoofed uh Zoom links, uh, and all kinds of uh uh unbelievable attacks uh that I just can't imagine your average uh uh person not falling for. So scary times indeed, staying on top of this education-wise, is so critical. Um speaking of critical, you recently acquired Lookout Security, a company that I've admired, an early innovator. What's the vision behind that move? And how do you see their cloud and endpoint security kind of entering the equation?

SPEAKER_01:

Yeah, so Lookout's cloud security for us was uh frankly an incredible acquisition, not just from a technology perspective, but from a talent and cultural perspective as well. That team is second to none in terms of its talent, uh and also, frankly, you know, just who they are as people. Uh, we've loved having them join the Forcher team. The reason we did it was actually goes back a little ways. We've been uh working on a comprehensive data protection strategy for quite some time. And when we look at the infrastructure landscape, when we see how organizations are evolving, one of the things that's really easy for us to see is that data is literally everywhere today. It's on endpoints, it's it's in network shares, it's in the cloud, and no two companies are going to have the same infrastructure strategy or the same data management strategy. And we see data security at Fortra really as the center of our value proposition. Everything that we do at the end of the day, and this ties right back to the attack chain. The attack chain is generally leading towards data exfiltration. Well, we want to be, we want to be, that's where we want to be. We want to focus there. And so what Lookout brought to Fortra was cloud data security, specifically things like CASB, secure web gateway, zero trust network access, and a full range of SSE or secure service edge capabilities. We're now integrating everything that they brought to Fortra with our endpoint and network data protection capabilities to create a unified data security solution. This means that customers, when they now work with us, they can discover and classify sensitive data anywhere it is, endpoint, network, cloud, and everything in between. And they can enforce policies consistently to protect data in each of these environments through a single policy management and enforcement console. Basically, so we want to make it just super simple, push all of the kind of user experience friction behind the scenes. Nobody needs to deal with that anymore. We want to just make it super simple. And what customers get from that is the ability to detect and respond to threats, especially threats to their data, much faster than ever before. So we are launching a new DSPM or data security posture management solution uh first week of November. So it's coming right up. And we plan to have that integrated with our unified platform by the end of this year. So this is a huge step forward towards our vision of an integrated yet still modular security platform. And so it's been an absolutely awesome acquisition. And uh, I've been involved in 17 acquisitions now in my seven years here, and this one definitely rates at the top. It's it's been great.

SPEAKER_00:

Wow. Well, I almost dare not ask what's next. You have so much going on now. Where do you see the biggest opportunities as we head into um next year?

SPEAKER_01:

Yeah, so for from from an from an MA perspective, so Fortra, you know, part of our growth strategy is through acquisitions. We're always looking for great companies and great teams to talk with. And we're really lucky now because we've had such a successful track record with acquisitions that uh we do get a lot of uh proactive outreach to us about new opportunities, which has been great. So we've seen we've been seeing some really interesting things that we are looking at. Um we're really focused in the areas of data protection, brand protection, and offensive security. So things like red teaming, penetration testing, what have you. And we're open to always, you know, kind of look at all different areas, but those are the three that have really been kind of the focus of our strategy recently going into 2026. Another big thing for us is going to really be around the Fortra platform. So uh with 17 acquisitions, you know, you can imagine that you've got a range of user experiences and product architectures and data models and all sorts of stuff kind of happening in the background. One of the things that we've been working on uh in the background for three years, and it's and it came, it came online this year was a unified platform. So now we have brought almost all of our defensive security solutions or our blue team solutions into the platform. So unified agent, unified login, uh, unified interface, unified data model. We basically have normalized all this stuff, and it just makes it easier for customers to work with one provider across a broader range of solutions. In 2026, we're going to start to slowly bring in our offensive solutions. So we'll have red and blue team solutions working together on a unified platform. This is a super ambitious strategy that we've been working on for some time. And so we're super pumped to uh have it come online.

SPEAKER_00:

Well done. Well, exciting times. Congratulations on the mission and the great work you're doing with customers onwards and upwards. Thank you so much. Thanks, John. Thanks everyone for listening and watching. And be sure to check out the TV show at techimpact.tv on Bloomberg and Fox Business. Thanks, everyone. Thanks, John. Thank you.