The RSA Conference 2024 will kick off on May 6. Known as the “Oscars of Cybersecurity,” the RSAC Innovation Sandbox has become a benchmark for innovation in the cybersecurity industry. Let’s focus on the new hotspots in cybersecurity and understand the new trends in security development.
Today, let’s get to know Harmonic Security.
Introduction of Harmonic Security
Harmonic Security was founded in August 2023, headquartered in San Francisco, USA. According to data from LinkedIn in April 2024, Harmonic Security has 11 to 50 employees currently. Harmonic Security aims to help organizations securely adopt AI. Two slogans are highlighted on its website: “Paving the way for secure AI adoption, ensuring innovation thrives without compromise” and “Accelerate secure AI adoption without risking the security and privacy of your data.“
Harmonic Security has two co-founders. One is Alastair Paterson, currently serving as the CEO. Alastair Paterson graduated from the University of Bristol in the UK. In 2011, he founded Digital Shadows and has been its CEO ever since. Digital Shadows’ main business is to help companies monitor the Internet to identify digital risks organizations face, including network threats, data leaks, etc. The company received financing involving former UK Prime Minister Cameron and was listed by consulting firm Forrester as an industry leader in threat intelligence and digital risk. In July 2022, Digital Shadows was acquired by the ReliaQuest Group for $160 million. The other co-founder of Harmonic Security is Bryan Woolgar-O’Neil, who serves as the CTO currently. Bryan Woolgar-O’Neil graduated from the University of Strathclyde. He is a long-time partner of Alastair Paterson and previously served as Vice President of Engineering and CTO at Digital Shadows.
Rapid Growth of Generative AI Poses Significant Security Challenges That Should Not Be Underestimated.
Paterson pointed out that there are currently approximately 8,400 generative AI applications worldwide for various purposes, many of which are designed for different business functions of organizations. 55% of companies are piloting or have started using generative AI in formal operations. However, most of these AI applications are not effectively regulated, and their policies regarding data usage, data transmission destinations, and data security protection measures are not clear. In order to improve production efficiency, employees may use these AI applications with or without the company’s permission, which may lead to the leakage of company data and intellectual property. Therefore, most companies have to face the so-called “shadow AI” risk.
Currently, chief security officers are facing a dilemma: on the one hand, unsupervised AI usage may cause a series of data security issues; on the other hand, bluntly prohibiting this technology will diminish AI’s potential benefits. For example, companies can assist accountants in preparing annual reports by uploading CSV files to AI applications. However, without appropriate security measures, there is a risk of data being stolen by cybercriminals.
While rapidly adopting generative AI technology to enhance business efficiency and effectiveness, organizations must be vigilant about the accompanying risks. These risks involve critical internal and customer data security issues. Once data is input into third-party applications, its security cannot be guaranteed, which may lead to the leakage of company strategies, financial information, and employee personal information. Intentional or unintentional data leaks will damage the competitiveness, trust, and reputation of organizations. Moreover, the leakage of critical intellectual property may bring unfair advantages to competitors, weakening the competitive advantage of organizations. In addition, data leakage may also lead to violations of GDPR, HIPAA, PCI, and other compliance requirements, posing legal risks to organizations and their leadership.
Features of Harmonic Security Solution
Harmonic Security was founded with the intention of addressing the security risks posed by the rapid development of generative AI in the current era.
In summary, Harmonic Security’s solution has three main features:
- Enhance organization security managers’ visibility of AI to identify risks more quickly and comprehensively;
- Provide efficient and user-friendly protection solutions for organizations’ sensitive data;
- Introduce virtual security operations personnel to reduce the workload of organization security teams.
(1) Enhance organization security managers’ visibility of AI to identify risks more quickly and comprehensively
A common challenge facing many organizations is that they often cannot fully understand how AI is being used in their own companies, such as tracking the use of approved and unapproved AI applications.
Harmonic Security’s AI discovery and shadow AI management solution can comprehensively monitor the AI ecosystem in organizations (including approved and unapproved AI applications), which brings better control and security. Specifically, it has the following three advantages:
- Assess the effectiveness of approved AI applications: Companies can assess the effectiveness of their AI programs in use to determine if additional improvements are needed. This visibility provides valuable feedback for companies’ AI technology investments.
- Managing shadow AI is crucial to meeting employee needs while ensuring security: By gaining deep insight into unauthorized shadow AI applications within the organization, this transparency enables organizations to introduce secure alternatives when necessary, guiding employees to use safer and compliant solutions, thereby enhancing overall productivity and security levels.
- Promoting secure AI usage through effective risk management and compliance: This strategy aims to ensure the secure and reliable introduction of AI technology by strengthening risk management and compliance measures. By prioritizing security and regulatory compliance, organizations can not only maximize the AI potential but also minimize potential risks. For example, if it is found that many employees are using an AI application to improve work efficiency, but the application has security risks, Harmonic Security can promptly provide this information to the company to help them find secure alternatives.
(2) Provide efficient and user-friendly protection solutions for organizations’ sensitive data
Current data protection strategies face significant challenges, with traditional solutions ineffective due to frequent false positives and incomplete data labeling, increasing the security risks faced by organizations. Existing methods have shown ineffectiveness in dealing with evolving threats, leading to critical data being exposed to potential leaks and vulnerabilities. Additionally, technologies relying on old rules and regular expressions are prone to generating numerous false positives, diverting attention from real threats. Attempts to label all data often fail or remain incomplete due to high complexity and resource consumption, resulting in inadequate data protection and management.
Harmonic Security offers a simplified approach to data security, identifying all types of sensitive data and providing top-notch protection beyond the accuracy of manual review. Harmonic Security allows organizations to define their protection priorities in plain English, avoiding the complexity of handling cumbersome DLP rules. Harmonic Security’s system excels at identifying various types of sensitive data, including complex intellectual property, effectively preventing data leaks and unauthorized access, and ensuring the security of important information. Its high accuracy even surpasses manual review of every piece of data leaving the organization, providing unprecedented security guarantees, saving a considerable amount of time and resources. In summary, it has the following three advantages:
- For the first time, Harmonic Security truly protects data that organizations care about. This security solution prioritizes critical information, ensuring valuable data is effectively protected and bringing organizations peace of mind.
- Security measures that are easy for organizations to understand: Harmonic Security provides straightforward security measures, removing barriers of technical terms, and simplifying the data protection process. This ensures that teams can easily implement necessary security practices, making data protection both accessible and efficient.
- Eliminate the annoyance of false positive alerts overload: Harmonic Security reduces excessive false positives, addressing the burden on teams caused by false alarms. By reducing these unnecessary alerts, Harmonic Security streamlines security processes, allowing teams to focus on real threats and important tasks, thereby improving the effectiveness of data protection.
(3) Introduce virtual security operations personnel to reduce the workload of organization security teams
Facing a large number of false positives and alert fatigue caused by frequent user interactions, organization security teams urgently need to simplify processes to improve efficiency and enhance user satisfaction. The frequent false positives generated by data protection technologies not only waste the valuable time of security team operators but also distract them from real security threats. Additionally, security team operators need to communicate with end users constantly, and end-users’ dissatisfaction with waiting for process simplification further reduces the efficiency of the team and the smooth operation of the business.
Harmonic Security automates over 80% of data protection events by introducing a virtual security operations team, allowing security teams to focus on developing organizational policies and enhancing overall security posture, rather than manually handling false positives. Simplifying this process allows organization security teams to focus on more strategically valuable security tasks, thereby enhancing the security and resilience of the organization. In summary, it has the following three advantages:
- Improve efficiency and response speed: The Harmonic Security solution significantly improves efficiency and response speed by simplifying security operations, saving time and reducing pressure, allowing teams to focus on more valuable activities. In addition, it provides end-users with quick problem resolution and real-time security best practices guidance, further enhancing efficiency and responsiveness.
- Promote team productivity: The solution aims to save time and increase team productivity by simplifying tasks and optimizing processes, helping teams work more effectively while reducing stress, creating a healthier work environment.
- Quickly resolve end-user issues and educate employees: The Harmonic Security system ensures that end-users receive immediate support when problems occur, eliminating the need for security teams to intervene. By providing instant education and guidance on appropriate actions for employees, this proactive approach not only improves user experience but also promotes a culture of security awareness, helping to prevent future security incidents.
Conclusion
With the stunning debut of ChatGPT, generative AI is gradually becoming widely recognized as a future trend. By reasonably and efficiently using AI tools, organizations can significantly enhance their competitiveness. However, like any technology, generative AI has pros and cons, and it is no exception. Its potential downsides and risks become more apparent as AI tools are widely applied.
Harmonic Security accurately grasps this future trend. Since its establishment in August 2023, the company has quickly emerged and, by April 2024, had entered the top ten of the RSAC Innovation Sandbox. Its two founders not only have a rich and successful entrepreneurial background but have also been deeply involved in the cybersecurity field for many years. We believe that Harmonic Security will achieve even greater success in the future.