Elad Koren

Elad Koren: [00:00:00] Open doors for attackers. Yep. They are completely unaware. False sense of, Hey, it's there, it's in the cloud, it's probably secured by my cloud vendor whereas it's not because they're basically pushing it to customers to decide do they want to open the permissions, because every organization will manage it differently.

Ashish Rajan: Welcome to another episode of Cloud Security Podcast. I've got Elad with me. Hey man, welcome to the show.

Elad Koren: Oh, thank you. Thanks for having me.

Ashish Rajan: Maybe to kick it off, if you give a 30 sec version of, what have you been up to? What got you stuck into cybersecurity? Oh, where are you now?

Elad Koren: Yeah, I've I've been in cybersecurity for almost two decades now. Been mostly in product roles.

Started back back when I was in in the Israeli military reserve sorry, the military duty. Did a lot of cyber back then and went into my own startup, then had tenure in RSA security, which is the best, back then a security company. Now I'm again in the best security company, Palo Alto Networks.

And at the point where we are, I joined here [00:01:00] about two and a half years ago to really continue the journey on cloud. Cloud security is a major thing. We are seeing all, all companies going into the cloud. Yeah. And and we see that journey as something that we are responsible for securing and making sure that it's done safely and the customers, end users are properly getting their information fully secured

Ashish Rajan: Considering you've been in the cloud space for a long time. Yeah. What's the evolution from when you started working in it, till today as people look at this, what's considered unique back then and consider table stake now and what's the next challenge that people are looking at?

Elad Koren: About 15 years ago when we were working with many organizations on security aspects back in in past lives, some financial, even some e-commerce companies, just the mere thought of going to cloud was, why cloud. No way. Like I will not take my my business to the cloud because the risk is too high, right?

You don't have, it's like everyone can access [00:02:00] it. How is it? Today, even financial institutions, even as big as one of the major, like a few of the major US banks, their infrastructure is in the cloud. It's become like the basics. And this wasn't the case, not 15 years ago, by the way, not a decade ago. And it's becoming more and more used by many organizations with even critical infrastructure going to the cloud. And I think that the reason you see that is because you have the right tools to secure it. Yeah. Yeah. And this is going hand in hand.

Ashish Rajan: And would you say to your point about there was a question of safety in the beginning. Then it became a question about visibility.

Elad Koren: Yes. I think so. If you go back the race to get as quickly as possible with your product or platform to market. Yep. From e-commerce or FinTech or all the technology that we are seeing, all this speed, cloud fuelled it. Cloud enabled organizations to go really quickly. Think about it. Any startup today [00:03:00] can and this is a standard today, but it wasn't the case a decade ago.

They can go in, they can purchase in any of the major cloud vendors and environment and infrastructure. Yep. And just open a startup. Yep. It's that simple. Yep. It wasn't the case. Now when you have cloud enabling this, the lucrative or the, it was very appealing to many organizations to say, Hey, we can finally take the time to market from months to days.

Ashish Rajan: Yeah.

Elad Koren: And that started moving really fast. Now you see that today with AI, right? AI is moving so fast and you don't wanna stop it to stop and say, Hey, do we want to think about all the security and all the safety around it? You wanna move fast, and then you want security to move as fast as you can.

Yeah. And this is what fueled the cloud proliferation, right? So you saw that moving really fast. Security came in and said, okay, yeah we should start securing cloud, which is where you started seeing around six [00:04:00] ish, six, seven years ago companies maybe more than that, companies that mostly look at cloud and say, okay, this is your cloud environment.

Yep. We'll tell you if it's secured or not, we'll give you the posture or, we maintain the hygiene. That's where you started seeing the CSPM solutions coming in. And that is where posture was the major thing.

Ashish Rajan: And would you say when as it evolved from safety being a question to posture, and now we have, I guess there was a time when workload protection became a thing. CSPM became a thing. CNAPP became a thing. Yeah. Now CNAPP is not enough anymore as well. What was that period and why is there now a question about the current approach to the whole CDR, CNAPP. Why is that not enough anymore?

Elad Koren: When you look at that evolution of both cloud and alongside that, the security solutions, what is that the attackers dictated a lot of the main concerns for security solutions. So at the beginning people were reluctant or organizations [00:05:00] were reluctant to take everything to the cloud. But then as they started small. I. So usually you'd have your APIs documentation available in the cloud.

Not that significant data forms or data stores. But then as you understood, or other, as organizations understood more and you saw more and more information going into the cloud, that is where you saw that transition. You had CSPM, you had data security coming into play, but the attackers were still roughly behind very basic attacks on cloud. The assumption was still that the crown jewels are really in the org. Yep. But this is changing now. And if you just take a look at the incidents, right? So if you look five years back, many organizations didn't even have a SOC that knew what to do with the cloud.

Their DevOps. Yeah. Were the ones that were addressing incidents of the cloud. Yeah. And today. It's basically, it's widely known that if you don't have your SOC [00:06:00] knowing what to do in cloud incidents,

Ashish Rajan: yeah,

Elad Koren: you're in trouble because the number of incidents that will start coming in, this is exactly that inflection point that happened about a year or two ago, where you started seeing the shift from posture, CNAPP maintaining the hygiene for cloud to, hey.

Does your SOC understand your cloud? Do they understand how an incident looks like? Do you have the tools for your SOC to actually handle cases that are related to the cloud? And when more and more organizations started answering well, no, you're right. We need that is when we understood we are on the right path.

Because at the end, a true cloud solution today must have all the pillars starting all the way left to solve things as soon as possible. That's lower costs, lower risks to production, but just as important, the protection on that runtime, that cloud environment and having the SOC yeah, with the right tools in place.

Ashish Rajan: [00:07:00] What do you mean by a runtime? Because the thing, the funny thing is I have been having a conversation around RSA people seem to different, like the application security people have runtime definition, the cloud sec people have runtime definition. What's your definition of runtime?

Elad Koren: Ah, runtime is very simple.

It's the runtime, it's when things are running. Yep. But sometimes the runtime of what is, what's missing. So for AppSec, many people will say the runtime for the CICD pipeline when it's running less common, many people will treat runtime, is when the application itself is running in the cloud. Yeah. But we treat runtime as runtime security.

So that's securing the runtime. Not just by looking at posture, but actually looking at that level of protection that stops attacks. So true. All three are essentially runtime meanings. Yeah. But we take runtime as the runtime protection piece.

Ashish Rajan: So if someone's building a program, and I think there's a lot of conversation to what you said about AI as well.[00:08:00]

What's the impact of AI on the whole cloud security space, especially for enterprises that have been obviously in the cloud for a long time or they've migrated from data centers currently. Hybrid cloud, multi-cloud, throw in a lot of more complexity with different kinds of compute as well. What's the role that you've, or what's the impact that you're seeing from AI onto these environments today?

Elad Koren: We're combining two areas that I think together , it makes it super complicated for many organizations. So let's break it down to two different areas. And let me try and share my thoughts around those two. The first thing, many organizations that are not used to cloud.

Yep. And by the way, we still see many organizations to, during that journey from their digital transformation, you're saying? Yeah, exactly. What they're encountering. And I actually came just now from a meeting that they told me, Hey, we're super early in our cloud journey. I'm like, yes, you're in for a very interesting surprise because it's very different than what they know on the the perimeter of [00:09:00] their data centers.

Yeah. Where there are servers and in cloud. Suddenly they have so many tools, so many services, so many things that they don't know. They can activate them, deactivate them, enable them, disable them, and the number of options there. Yeah. Result in many things. One, open doors for attackers. Yep. They are completely unaware.

False sense of, hey, it's there, it's in the cloud. It's probably secured by my cloud vendor. Whereas it's not because they're basically pushing it to customers to decide do they want to open the permissions, do they wanna, because every organization will manage it differently. Yep. That's, it's basically you had a a car that had this stick and it's two, like 15 years old, but then you suddenly go in, you're in a Tesla and it's so different.

You have so many options and suddenly you're using something you didn't even know exists and you're in a situation that [00:10:00] you do not know. Yeah. This is one challenge. Then on the other side, this is the other side of what you asked with the AI. Yeah. It's a double-edged sword. One, it helps organizations move much quicker, just like the cloud.

Yep. In the past. Yep. Or for some organizations now, it helps them move faster, but it also helps the attackers move much faster. So these organizations that do this journey now, or even those that have been in the journey for a while, suddenly they have so many threats coming in, they're completely unaware because most of us that are not security oriented by way of thinking.

Yeah. We look at AI and we say, oh, amazing. We have so many things we can do with it, but. I can tell you that there is a full underground of adversaries and people that constantly think, oh, AI amazing. We can do so many great things with that. About 20 years ago when I was back in very early stages of my career I was deeply involved in investigating things related to the [00:11:00] underground like the entire ecosystem. Yeah. For malware, Trojans for banking specifically to basically steal money from, innocent people. Of course, the level of tools that they got to Yep. Was amazing back then. Just think of the level of tools that exist today for those adversaries. Basically, they have infrastructure to hire and to buy with AI.

They have tools at their disposal. So this is the threat that comes in along with cloud, and you basically have the wild west there. A long answer, but it's because it's it's a it's a long story.

Ashish Rajan: No, I think I understand as well because I guess AI is being provided as a capability to existing legacy applications.

Applications have been built in cloud for a while, so there are, AI is taking all shapes and forms in different organizations, different ways. So for CISOs or cybersecurity leaders who are building or uplifting a security program, some of them may be building a cloud security program 'cause they're moving to cloud this year, a digital [00:12:00] transformation, all of that. What are some of the things you feel people should consider as a look at the cloud SOC and that soft SOC cloud landscape that we were talking about in terms of uplifting an existing security program and also maybe for people to what you were talking about or starting today in that, hey, we are moving to cloud today.

Should we look at AI or should we just ditch the CNAPP perspective where, maybe if we start with a more mature one, how does, what should they consider uplifting in their security programs?

Elad Koren: I think I would start with I would definitely start with making sure that organizations that decide to adopt AI, I mean there are some that some organizations that will say we ban it.

Don't understand that there are those as well. Yep. Those that decide to go along with this trend, which I think is great, need to have a very good sense and understanding of their entire AI infrastructure that was built and the way it's used in the organization. Here in Palo Alto Networks, [00:13:00] what we do is we have a very clear policy of AI and AI usage.

We monitor, we understand the models use the posture management security posture management of these AI tools. And we have active tools to prevent this AI from being abused either by employees that just misuse that. Upload a file that they're not supposed to, that's a major risk.

Ashish Rajan: Yeah.

Elad Koren: Or poisoning some model for, a situation where an employee would maybe use that for code or something and that code will go into the code base of the company. Just think of that risk, that supply chain risk.

Ashish Rajan: Yeah.

Elad Koren: Multiplied by many like magnitudes. So organizations that, that do that, they need to make sure that this is fully embedded in their security program. This is one it needs to be looked at from a data perspective across the board because a data used by AI is the same data that is used across, all of their data stores. Yeah. And this is, this requires a [00:14:00] holistic view then if they're not adopting a runtime protection program that makes sure that their SOC gets all the visibility they need into potential attacks and everything that happens in their production.

That they don't have the tool they need to solve it.

Ashish Rajan: Yep.

Elad Koren: And this should be done not just with the view of cloud, it needs to be done with the view of everything across the board. Just one thing to say on that, we have seen signals that one of the more advanced attacks that we started seeing and we'll see more and more of is a combination of both the device of the employee with malwares and emails sent and like this. This is the entry point for the organization, right? So you need that protected, but even if it went in going into that machine, then if this is a privileged user, maybe a DevSecOps engineer Yep, that has access to the cloud, just like that [00:15:00] attacker goes into the cloud.

Now, when you investigate such an incident or such a case as an analyst, you must have the full visibility from that point of. Entry. Yep. From an email or that device all the way to the cloud. Yep. And if you don't have the side, the signals coming in from all of that for your investigation, then you're blind right here or half blind.

And so the security program of such organizations needs to take into account that this level of visibility is crucial. Yep. For the next level of protection their organizations need today.

Ashish Rajan: And what about people who are starting today? On that digital transformation journey. Yeah. What should they consider in their cloud security program or security program?

Elad Koren: So two things. One, if you educate your organization that the engineering and your development organization is adhering to those codes of conduct. Not sharing secrets in codes using the vault, using the right [00:16:00] practices for secured coding. Yeah. And you enforce it from day one in your cloud journey, then you'll have a much easier live layer.

Because that level of risk reduction by introducing that really early in the process Yep. Is it's to run it, try to change that for an organization that is already used to just push whatever they want. That's the hardest part ever. And. That combined with choosing the right solution, that can really move fast.

So any new threat that is coming in, just like that, you have something ready for it in this solution. So just when this journey starts, making sure you have the right companion.

Ashish Rajan: Yeah, fair.

Elad Koren: Those two, I think, are the critical pieces in building the right program.

Ashish Rajan: Great answers. Those are the serious questions I have.

I've got three fun questions for you as well. Okay. First one, what do you spend most time on when you are not busy. Saving the world with, from AI agents and cloud security CNAPPs and stuff.

Elad Koren: First family is, is probably [00:17:00] the most important thing. Then running. I like to run. I used to triathlon, to do triathlons, but now not as much.

And reading, I like to read.

Ashish Rajan: Awesome. Second question, what is something that you're proud of that is not on your social media?

Elad Koren: Proud of that is not on social media.

Ashish Rajan: Are you big on social media? No. So you have a lot of things you're proud of then?

Elad Koren: Yes. No, most of them, most of the things I'm proud of I think are in social media, but the fact that I'm a huge animal fan. I have two dogs. I used to be a dog trainer at some point in parallel with doing many other stuff, and I love everything that has to do with animal keeping or saving. And

Ashish Rajan: Rescue and all of that? Yeah. Yes. Oh, wow. Awesome. Yeah. Great to hear. Final question. Favorite cuisine or restaurant that you can share with us? Ooh.

Elad Koren: I'll go for cuisine because I don't think I'm but I really love the Indian cuisine Nice. Yeah. We actually had a very very nice dinner back home the other day with some Indian dishes [00:18:00] and the kids tried that for the first time.

They really loved it. Oh, awesome. Yeah. Yeah. It's awesome.

Ashish Rajan: Oh, great answers as well. Where can people connect with you and find out more about the work that Palo Alto is doing and run the announcements as well?

Elad Koren: So they can connect with me on LinkedIn. Yeah, I I'm pretty active there.

Yeah. And I try to answer every message sent. I'm also available on Facebook. Instagram as well.

Oh, fair. Okay. Awesome.

Ashish Rajan: Fair. That's

Elad Koren: more, yeah. Fair. Like that. Thats more 2025. Let just, so Mike, if I want to connect to my, with my kids, then Instagram is

Ashish Rajan: Oh, fair. Okay. Fair. And I'll put the, as well, the product announcements will be on the Palo Alto website, awesome. All right. Thank you so much for coming on the show. Thank you. Great conversation as well. Thanks. Thanks everyone tuning in.

Thank you so much for listening and watching this episode of Cloud Security Podcast. If you've been enjoying content like this, you can find more episodes like these on www.cloudsecuritypodcast.tv

We are also publishing these episodes on social media as well, so you can definitely find these episodes there. Oh, by the way, just in case there was interest in learning about AI cybersecurity, we also have a sister podcast called AI Cybersecurity Podcast, which may be of interest as [00:19:00] well. I'll leave the links in description for you to check them out, and also for our weekly newsletter.

Way we do an in-depth analysis of different topics within cloud security ranging from identity endpoint all the way up to what is the CNAPP or whatever, a new acronym that comes out tomorrow. Thank you so much for supporting, listening and watching. I'll see you next time.

‍