SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image

Exclusive: Rapid7's Craig Adams discusses cybersecurity challenges and AI innovations

Tue, 26th Nov 2024

Despite Craig Adams having only been in his role as Chief Product Officer at Rapid7 for six months - his insights reflect years of deep industry experience.

With a background spanning threat intelligence and cloud security, Rapid7's Chief Product Officer, Craig Adams, is driven by a clear philosophy: effective cybersecurity must bridge the gap between tools, data, and connectivity.

"I fell into the trap that everyone does in security, thinking there's a magic application that solves everything," he said.

"I've since realised the modern security problem is one of connectivity—how do systems speak to one another? That's what brought me to Rapid7."

Rapid7, a 20-year-old global cybersecurity firm, tackles the critical issues plaguing organisations today.

Adams explained their mission succinctly: "We help customers identify exposures in their environments, whether on-premises, cloud, or hybrid, and provide integrated visibility." From unpatched vulnerabilities to misconfigured applications, Rapid7 equips over 10,000 clients with tools and services to manage threats effectively.

The Defender's Dilemma
Adams described the core challenge in cybersecurity as the "defender's dilemma," where defenders must be right every time, but attackers need only succeed once.

"Tech environments are exponentially more complex today than they were five years ago, and they'll be twice as complex five years from now," he explained.

"By giving organisations insight into their exposures and helping them prioritise risks, we make it possible to address the most critical issues first."

Rapid7 also provides managed detection and response (MDR) services. Adams noted the importance of addressing the "alert fatigue" many security teams face.

"Nobody wants another alert; they want actionable insights," he said. "That's why our MDR services are so impactful—we can staff augment and handle threats so organisations can focus on what matters most."

Building Solutions for Practitioners
Adams's role involves a unique organisational structure at Rapid7, where the Chief Information Security Officer (CISO) function operates under the product organisation. "We treat ourselves as customer zero," he explained.

"Everything we build, we use first, ensuring our solutions truly meet the needs of security practitioners."

This practitioner-first philosophy is central to Rapid7's approach, especially as organisations grapple with growing demands and static or shrinking budgets. Adams highlighted this as a significant issue: "Security budgets are increasing, but the demands on security teams are outpacing them. We're focused on delivering what teams need, cost-effectively."

AI: Promise and Perils
The rise of artificial intelligence is reshaping cybersecurity, and Adams views AI as both a challenge and an opportunity. While adversaries are using AI to enhance their attacks, Rapid7 leverages AI to improve detection, prioritise risks, and automate responses.

"One of the great things AI can do is remove the hay from the needle in the haystack," Adams said.

"It's about eliminating benign signals so teams can focus on what truly matters." He added that Rapid7's AI tools not only accelerate threat detection but also handle the initial response steps, allowing human analysts to intervene only when necessary.

Adams was candid about the risks AI poses, particularly in phishing and impersonation.

"AI makes spear phishing incredibly precise. Attackers can craft messages using publicly available data and create personalised, convincing campaigns. Voice cloning tools can leave chillingly effective voicemails impersonating executives."

He also warned that many organisations are not yet securing their AI environments as rigorously as their other assets.

"This is a blind spot for many, and we're helping our customers address it," he said.

Tackling the Talent Gap
One of the pressing issues Adams encounters globally is the shortage of skilled cybersecurity professionals.

"It's not just about finding talent—it's about finding experts who understand your specific stack of 10 or 15 tools. That's a multiplication problem," he said.

Rapid7's MDR services address this by providing detection and response expertise that complements a company's internal team.

"We help organisations focus on their core operations while we handle threat triage," Adams explained.

Prioritising Visibility
A recurring theme in Adams's commentary was the critical importance of visibility. "The biggest challenge organisations face today is understanding their attack surface," he said.

"Most don't have a complete view of what they're protecting. If you can't measure it, you can't manage it."

Rapid7's approach integrates visibility across cloud and on-premises environments, offering a comprehensive view of assets and vulnerabilities.

"We're the only organisation that provides integrated visibility and risk-aware detection," Adams said. "That's why customers choose us."

Insights from Down Under
Adams's recent visit to the ANZ region had personal and professional significance. Speaking at the CISO New Zealand conference, he shared findings from Rapid7's threat intelligence research.

"We've uncovered that over 40% of compromises originate from remote access without multi-factor authentication, 30% from unpatched vulnerabilities, and 12% from social engineering," he said. "Our goal is to help organisations prioritise actions that will make the biggest impact."

Final Thoughts
As cybersecurity threats evolve, Adams emphasised the need for organisations to adopt integrated, proactive strategies.

"Security is a hydra—you're never done," he said. "But by focusing on visibility, prioritisation, and leveraging tools like AI responsibly, we can help organisations stay ahead."

Adams ended on an optimistic note: "It's a privilege to work on solutions that make a real difference. Cybersecurity isn't just about technology—it's about enabling people to feel safe and confident in a digital world."

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X