The Human Factor in Cybersecurity
In cybersecurity, the user is often considered the weakest link in the security chain. This weakness stems from the myriad of potential mistakes users can make while navigating the increasingly digital and interconnected workplace. Guy Guzner, CEO of the cybersecurity company SAVVY, believes the key to robust cybersecurity lies in empowering users. In a recent interview, Guzner detailed SAVVY’s unique, user-centric approach to cybersecurity, addressing the problems it solves, and how it enhances user-level security.
The SAVVY Solution: A Paradigm Shift
SAVVY’s cybersecurity solution reframes users from being the weakest link to becoming an essential part of an organization’s security infrastructure.
SAVVY focuses on user behavior and leverages a multitude of techniques from education and automated security workflows to real-time, contextual, risk-based interventions. As Guy put it, “in cybersecurity, users are not the problem to solve, but the solution to engage with. Our aim at SAVVY is to empower them to become active participants in their own cybersecurity.”
The platform offers very broad coverage, monitoring all user actions across SaaS applications and providing deep visibility into all managed and unmanaged SaaS apps used by the workforce. SAVVY’s browser extensions, office extensions, and IDP integrations provide this visibility, helping secure the digital workspace in an unprecedented way.
SAVVY’s security guardrails alert users at critical decision points about potential risks, providing suggestive guidance that empowers users to make safer decisions. This ‘just in time’ security feature helps prevent risky user actions in real-time.
Automating Security: SAVVY’s Workforce Security Automation Platform
SAVVY’s Workforce Security Automation Platform is a key feature that aids in achieving this goal. The platform provides security automation playbooks that address common user actions and can be easily customized using the no-code automation engine. These playbooks automate responses to various events and allow for quick and easy customization, offering flexibility to adapt to unique security needs of different organizations.
Example of SAVVY alerting a user of sensitive content in ChatGPT
The automation playbooks delivered to user devices implement just-in-time security guardrails, alerting users to potential risks and suggesting secure options. This approach allows users to freely use any SaaS app they need, ensuring that the businesses aren’t at risk. As Guy explains, “we don’t just prevent negative outcomes, we build a more secure culture. That’s why we focus on real-time, context-aware interventions that educate the user as well as protect them.”
Continuous Insights and Risk Reduction
SAVVY also provides continuous insights that drive down risk. By continuously monitoring and analyzing user activities, SAVVY offers valuable insights about behaviors that could lead to security incidents. With SAVVY’s dashboards, organizations can track SaaS security posture improvements and showcase progress to stakeholders.
Use Case: Thwarting Salesforce Phishing Attempts
Guzner shared an example of how SAVVY’s proactive approach to user education and real-time interventions managed to avert a potentially disastrous phishing attack. A user had received an email that appeared to be from Salesforce, a commonly used SaaS platform. The user, not suspecting anything nefarious, clicked on the link provided in the email to update some details as requested.
As soon as the user clicked the link, SAVVY’s real-time protection kicked in. The solution recognized the user was about to enter credentials into a webpage mimicking Salesforce’s login page. SAVVY immediately flagged this as a potential phishing attempt. The user was provided with a real-time, context-aware alert, explaining why the page might be dangerous and suggesting the user close the page and report the email. This intervention prevented a potential data breach and educated the user on the signs of phishing attempts.
The ChatGPT Scenario
Another detailed example provided by Guzner involved the popular generative AI app ChatGPT. In this case, a user attempted to input their social security number into a conversation with ChatGPT, potentially training the AI with sensitive personal data. SAVVY was able to identify the risk, alert the user and suggest a safer alternative action to enable a filter for sensitive data, effectively mitigating the risk (watch a demo of a sensitive data submission use case, or a demo of privacy setting guidance here).
Unpacking Key Features and Benefits
SAVVY is designed with the following features and benefits in mind:
- Engagement at Critical Moments: SAVVY seamlessly operates in the user’s work environment, engaging at crucial decision points to prevent incidents and enhance security awareness.
- Empowerment-Focused Design: By explaining risks and suggesting safer alternatives, SAVVY empowers users to make secure decisions without sacrificing productivity.
- Easy Implementation and Customization: SAVVY’s out-of-the-box security automation playbooks address common user actions, and its no-code automation engine enables swift customization.
- Continuous Insights: SAVVY persistently monitors user activities, providing insights into behavior patterns that could lead to security incidents.
- Broad Coverage: It’s the only solution that covers all user actions across all SaaS apps.
- Just-In-Time Alerts: Security guardrails alert users at critical decision points about potential risks and provide guidance.
- No Code Automation: SAVVY enables security professionals to create and implement automation workflows without requiring coding expertise.
These features and more position SAVVY as a comprehensive solution that covers all user actions across all SaaS apps. It’s not just about preventing negative outcomes, but fostering a more secure and aware digital culture within the workforce. SAVVY’s mission, as articulated by Guzner, is not just to create a product but to shape the future of cybersecurity from the user up.
Looking to the Future
As for the future, Guy Guzner emphasized that SAVVY’s mission is to continually evolve and adapt to the changing cybersecurity landscape. With a strong focus on user-centric security and real-time, contextual interventions, SAVVY is geared to pioneer a new era in cybersecurity. The future will see SAVVY expanding its range of services and improving its AI capabilities, with a view of making cybersecurity even more seamless and intuitive for users.
This bold vision, coupled with SAVVY’s innovative and effective solution, is set to redefine how organizations approach and manage cybersecurity, with users at the heart of the strategy.
