Cybersecurity is a term that is being bandied about more and more. We asked Pavel Minařík, Vice President of Technology at the Progress company, how to meet the responsibility of protecting sensitive corporate data. Pavel Minařík was at the birth of an academic project that gave rise to Flowmon, a unique performance management and security solution for corporate networks.
Managerial decision-making presupposes an orientation in the handling of company data. How can your business solutions optimise this process?
Corporate infrastructure is a complex and fragile ecosystem. A breach by an attacker can lead to sensitive data leakage or process disruption. This can mean not only financial loss but also reputational damage and, in extreme cases, liability for the statutory body. Standard security measures include securing the perimeter through firewalls and endpoints via endpoint protection solutions. However, an extensive corporate infrastructure between the perimeter and the endpoints receives little attention. Protecting endpoints requires installing a dedicated solution that cannot be installed on many systems. In practice, you may find that you are protecting barely half of the devices. This brings us to the solution to that problem: monitoring and analysing network traffic to detect security incidents and anomalies. We have been in this field for over 15 years, and our fl agship solution is Progress Flowmon. From an initially academic project and startup founded in 2007, we have gradually evolved into one of the few global players in the NPMD (Network Performance Monitoring & Diagnostics) and NDR (Network Detection & Response) space.
The term cybersecurity is becoming indispensable for business and public administration managers. What do you think is the level of protection in handling sensitive data in public administration, and what do you suggest?
There is much talk about the indispensability of cybersecurity, but real action is often lacking. The necessary investments in technology and people are often only made after an organisation is actually aff ected because “it cannot happen to us”. There is no need to reinvent the wheel. Good practice and standards exist. The so-called “Cybersecurity Act” is in force in the Czech Republic for cybersecurity, which is based on the ISO 27000 family of standards. Practical application of these standards will help to increase the level of their security. I would like to emphasise one more area: user education. Just mock phishing campaigns can teach users to recognise phishing emails and to react correctly. Ask yourself if you are implementing something like this in your organisation.
Your technology partners include many major companies and universities. How is the cooperation in the field of your research activities going?
Research and development are inseparable from our company. For us, joint research and development projects mean product innovation over a typical three-year period. We have defined topics that are of interest to us. In the event of intersection with the expertise of our academic partners, we prepare a project proposal, which we then submit to a suitable project scheme such as TACR (the Technology Agency of the Czech Republic) security research of Ministry of Interior Aff airs. The project is then handled by a team consisting of representatives from our company and the academic partner. We regularly present the results achieved and discuss further plans. The aim is that the results achieved can be directly applied in practice. This has been a real success in recent years.
Thank you for the interview
