Inside BlackBerry’s cyber security playbook

BlackBerry was known for its iconic devices, but it was also synonymous with mobile security, with its messaging system and smartphones used by many organisations with strict security requirements in its heyday.

While BlackBerry has exited the smartphone business, its security pedigree carries on to this day through a diverse portfolio with offerings in cyber security, critical events management, endpoint management and embedded systems, among others.

In 2019, it completed its acquisition of Cylance, a privately held artificial intelligence (AI) and cyber security company, to bolster its security chops and intelligently connect, protect and help build secure endpoints.

In an interview with Computer Weekly, John Giamatteo, BlackBerry’s president of cyber security, and Tash Stamatelos, its newly appointed vice-president of sales in Asia-Pacific (APAC), discuss the company’s cyber security strategy, its footprint in APAC, and its investments in threat intelligence and zero-trust network access (ZTNA).

BlackBerry has a diverse portfolio, including QNX and the internet of things (IoT). What’s the company’s thinking around cyber security, and how can its cyber security capabilities enhance other offerings in the portfolio?

Giamatteo: There couldn’t be a more exciting time to be at BlackBerry. We’ve undertaken a complete transformation from what most people know about BlackBerry. We are now a much more enterprise software and services company, and that gives us tremendous opportunities to serve diverse needs.

Besides cyber security, we’ve also got our IoT division, where we are in over 215 million vehicles around the world, with 24 out of the 25 largest electric vehicle makers adopting our QNX platform to provide a connected vehicle experience. The other thing that we don’t talk as much about is we have a portfolio of over 38,000 patents that will rival anybody in the industry.

We have four pillars in cyber security, the first being unified endpoint management [UEM] where we have the heritage of helping some of the largest organisations in the world manage their devices. We’ve done a series of acquisitions along the way that have complemented that, including Cylance, which took our cyber security capabilities to a new level.

“There couldn’t be a more exciting time to be at BlackBerry. We’ve undertaken a complete transformation from what most people know about BlackBerry. We are now a much more enterprise software and services company, and that gives us tremendous opportunities to serve diverse needs”

I used to compete against Cylance while I was a McAfee, but I didn’t enjoy competing against Cylance, which has the most innovative artificial intelligence and machine learning capabilities to secure endpoints in a more efficient and effective way than signature-based approaches. Having those Cylance capabilities, our second pillar in cyber security, is a critical move.

Since then, we’ve built out the Cylance portfolio considerably. It started with CylanceProtect for endpoint protection, and we’ve added other capabilities, such as EDR [endpoint detection and response], a gateway service and a managed security service for organisations that are facing talent shortages.

The third pillar is critical events management. When you think about the natural disasters that happen in this part of the world, and the geopolitical challenges these days, having an out-of-band communications platform to communicate in real time with communities is critical when something goes wrong. This is a platform that, even if the internet went down, these communications would get out via a variety of channels. This asset is, honestly, a quiet, special sauce that we have, and is being used by the US government.

The fourth pillar is our SecuSuite, which is mission-critical and uses the highest level of encryption to encrypt everything I use – voice, data and applications – on my smartphone. This is the most sophisticated encryption that exists today and is being used by intelligence agencies and militaries. The technology used to be more hardware-based, but it was a little cost prohibitive, so we turned it into a software solution over the course of 18 months. 

To your point about how we’re integrating our capabilities, if there’s a cyber threat, we can communicate that threat through our critical events management platform, even if your network goes down. Another example of how we’re bringing things together is by simplifying the technology. Today, most companies use different agents for protection, EDR and web gateway capabilities, and we’re working on bringing those together with just one agent, so you can dial up and down whatever service you want. Those are the sorts of technology innovations that we can bring to provide an integrated set of capabilities for our customers.

Has the integration of Cylance been completed following the acquisition?

Giamatteo: I would say at this stage, we’re probably 85% integrated. I wasn’t here at the beginning of this acquisition, but as with any acquisition, the first thing you do is bring together HR and legal.

The next phase is to go to market by bringing together our UEM and Cylance sales teams and have them pitch stuff from each other. That was a bit of a journey with Covid-19, which slowed us a little, but I think that’s where we want it to be now. We’ve got strong leadership here in APAC and EMEA [Europe, Middle East and Africa], and they’re bringing our go-to-market motion together as one team.

The final piece, which tends to take a little longer, is technology, because if you’re driving a car at 60mph, you’ve got to be careful about how you change the tyres. You want to get some efficiencies, but you don’t want to break anything that might be working on either part of the business. We’ve probably got a little more that we can do on the technology side, but it’s coming together nicely.

Are you integrating any of BlackBerry’s intellectual property (IP) into the Cylance portfolio to bolster any particular capability?

Giamatteo: IP is a strategic asset that protects us from people making claims against us. As far as incorporating some of that IP into Cylance, I would tell you we do it where it’s pragmatic. We don’t do it for technology’s sake.

If we think there’s a specific use case from having a device handle Wi-Fi in a particular application and how that can provide security over a Wi-Fi connection, we’ll integrate it. But we do it in a very specific, pragmatic and focused way because, honestly, we don’t want to distract ourselves. We want to focus on driving and delivering in the marketplace, and doing too much of that might not add as much value as we’d like.

What sorts of customers tend to go with EDR, which some people see as a commodity tool, versus those who might prefer a managed detection and response (MDR) offering?

Giamatteo: Big companies that have big budgets and a security operations centre [SOC] will go with EDR first because they have the resources. They don’t need MDR, but if they need help with incident response or penetration testing, we’ll provide that. The mid-market is where we see more of an opportunity with MDR as companies face a labour crunch.

“Prevention and blocking nearly every threat is the approach to [avoid] alert fatigue. It’s one less headache, especially as companies have to do a lot more with fewer people. It’s a no brainer that you’ve got to outsource it, and you need to outsource it to someone you can trust”

Stamatelos: A lot of our competitors will say that you’re going to get a heart attack even if you’ve got the best ambulances and the best hospitals. In other words, you’re going to get hacked no matter what you do. You’re going to get breached.

But would you rather not have a heart attack? Prevention and blocking nearly every threat is the approach to this labour shortage, so you don’t get alert fatigue. It’s one less headache, especially as companies have to do a lot more with fewer people. It’s a no brainer that you’ve got to outsource it, and you need to outsource it to someone you can trust.

Could you give me a sense of your footprint in the APAC region and how you’re supporting your customers here?

Giamatteo: We have some of the best resources in the world right here, and yet as cost effective. You will continue to see us build out our capabilities in APAC and having leadership here to support and drive our growth.

A couple of years ago, we probably weren’t in the best position to build our capability here, but between what’s happening in the market with the trends that we’re seeing, and what we’re investing in the region, I think the best approach for us would be to provide as much capability as we can locally.

I understand BlackBerry also offers ZTNA capabilities. What’s the thinking around that and are you building out that capability even further to compete with the likes of Cloudflare?

Giamatteo: We believe in taking a comprehensive approach to ZTNA and we do it pragmatically. Sometimes people talk about having a vision, and in 10 years it’s going to look like this. We think about it more in terms of what a customer is going to need in the next three to five years. And today, we probably have 70% of what we need to provide those capabilities. We’re building out the other 30%.

For ZTNA to be effective, you need to have a good data lake that takes all the data sources from third parties that might be operating inside an enterprise. That’s part of what we’re building, so ZTNA is going to start with our gateway and our DLP [data loss prevention] product wrapped up with a bunch of services. And then we’re going to evolve that into a more comprehensive solution.

What’s the sweet spot for BlackBerry in the diverse portfolio you talked about? Is it a case of customers going for EDR before tapping other offerings in your portfolio?

Giamatteo: We have a lot of customers in different industries, such as governments with big budgets that want mission-critical solutions and need certain certifications. That’s a unique set of customers that we’ve got a lot of history with.

Then you’ve got the enterprise space. These are the large banks where cost is not a problem. In the mid-market space, customers are more price sensitive and don’t have enough resources, so we bring our value proposition of EDR, managed services and threat intelligence reports.

We’re also going to bring out CylanceEndpoint Pro, where we’ll package together our AI endpoint protection, cloud-based EDR and our alert view that simplifies the console experience. So, if you’re in an SOC, instead of going through a thousand different things, you’ve got one page with 100 blinking lights that you need to focus on.

Those three components and our threat intelligence reports are our sweet spot for customers with 5,000 to 7,000 endpoints. While we can scale down to support customers with 1,000 endpoints, that to me is our sweet spot for large organisations like governments. In the mid-market, it’s more of our Cylance solution.

Could you talk about BlackBerry’s threat intelligence capabilities? Are you building your own capabilities or working with third-party threat intelligence providers?

Giamatteo: Both. We’ve built out a global threat intelligence team and we’ve got people here, in Europe and Latin America, because threats are coming from all over the world. And we have data feeds from millions and millions of endpoints feeding our global threat intelligence engine which generates all sorts of analysis. If you’re in the manufacturing sector, it will give you a cut of what we see from a threat intelligence perspective.

But we’re one data point. There are other sources out there, so we leverage third-party information as well. And we’re gleaning a lot of data, insights, best practices and advice that we give to our customers through all this information that we pull together.