Tim Keeler, Founder and CEO of Remediant, was kind enough to sit down with Safety Detective’s Aviva Zacks. He told her what motivated him and his co-founder, Paul Lanzi, to start their own company.

Safety Detective: Can you tell me about your background in IT and security?

Tim Keeler: I’ve been doing IT security for about 20 years. The last five years have been with Remediant and building our platform – SecureONE. Before that, I spent five years as an independent security consultant, where I helped large enterprises deal with state-sponsored breaches. That’s where I got my background in forensics, penetration testing, and incident response.

SD: What motivated you to start the Remediant with your co-founder Paul Lanzi?

TK: Paul and I worked together at a company called Genentech and I was part of the security engineering and architecture team. We got acquired by a larger pharmaceutical company called Roche, and their headquarters is based in Switzerland. When I left the company, I started doing independent consulting and Paul joined another biotech company. My entire inspiration for starting Remediant was largely based on my experience doing incident response and post-breach remediation for enterprises.

I spent a lot of time helping companies build their security architecture and helping them understand where their processes or technologies broke down in terms of the attack strategy that they had in place. The biggest frustration that came out of it was the same attack playbook was happening over and over, even if it was companies in other different sectors. It always involved an administrative account getting compromised, and an attacker would use that to laterally move around the environment, ultimately getting to whatever their target was. In a lot of cases, there was intellectual property, other times there was customer data or financial data. I realized that the way we’ve been approaching the industry is fundamentally flawed and needed a whole new approach.

SD: What is Remediant’s flagship product?

TK: That is SecureONE, which is designed to solve the problem that I just spoke about. I fundamentally believe that we have to go in with the assumption that an admin-level credential is going to get compromised. And then we ask ourselves how we put effective security controls in place knowing that an attacker has the username and password for an admin-level account in the enterprise.

Our platform is designed to help you manage administrative account sprawl and turn this into a completely just-in-time model, which means that rather than administrators having 24/7 access to every system, they only get it to the specific system just for the specific amount of time that they need to log into that system.

SD: What do you feel are the worst cyberthreats today?

TK: I think the worst cyberthreats right now are around the proliferation of malware and how that ties into to ransomware. The level of sophistication behind these types of custom malware is growing exponentially. We’re also seeing a lot more companies get hit with ransomware attacks, and they’ve even upped the sophistication level where it uses admin-level credentials to access the data and hold companies hostage and there’s very little that they can do about it.

An example of that is the Petya and NotPetya virus that was proliferating a lot of companies around ransomware. This was a very interesting virus that leveraged automatic harvesting credentials in the way it was infecting computers. If it got into one system that was unpatched, then it was able to harvest those credentials and then propagate. And I think that’s the first generation of where all these different ransomware and other different types of viruses are going to happen. So, we’ll definitely see a larger explosion around this just automatic credential harvesting and some of these elements built into AI with malware.

SD: How do you feel that the COVID-19 pandemic is changing cybersecurity for the future?

TK: I think the first and most important one is around the remote workforce. In literally a matter of weeks, companies had to scramble. If they didn’t already have an existing remote strategy, they had to quickly adapt a lot of different tools. A lot of companies didn’t have two-factor authentication, secure VPN protocols, or even remote access tools to get into an application or a system. So a lot of companies rushed this out, and now they’re trying to figure out what they can do to make it secure.