CEO Howard: Pondurance dedicates 30 engineers automation, calling it “critical component to success"

By James Thaler

Feb 18 - (The Insurer) - Pondurance CEO Doug Howard says the MDR has 30 engineers focused on AI and automation, which he called “a critical component to success” in cybersecurity, as he also laid out an argument for organic growth versus M&A in the cyber segment.

The executive made those comments in an interview with The Insurer TV at last week’s NetDiligence Cyber Risk Summit in Miami Beach, Florida, where he also discussed the potential impacts of the new Trump administration on cybersecurity enforcement.

Pondurance has been around since 2008, with its services largely focused on managed detection and response, or what essentially amounts to 24-hour monitoring of clients’ IT networks.

It also does some digital forensics and incident response work, with a cyber advisory team that does risk management, and has long-term private equity backing.

'USING AI TO MONITER OLDER VULNERABILITIES'

With AI technology continuing to rapidly advance, Howard said it is crucial for “good actors” to look at things from the perspective of threat actors.

“Whether it's looking back from a historical perspective, there's always vulnerabilities that get exploited, not zero-day, but years and years and years in the past, because people just don't do patching,” he said.

“Things become more exposed over time. And so, what large language models can we put in place that also keep track of those and are constantly testing customer networks proactively, the same way a bad guy would?”

Howard also highlighted adaptive learning as a crucial part of AI that ultimately is going to drive the real value of rapid capabilities to be able to respond to new threats.

“What are they taking from the large language models? What are they doing with adaptive learning, machine learning, basic stuff, scripting and various other things that can now happen in seconds versus days and weeks that previously happened?”

The Pondurance CEO said that at least half of the time the cybersecurity community acts reactively to new threats, new penetration capabilities, along with other new types of adaptions on the part of threat actors.

“Now those are happening in seconds. So, instead of having days or weeks or months to respond to those and put your protective capabilities in place, you're now going to see those hit the world quickly, all at once, versus over a longer period of time.

'AI, AUTOMATION "A CRITICAL COMPONENT TO SUCCESS"'

To stay on top of the latest threats, Pondurance partners with threat intelligence feeds that it integrates into its MID servers along with other strategies that allow it to more rapidly consume that information and integrate it into its platform.

“We want to integrate it into our platform from an IR perspective, from a cyber advisory perspective, and obviously from an MDR 24x7 monitoring perspective – we want those integrated in,” he commented.

Pondurance at one point had 50 individual feeds into its platform from both paid and open sources.

“There was a lot of duplication. So, we found 17 that were our core, that we really needed ourselves, that we didn't think others provided,” he explained.

It partners with threat intelligence company Recorded Future, from which Howard said Pondurance gets a full exposure capability into and is integrated into its platform.

Pondurance then pairs that capability with machine learning to survey the threat landscape, intelligence that it then uses to protect its customers.

“Because if you're sitting around and you're reading vulnerability alerts that come out from every vendor every day…very few companies would be able to do that themselves. So, they rely on a company like ours to figure out how to operationalise it.”

Pondurance employs 30 engineers dedicated to automation and leveraging AI, which he says will be a “critical component of success”.

“If you think about that from a long-term perspective, then we need to focus on what we do best. We think that IR, the cyber advisory and the MDR are very complimentary of each other,” he commented, noting that Pondurance partners with other firms, like those focused on recovery.

'ORGANIC GROWTH MORE APPEALING THAN M&A'

With the proliferation of DFIR and cybersecurity firms, Howard was asked his thoughts on the potential for consolidation in the industry.

“There's two paths for most pure DFIR companies. Ultimately, path one is they grow, and they exit, and somebody takes them to a different level. And number two, I think what you're focused on is the consolidation effort,” he explained.

Howard said the strength of a firm’s distribution as well as its relationships with the insurance industry would be critical factors in the viability of a firm as an attractive takeover target.

“What are their differentiators in that particular space? And could you put two groups together and ultimately create something that's better than one plus one equals two? And so, the IR space is actually pretty easy to do that type of thing,” he noted.

“If you look at cyber advisory, same thing. Arguably, you can put those together. When you look at MDR, especially if you're over, let's say $10mn in revenue, you're ultimately going to have to consolidate platforms, technologies – it becomes very messy."

Howard said Pondurance spent three years looking at around 30 different MDR companies to potentially acquire, ultimately winnowing down that least to about five or six firms.

“And at the end, it was cheaper for us to go and get new clients than it was to acquire and ultimately try to integrate and create that disruption for the client on the other side,” he said.

Despite the volatility in work some cybersecurity firms experience that go along with the ups and downs of ransomware activity, Howard said Pondurance has been on a steady growth trajectory.

“We've become relatively large. So, we don't have those dips, because we're still in that huge growth curve. If you talk to somebody that's been around, and maybe they were 100 people strong, they've got all these dips that are coming because various things happen in the marketplace,” he explained.

“If you got a small company that's five people-strong, they're going to say they're overwhelmed with work, if they just get on one panel, for example” he added.

'SECURITY SERVICES FROM INSURERS IMPROVING THE HEALTH OF THE ECOSYSTEM'

Howard, like others in the community, said if he sees any dips in his firm’s bookings, he’ll call around to industry friends in the market to gauge whether there’s been a fall off in activity.

“But ultimately, what you usually find right now in our growth trajectory, is there’s been a lull in some of the carriers as well, which is a good thing,” he noted, pointing to a downturn around the holidays that then proceeded to spike.

“I think the industry also tends to make up good stories about why that is. Just like we said, Russia and Ukraine, it was all about the disconnect and ransomware.”

“Now it's, well, there was the Arab holiday, or there was the Catholic holiday and all of these reasons that there was a lull for a week or two, and now I think we're back to a point of, 'Okay, whatever it was, it doesn't really matter’,” he explained.

“Now, there's a continued growth trajectory, and we expect there will always be little lulls, but we expect that '25 will be a large increase over '24 and '24 was a great year for most IR firms.”

Howard said that the biggest threat the cybersecurity industry faces is the maturation of AI technology and new techniques that could hit victims globally at the same time, versus one company at a time.

“That said, there are still vulnerabilities that come out [as] zero-day [vulnerabilities], especially with remote access right now, that are creating huge opportunities for those that haven't even created any of their AI infrastructure on the attack side,” he explained.

“I think it's not a great year for the next couple years, probably, for anybody on the insurance side, and it's really up to the IR/MDR companies to really figure out, how can we proactively make customers better and better?”

Howard also said the trend among insurers to offer more security services as insurance market conditions soften is improving the health of the cybersecurity ecosystem.

“It's a benefit to the customer. It's a benefit to them. It's a benefit to all the IR firms, arguably, to really prevent those bad things from happening to start with, and so, you saw multi-factor authentication, you saw any types of perimeter increases, you saw service accounts.”