Denis Korablev, Managing Director and Product Director of Positive Technologies, on why cybersecurity must evolve with real-world threats, not just theory.
How are you combining both offensive and defensive technologies in your portfolio?
First of all, we don’t offer offensive products. We focus strictly on defensive technologies. Though we offer services such as penetration testing and cyber investigations, it is not a core business focus. They’re mainly used to strengthen our internal knowledge base and gain firsthand insight into what’s actually happening in the field.
We operate with two perspectives, like having two hands. One hand is to understand the real-world landscape—how threats appear and evolve. The other hand uses that understanding to build intelligent, defensive solutions.
What kind of emerging threats are shaping your product development strategy?
Frankly speaking, we are dealing with a complex situation in Russia – we’ve seen a wide range of attacks, particularly advanced hacking attempts.
We focus on what’s really happening on the ground—not just theoretical or simulated attacks. Much of the cybersecurity industry has traditionally focused on penetration testing or synthetic scenarios. What we’re facing now is real activity, and that has fundamentally changed how we develop products.
Our current product strategy is shaped by actual threat behavior—what we observe in the wild—rather than by academic models. We’re building practical, defensive tools designed to counter those real-world threats.
How do you actually plan to stand out in such a crowded cybersecurity market and compete againt global players like CrowdStrike, Palo Alto Networks, and Mandiant? What would you say is your key differentiator?
As I mentioned earlier, our biggest differentiator is that we are practical—we build products based on what we actually see happening in the field. We’re not building generic, one-size-fits-all solutions. Our products go deep into specific areas of cybersecurity.
Another point is that we aim to eliminate the gaps between product areas. For example, between secure web gateways and secure email gateways, we ensure there’s no coverage gap. Our security model is integrated, and our products are designed to work seamlessly together.
When we develop new solutions, we’re always looking for niche areas where we can truly excel—where we can be the best. For example, I’m responsible for our next-generation firewall (NGFW), which competes directly with Palo Alto Networks.
Palo Alto was a pioneer in NGFWs. But, we’re focusing on two key areas to outperform them: scalability and deployment flexibility, ensuring our firewall is easy to deploy across any enterprise environment; and performance, with an emphasis on efficiently handling ever-increasing traffic volumes.
Palo Alto began developing their firewalls 15 years ago, when CPU performance was far more limited. Back then, they had to build specialized hardware because it wasn’t feasible to run high-performance security solutions on software alone. But times have changed. Today’s CPUs are much more powerful, and we’re building our firewall software to take full advantage of that.
Because we’re starting now—with current technologies—we don’t need to rely on custom hardware. We’re able to develop high-performance, software-defined solutions that are easier to deploy, scale, and maintain.
Another key differentiator is our firsthand understanding of real-world threats. Due to the ongoing geopolitical situation we’re constantly exposed to advanced attack techniques. This gives us real-time insight into evolving threats, and we’re building our products specifically to defend against them.
Are you planning to specialize further within your current portfolio by expanding into other categories like XDR, DevSecOps or compliance automation?
We already do DevSecOps. For example, we offer static and dynamic analyzers, an orchestration platform, and more. We provide container defense, XDR, and endpoint protection—so we essentially have a full setup.
Our strategy is to ensure we have every tool necessary to protect an entire organization—without any gaps between technologies. Each product in our portfolio is designed to work together seamlessly to deliver comprehensive protection.
And what exactly are you offering for industrial security?
Initially, we focused on developing both software and hardware to detect network attacks. Over time, we’ve come to understand that industrial networks aren’t fundamentally different from enterprise networks—they just have specific characteristics and requirements.
As a result, we now offer a full suite of our products specifically tailored for industrial environments. This includes solutions for vulnerability management, log analysis, endpoint protection, and industrial firewalls.
So, when we’re working with a company that has an industrial component, we provide the same core products—but with customized deployment suited for that environment. The result is a unified solution that functions as a single, integrated platform.
What role does threat intelligence play in your overall product strategy? Do you offer it to your customers, and is it effective in real time?
Our threat intelligence is not real-time in the strictest sense. We collect data over extended periods, and while it can be applied immediately once processed, the process of gathering and analyzing that intelligence takes time.
All of our products are designed to use this threat intelligence effectively, but it functions more as a delayed or retrospective capability—not something that updates and responds in real time. It’s more like a post-processed operation, rather than instant detection and response.
Do you leverage AI and machine learning within your portfolio?
We don’t apply AI in real time because the inference process can be very slow. For example, if you were to query AI for every request that passes through a firewall, it would significantly impact performance.
Instead, we use AI in background processing mode, and in that context, it works very well. We’re also using AI as a copilot to assist with development itself—helping us improve the speed and efficiency of our product development process. And so far, it’s proving effective.
