Cybereason: A Reason To Watch Cyber Attacks In Real Time
Cybereason is a Boston based security startup that offers clients the ability to reveal a cyber attack in their corporate networks in real-time and not shut-it down -- at least not right away.
The company's approach to security is based on the assumption that hackers will find a way into the corporate network someway anyway, so any attacks have to be detected in real-time otherwise once they are inside they can lurk for months or years.
The three founders worked together in Israel's military cyber espionage Unit 8200, which is the single largest unit in the Israeli Defense Forces and performs similar activities to the National Security Administration (NSA) in the US.
Here are some notes and observations from my conversation with Lior Div, CEO of Cybereason:
- The company was founded in 2012.
- I asked if the solution offered is based on work that Div and his colleagues engaged in when they worked in Unit 8200. He laughs and says he cannot say anything about the organization however, he said there is a Wikipedia page entry.
- Div says that the computer training he and his colleagues received in the Israeli military was very good and taught them to think creatively about cyber attacks, just as hackers do. By thinking creatively it is possible to get ahead of criminal hackers, instead of the hackers always being ahead of the game.
- The training covered many aspects of computer security rather than creating specialists with narrow knowledge. This is important because you have to understand the whole security picture if you are to preempt future exploits.
- His team is recruited based on its ability to have a free mind, to think out of the box, but first to think there is no box. It is important also to have coding abilities, to read code and be comfortable working in a complex environment.
- Hacking is rarely performed by individuals. It is usually large groups, as many as 50 people, made up of teams of specialists. The teams must meet milestones just like software development teams.
- One team breaks into the corporate network while other teams specialize in finding the right data, or covering up tracks, while another team engages in deceptive behavior to mask the real activity.
- He says that the recent Sony hack blamed on the North Koreans was likely from another country and that it was a typical deception tactic.
-Cybereason's software is offered on-premise or cloud-based. If a data center has been compromised it is an advantage to use the cloud-based service. The software incorporates the experience of its security experts and their expectations on what could be new, creative ways to mount a cyber attack.
- This predictive security engine is constantly updated and works in real-time to detect and reveal what the cyber attackers are doing, as well as what they might try to do.
- The average length of a cyber attack is 200 days but with Cybereason's service, that can be reduced to less than a day, or even just a few hours, although Div recommends to not shut down the attack right away.
- Why not? Once detected, it's important to monitor the attack to make sure that it is not a deception, and to see what's the aim of the intrusion. You have to see the whole picture before shutting it down.
- Corporations are beginning to understand that there is no silver bullet to security. Hackers will always find a way in so the question becomes how fast can you hunt them down?