CYBEREASON: MILITARY-GRADE THREAT HUNTING EXPERTS

Lior Div, CEO & Co-founder Even decades before somebody coined the term, cyber operations, Lior Div was working on a raft of sufficiently akin projects in a nondescript chamber in Israel. Lior is an alumnus of Unit 8200, a clandestine intelligence wing of the Israeli Defense Forces that for many years has been churning out a cohort of cyber intelligence savants, esoterically trained to handle offensive cyber operations. A Medal of Honor recipient in Israel and a dozen year’s worth of copious cognizance on cyber operations later, Div wanted to put his expertise to a much broader use. Compendiously, he started on a mission to help civilian enterprises in the likeness of hospitals harboring patient records, stay ahead of the curve, outpacing hackers and other attackers in cyber warfare. This sparked in him fervor to lay the cornerstone for Cybereason in the year 2012, and since then the company has made sweeping changes to the enterprise cyber security domain, through its unparalleled offensive approach.

“We realized our unique position in understanding the working paradigm of attack perpetrators and our advanced experience in the scene to counter cyber threats, before they become a catastrophe,” connotes Div, CEO and Co-founder, Cybereason. Today, the company has taken countering cyber attacks to the next level through intelligent and comprehensive reverse-engineering techniques that identify and act against complex cyber attacks. Along with equally proficient co-founders from defense security intelligence, Yossi Naar, CVO and Yonatan Striem-Amit, CTO, and a growing number of highly trained security researchers and product development engineers, Cybereason is a team of veterans from various cyber vigilant and federal institutions, underpinning the proposition that the company holds for its clients. “Our mission as a company is to eliminate an attack in its entirety—not just one aspect of it, such as removing a malware or blocking communication to a malicious IP—and our ‘offensive’ mindset, understanding the adversary and its techniques enables us to prevent future occurrences,” explains Div.

Every ‘Byte’ under the Sun

When Cybereason set out from mere boardroom ideas to fruition, Div knew that to handle the cybersecurity problem, Cybereason would need to consume and analyze an incredible amount of data in real time, and was therefore looking to find a big data solution to base the Cybereason system on. Their inability to find an existing big data solution that was a good fit to the needed scale and processing power drove the team to develop an indigenous big data technology. “When it comes to an enterprise network, the data being generated by millions of endpoints every second is colossal and changing too rapidly,” implies Div. “So we created a proprietary database technology that supports real-time quantification and in-memory graphs.” What’s more, the system enables statistical analysis in real time.
Cybereason’s approach begins by collecting, storing, processing, cross-correlating, and analyzing massive amounts of data derived from a multitude of machines, sprawled across geographically diverse locations. As enterprises increase their remote workforce, the periphery of the organization is ever growing. In the highly fragmented scenario, an attack vector could leverage anything that has processing power. Cybereason deploys sensors for information garnering across an enterprise’s infrastructure, from printers to routers, desktops to laptops, smartphones and other BYOD, to the wider spectrum of Internet of Things (IoT). Platform-and device-agnostic, the sensors amass intricate details pertaining to every event that takes place, such as authenticating to a device, plugging and unplugging removable media in the network and an outgoing email.

"I don’t know how to do defense; I know how to stop offense and there is a big difference between the two"

“It is imperative for us to keep upping the ante, and at Cybereason we achieve that by outperforming our device coverage capacity with every new project,” evinces Div. From the 200,000 endpoint device coverage that the company started with, it grew apace to a million devices, with no compromise on deployment timeframe. Illustrating this, Div unfolds the story about how a customer had approached Cybereason to assist them with a security threat in their organization. Within a period of less than three hours, the entire infrastructure was set up and the project went live in 24 hours probing the networks for probable intruders—internal and external. Div compares the process with that of shutting down a drug cartel operation, by freezing their bank accounts.

Donning the Hat of a Hacker

Aptly named, the ‘Military-Grade Threat Hunting Platform’ is powered by predictive analytics and runs excessive and rapid querying routines, at the virtual speed of eight million questions per second to scan across every entity in the operating environment. “Oftentimes, it is almost impossible to locate an adversary crawling inside the enterprise environment, as it is trying hard to leave no traces behind,” points Div. “It is during such instances that our offensive cyber operation skills become an added advantage.” He further cites, “A cyber security provider more often than once has to step into the shoes of a cyber attacker.”

Once the threats have been detected, the next step in Cybereason’s ‘hunting handbook’ is to decapitate the attackers. The ‘Response Interface’ of the Cybereason platform is an intuitive and engaging utility tool that harnesses the volume of data gathered, and notifies the security administrator of impending or ongoing attacks. An enterprise can effectively minimize the team size expended on probing, investigating, remediating, and monitoring the perimeters with the Response Interface. Additionally, the tool presents the incident case report, in a chronologically structured story, helping administrators to examine and scrutinize the source of disruption, in time for efficient and responsive decision-making, and to this end, Cybereason has embedded extensive machine learning and artificial intelligence capabilities in its platform. “On one instance, our solution boosted the ability to tackle a security predicament from 36 days to six hours, for a customer in the pharmaceutical industry,” Div extols.


It is imperative for us to keep upping the ante, and at Cybereason we achieve that by outperforming our device coverage capacity with every new project


The secret sauce toward the expedited resolution lies in the single-click, guided ‘Remediator’ module that brings the system back to normalcy, with marginal downtimes.

In quick succession to the remediation process, Cybereason shuts the gates on the network intruders, employing stringent firewalls and protocols in place. Every so often, a compromised enterprise may just be a rung in the ladder to a bigger and large-scale cyberattack, where hackers may use the network for ‘jumping’ to federal or classified infrastructures. Cybereason’s solutions nip the threat in its bud. Patrolling the territory around the clock, through immersive managed monitoring and live surveillance, the Cybereason platform informs and subsequently directs the administrator through the actionable tasks right from the dashboard.

By actively appearing and watching out for cyber attackers, the company has remained at the vantage point for several Fortune 500 organizations. An essential indicator to Cybereason’s prominence can be attributed to a high dose of zeal displayed in their R&D strategies and the inclination to outperform a bracket of cyber attackers.

Rhythm amidst Chaos

As computing microchips and processing power are becoming ubiquitous, every electrical and electronic entity is susceptible to fall prey to a hacker’s code. “With the right malware, anyone can gain visibility into a confidential business meeting by remotely taking control over the conference hall’s webcam,” remarks Div. Cybereason consigns its teams to hack a newly released chip, architecture, or OS and reverse engineer the assembly to ensure its solutions stay efficacious and reliable at times of such impromptu attacks.

For Div—a trained martial arts and karate fighter—offense is the only effective and foolproof line of attack that keeps adversaries at bay. It doesn’t come as a surprise when he says, “I don’t know how to do defense; I know how to stop offensive operations and there is a big difference between the two.” Cybereason works along these lines. From joining the army at the age of 18, to becoming an entrepreneur leading a ‘cyber hunting’ firm, his timeframe has been dotted by the nuances of securing realms, both human and otherwise. Sure enough, with Div at the helm, Cybereason, a harbinger in the offensive cyber operation culture, will be marching with full steam ahead, pushing the envelope to prop itself miles ahead of cyber attack perpetrators.

Company
CYBEREASON

Headquarters
Boston, MA

Management
Lior Div, CEO & Co-founder

Description
Offers a military-grade, real-time detection and response platform to enterprises, leveraging cutting-edge big data, machine learning and behavioral analytics to prevent advanced cyber threats

CYBEREASON