Q: Cybereason has established itself as one of the leaders in the next generation endpoint security space. Where do you see the greatest opportunity for innovation in this product category over the next few years?
One problem with the second generation of AV solutions is that the way they collect and correlate data is very flat and one-dimensional. Even behavioral data is stored in a static database that doesn't constantly adapt to actively reflect data relationships in real time.
By contrast, our solution creates an ever-evolving, multi-dimensional in-memory map, which represents the relationships between every point of data. As new data is pulled in from across the organization, these relationships endlessly grow and change – and our graph automatically updates to reflect this in real time. Rather than looking at data in a linear way, we can see the way one data point can be connected to thousands of others. This enables us to look at the story told by the data and unearth signs of complex attacks operating across the system.
By leveraging behavioral analytics, pre-configured malicious activity models, and threat intelligence context, the detection engine is programmed to continuously hunt for malicious tactics, techniques and procedures (TTPs) within this collected data. Alongside the increased complexity of the way we examine data, there is also a tremendous opportunity in the speed and power of our next generation analytics. Where a second-generation solution typically examines 8,000 incidents per second, we analyze eight million incidents per second.
This approach means we can constantly evolve and adapt to meet new threats as we detect and analyze new attack techniques. This ability will be absolutely crucial as threat actors continue to refine and innovate their attack methods.
Q: Talk to us about Cybereason's Deep Hunting service. What's driving demand for it and who's doing the buying? Is it mostly large enterprises with mature security organizations or are you seeing interest from small and medium sized entities as well?
Demand for our Deep Hunting service has been driven by the increasingly frequent and highly destructive, board-reportable cyber-attacks hitting major organizations. It seems a new household name is implemented in a major security incident on a weekly basis, with the financial cost regularly hitting tens or even hundreds of millions of dollars in lost revenue, falling shares, and regulatory and legal fines.
Our Deep Hunting Engine can help organizations detect an attack as it is underway, providing a crucial opportunity to limit the attack's impact. Our threat hunting approach will also help to detect and remove all traces of the attacker's footprint from the environment, preventing them from launching the later stages of an attack.
Finally, Deep Hunting will also provide valuable insight on how an organization's security can be improved, and best practice to prevent future attacks.
We have seen the strongest interest from large organizations that are eager not to join the hit parade of serious security incidents, with many of our deployments covering more than 250,000 endpoints.
Q: What do you want those attending Black Hat Europe 2017 to know about your company and its services?
The main takeaway for attendees is that Cybereason was born and bred for the hunt. We believe offense is the best defense, and actively seek to take the fight to the cyber criminals rather than simply sitting and waiting for them to attack.
We have a strong heritage in offensive hacking operations, with many of our executives and employees previously serving in the Israel Defense Force's elite 8200 unit, an elite cyber security group. Today we apply a military perspective on cyber security to protect enterprise, and our military-grade technology has stopped some of the most advanced attacks in the world.
Our EDR, next-gen AV and monitoring services are constantly evolving to keep leading organizations around the world safe from the rapidly changing threat represented by high-level cyber attackers.
