Interviews | NovemBer 3, 2017

Black Hat Europe Sponsor Interviews: Neustar and Nyotron

Evan Davidson

Evan Davidson


Q: How are Artificial Intelligence and Machine Learning tools transforming security? How is Cylance leveraging these approaches in its own products?

Here at Cylance, we have crunched over a billion files to date. We look at millions of features of each of those files, and we spin up over 40,000 cores in Amazon web services (AWS). The model we have created is massive, complex and advanced. And by harnessing the power of algorithmic science, we were further able to shrink that model down to a local model that can run on a typical laptop CPU and make autonomous, pre-execution decisions in [less than] 50ms.

AI not only improves efficacy, but it also changes the deployment model and makes cybersecurity implementation and operation a seamless, smooth process. Because of the advanced features of machine learning, you no longer employ traditional AV technology and tactics, including, incremental storage, scanning machines and re-imaging machines. Moreover, you can remove large endpoint agents that create performance friction for enterprise users. You also eliminate the tedium of taking machines offline during weekly scans.

AI and machine learning have reinvented endpoint protection by providing predictive, preventative security that proactively stops attacks before they impact critical systems. Traditional antivirus requires layers of technology and a first victim, and they can't prevent never-before-seen or unknown threats. AI and machine learning predict and protect systems pre-execution, before an attack occurs, and without a sacrificial lamb.

Artificial Intelligence and Machine Learning tools have transformed security by allowing us to truly predict attacks weeks, months, or even years ahead of a campaign. We call this the Temporal Predictive Advantage (TPA) that AI gives the defender over the attacker. This has played out recently in both a recent Qakbot resurgence, as well as preventing the recent WannaCry malware from running. Ultimately, WannaCry never stood a chance. We were there protecting our customers before the enemy got there - back in 2015, to be precise.

Q: Cylance's revenue growth over the past few years has been impressive. What's driving that momentum and what is your outlook for the EMEA market in the next few years.

The momentum is being driven both by the critical need for new technology that can actually prevent malware from executing and stopping cyber attacks in their track, and by the fact that artificial intelligence/machine learning for pre-execution prevention actually works.

In the past year alone, Cylance has achieved a number of milestones that have also contributed to growth. These include: appointing Brian Robins, a seasoned CFO with both IPO and acquisition experience, as Chief Financial Officer; delivery in May of the first AI driven endpoint detection and response solution with the introduction of CylanceOPTICS.

Opening our new EMEA HQ in Cork a year ago we have consolidated our presence in EMEA. Our channel partners have seem tremendous adoption across all size of customers and industries helped by our simple message, that is the need for something new to tackle the rapidly changing threat landscape.

Our technology is deployed on over six million endpoints and protects thousands of enterprise clients worldwide, including Fortune 100 organizations and government institutions.

We don't see this momentum slowing , as the threat landscape won't stop. We are encouraged and believe there is tremendous opportunity in EMEA to allow organizations a new way at preventing threats at the endpoint. The need for stopping the most threats with the least operational friction is required to tackle today's security challenges.

Q: Cylance is a Diamond Sponsor at Black Hat Europe 2017. What do you want people at the event to learn about Cylance and its strategy?

We want people at the event to learn that:

  • Prevention of threats in real-time is possible utilizing AI and ML.
  • Endpoint security doesn't have to be complicated. It should be simple, secure and safe.
  • Cylance is a pioneer in utilizing AI/ML to help solve the endpoint cybersecurity problems of today and tomorrow.
  • Proactive security solutions that prevent attacks, and identify threats before they strike, bring about a new level of security, performance, and cost savings.

This modern approach to security delivers in three key areas: providing maximum protection for data and systems; limited impact to system performance like legacy systems; simple and elegant solution that is easy to manage and maintain.

Our vision is to protect every computer, user and thing under the sun. The original mission of the Cylance team was to create a robust security solution that can successfully counter both known and unknown cyberattacks by applying AI before malware can ever execute. Cylance also offers consulting services to help institute best practices for prevention, network architecture, internal IR workflows, vulnerability and patch management, and assessment of both internal hosts and externally facing services that attackers use to gain foothold.

Joseph Loveless

Joseph Loveless
Director, Security Services


Q: What do organizations need to understand about web application layer attacks? How does your recently introduced Web Application Firewall and its integrated DDoS mitigation capability help address the threat?

As more organizations begin to adopt cloud technologies, Internet of Things (IoT) devices, and software-defined infrastructures, this creates precarious interdependencies and security gaps which make it easier to exploit vulnerabilities in the application layer. Attackers are opportunistic; they're going to strike where they stand to gain the most for the least effort.  Web application security flaws like SQL injections, cross-site scripting, and security misconfigurations are relatively easy targets. A Web Application Firewall (WAF) helps prevent attacks that target these vulnerabilities, but not all WAFs are created equal. Performance against attacks, compatibility with the rest of your stack, and cost are all huge factors when choosing a WAF.

Our approach is one of layered protection. By offering our WAF in concert with Always-On DDoS protection, you can optimize the impact of your security because not only can you fend off bot-based volumetric DDoS attacks, but also the SQL, XSS, data exfiltration and zero-day vulnerabilities that threaten the application layer. Plus, you don't have to worry about added costs, or configuration and compatibility issues that may come with many other WAF solutions that require you to purchase or use with a Content Delivery Network, which you may not even need.

Q: Neustar has said it wants to implement a 10 Tbps Global DDoS Defense Network by early 2018 and recently tripled its DDoS mitigation network capacity to around 4 Tbps across EMEA and Singapore. What is driving the need for this kind of capability? How will your customers benefit?

We are committed to building the world's largest DDoS Defense Network. In EMEA, Neustar has expanded network capacity by 244 percent across three nodes in London, Frankfurt and Amsterdam alone. In Singapore, we doubled capacity in the region with more large nodes coming online in 2018. The primary driver is to provide unrivalled mitigation capability and network performance against any type of DDoS attack. It gives us the capability to meet and defeat new attacks head-on, with localized scrubbing, so customers don't feel the impact to their networks.

This is particularly important as the size and scale of attacks continues to grow. The largest attack to date was 680 Gbps/180 Mpps, with the average attack size in the last year at 8.2 Gbps. Neustar is currently capable of absorbing and defending attacks of 4 Tbps, and we are extremely confident that this expansion allows us to appropriately scale, so we can defeat contemporary and future DDoS threats without impacting other Neustar customers.

Q: There's going to be a lot going on at Black Hat Europe 2017. What is Neustar's main focus and messaging going to be at the event?

We are very focused on the integrated defense model and layered protection. We believe that's the best way for organizations to comprehensively defend themselves as the threat landscape continues to evolve. In our latest Global DDoS Attacks and Cyber Security Insights Report, we found that organizations are heavily investing in diversifying their defenses in order to stay ahead of threats. And that's a good thing. But at the same time, our research shows that DDoS attacks are more successful than ever, with the highest rates of breach per attack that we've ever seen; and it's taking organizations longer than it should to figure out that they are under attack. We found that 46 percent of organizations need at least three hours to detect an attack. For those organizations where time-to-detection is three to five hours, they are pretty much guaranteed to be victims of theft of valuable intellectual property, financial resources or customer data.

To reduce the impact of threats – and frankly, it's coming from all sides as attackers are amassing bigger and better arsenals – organizations have to think about their protection strategy in a much different way than before. Accepting a pre-packaged solution from a cloud service provider as the cornerstone of your security portfolio just isn't going to cut it. You have to make investments in layered protection at an enterprise infrastructure level. Neustar's security portfolio has the breadth and depth that enterprises need for that layered protection. Our integrated platform and proprietary threat intelligence provides insights about imminent threats, defends and mitigates when an attack actually happens and helps accelerate performance through those attacks – and that is critical, because when you're under attack, you need to thrive, not just survive.

Nir Gaist

Nir Gaist
CTO and Founder

Ben Wheeler

Ben Wheeler
Country Manager, UK


Q: Nir, you are the creator of PARANOID, your company's patented flagship product. Talk to us about the technology and how it helps better equip enterprises to deal with modern cyberattacks such as WannaCry and NotPetya.

Rather than speaking to threats that have already happened, the more important question is how to better equip enterprises from future attacks. Today's security solutions have not solved the complete problem of unknown attacks – they are addressing pieces of the problem.  Some vendors deliver email security, some deliver ransomware solutions, some specifically for exploits, others phishing solutions.  Customers today need to have a solution to protect them from all unknown and undiscovered attacks across the board – regardless of the type of threat or attack method.

As far as we know, we are the first and only company and product that protects enterprises with a threat-agnostic defense approach.  PARANOID provides the missing piece of protection – we can stop the things that have the potential for the most expensive damage. This means that regardless of the type of threat or the attack vector, PARANOID can prevent the damage the attacker is attempting. We do this with no artificial intelligence, no machine learning, no blacklisting, no sandboxing, no decoys, no daily updates, no guessing.  We simply have mapped all of the right ways to do things on a computer. Therefore, we are know what is good and what is bad.

Q: Ben, Nyotron launched into the UK and European market earlier this year. How is the expansion coming along? What's driving demand for technologies such as PARANOID in the region?

We launched our UK and Northern European operation in the first quarter of 2017 to add to an expansion into the US in 2016 and the development presence which was borne out of Israel. The company became a US headquartered company in 2017 with our executive management team now based in Santa Clara. In the UK we have an office in the City of London in the Leadenhall Building (aka Cheese Grater) and are preparing to open a regional technical office in the South West of England.

We have open headcount for sales and technical staff and have recruited a European Marketing Director to be starting first of the year. We are actively recruiting a network of large resellers and MSSPs as well as smaller boutique security focused partners who cultivate deep relationships with their customers. 

We are seeing lots of interest in our solution because we offer such a fundamentally differentiated approach to protecting enterprises against cyberattacks.  Enterprises are on the lookout for technologies that can strengthen their defences against attacks and quickly understand how differentiated and philosophically superior the Nyotron approach is to threat hunting. Once we have educated the major enterprises that there is a different way of protecting against cyberattacks we expect mass adoption of our Threat-Agnostic Defense approach.

Q: Nir, Nyotron recently raised $21 million in funding and appointed a new CEO while you have taken over as the CTO. How do you plan on using the funding and how do the executive changes better position the company for future growth?

The funding and new leadership have positioned Nyotron well to greatly expand global sales, business development and marketing activities, make inroads into new markets, further invest in research and development, and cultivate its current set of innovative cybersecurity offerings.

Nyotron's commitment to developing innovative, groundbreaking technology has been the driving force in its explosive growth over the last year. PARANOID and the Nyotron War Room represent the industry's first and only endpoint security approach designed to block all advanced cyberattacks regardless of the type of attack, threat vector or attack methodology. The PARANOID platform is also distinguished by its acclaimed Threat-Agnostic Defense, which features the company's revolutionary patented operating system behavioral pattern mapping (BPM) technology.

Thus far, Nyotron is the only known endpoint solution on the market that can protect against undiscovered and unknown malware, including ransomware, advanced persistent threats and other malicious attacks. It is important for us to broadly expose and educate the world to our unique approach.

Q: Ben, Nyotron is a relatively new player in Europe. How do you plan on using your presence at Black Hat Europe to spread awareness of the company in the region? What is you main messaging at the show?

Being a Platinum Sponsor at Black Hat Europe is an important component of our message to the market that Nyotron is an innovative and disruptive player in the security market.  Enterprises across Europe are worried about protecting their data by stopping unknown and undiscovered threats.  They know that they are vulnerable to a barrage of threats – both known and unknown.  Nyotron is the first and only company to deliver Threat-Agnostic Defense to enterprises. That means that regardless of the type of threat or the attack vector, our product, PARANOID, will be able to stop the damage that the threat attempts.

It is important for Nyotron to be at Black Hat Europe to help demonstrate to prospects that our approach is fundamentally different from all other security vendors.  We recognize that while the ways to get into a network are infinite, the ways to do damage are finite, so we have turned our attention to stop the intention of the attack by stopping damage. This is completely opposite to the approach that other vendors employ.  Our patented technology has simply mapped the operating system for all the right ways to do things on a computer, so when something bad is attempted, we recognize it in real-time and PREVENT it from executing.

We provide ultimate security for organizations with no artificial intelligence, no machine learning, no sandboxing, no decoys, no threat chasing, no blacklisting, and no guessing. 

Sustaining Partners