Tech Insights

rss

Contributor Columns on Information Technology and Security

Infosec Startup Seculert: "Today’s Latest Cybersecurity Device is Tomorrow’s Paperweight"

Of all the issues facing CIOs these days, probably none is more challenging than cybersecurity. Literally every day we hear news about major cyber attacks being discovered. And these attacks are not just limited to smaller companies or run of the mill DDoS attacks, but major network penetrations everywhere from Fortune 500 companies to the Pentagon and the US military.

Of all the issues facing CIOs these days, probably none is more challenging than cybersecurity. Literally every day we hear news about major cyber attacks being discovered. And these attacks are not just limited to smaller companies or run of the mill DDoS attacks, but major network penetrations everywhere from Fortune 500 companies to the Pentagon and the US military.

As the threats become more advanced, there is a good argument to be made that traditional  on-premises security solutions based on hardware are no longer enough. After all, if the attack cannot even be detected, then it certainly cannot be defeated.

One startup taking a different approach to cybersecurity is Seculert. Using an innovative solution integrating Cloud, Big Data and crowdsourcing, Seculert is taking a new approach to Advanced Threat Protection (APT). Joining us to answer some questions is Seculert CTO and Co-Founder Aviv Raff.

IT Specialist: Thank you for taking the time to speak with us Aviv. To start with, can you provide some brief background on Seculert, such as what year you were started, who are your founders and what was the inspiration for starting Seculert?

Aviv: Seculert was founded in 2010 by security industry veterans -Dudi Matot, Alex Milstein, and Aviv Raff- with the mission to protect organizations from APTs and other advanced malware with a self-learning, cloud-based solution that provides a long-term response to the constantly-changing threat landscape.

Seculert’s founders saw that the field of enterprise security was lacking. Security solutions tended to focus on only 2 things, defending the perimeter of the corporate network and preventing infections from gaining entry. We envisioned a different approach. Instead of focusing on prevention, where 100% success was unrealistic, we saw an emphasis on detection as the game-changer. Experience has taught us that perimeter based solutions are insufficient; the best way to protect a corporate network is with a cloud-based detection solution.

Seculert’s vision is to help our customers effectively combat advanced malware and APTs by leveraging the cloud, crowdsourcing, and Big Data analytics to identify and block attacks at the speed at which they develop. Due to the fact that APTs are highly distributed and constantly evolving, it is impossible to defeat them with a local point-solution. Our experts are committed to creating a dynamic repository of threat data that is constantly being fed by participating organizations and proactive botnet interception, and to harnessing the power of Big Data technologies and cutting-edge malware expertise to identify and block threats as quickly as possible. 

IT Specialist: At a high level, can you provide Seculert's perspective on the current cybersecurity situation in the enterprise world, and what does Seculert see as the most challenging current threats? Looking to the future, what do you see over the next five years or so - what additional threats should enterprise IT specialists be aware of that could be coming down the road at them?

Aviv: Advanced malware has been lurking on company networks, sometimes for months or even years, and gone undetected by traditional advanced threat prevention solutions. Thanks to overt attacks like Shamoon and Flame, enterprises are now beginning to realize that they need to find alternative solutions to protect their network. Furthermore, today’s cyber attacks are designed by increasingly sophisticated and well-funded nation states, cyber criminals, hactivists and other online adversaries. Preventing 100% of attacks is impossible. For enterprises that need to ensure the security of their network’s internal assets, multiple sites, remote users, and BYOD, it is unrealistic to rely solely on prevention, rather they should focus on detection and protection. A shift in ideology has already begun, and the corresponding shift in practice is not far behind.

As the frequency and complexity of targeted attacks grow, more and more detection technologies will be based in the cloud. And existing on-premises systems will be used only for prevention and remediation purposes. 

IT Specialist: Turning now to Seculert's solution, one of the things that struck me was that you believe that enterprises need additional threat protection beyond traditional security solutions. With that said, can you provide a brief overview of how Seculert defines traditional security solutions - such as the types of solutions and some vendors in this space - as well as why a threat detection such as Seculert's product can add value on top of the traditional security solutions?

Aviv: Sure. Traditional security solutions are familiar to all IT security experts and they include firewalls, anti-virus software, IPS,  IDS, etc. The problem with the “traditional solutions” is that they are appliance or host based. The solution is stuck on-premises, limiting its reach and ability to be effective. With the constantly changing threat landscape, today’s latest device is tomorrow’s paperweight.

Seculert is the only cloud-based solution that transforms existing perimeter security solutions into a comprehensive APT solution. In doing so, traditional on-premises devices benefit from Seculert’s unlimited processing power and space, and the unique synergy of our technologies.

IT Specialist: Turning our attention to Seculert's product, you put a big emphasis on Advanced Threat Protection, and your capability to proactively hunt down these advanced threats inside and outside your network. Can you explain in more detail how this works and what are the steps involved? As I understand, a big part of this capability has to do with how Seculert identifies botnets that have penetrated an enterprise's network, is this correct?

Aviv: Seculert’s solution combines several key detection and protection technologies in order to proactively identify new threats as they emerge. Our core technologies include proactive Botnet Interception, an Elastic Sandbox, and Automatic Traffic Log Analysis. Together with our Big Data Analytics and API we provide a comprehensive cloud-based solution for protecting organizations from APTs and other types of advanced malware.

From the moment you open the dashboard, Seculert’s Botnet Interception technology instantly reveals known threats that have penetrated your organization. When you upload traffic log files for analysis, Seculert uses Big Data Analytics and machine learning technology to identify new malware. And through our API, you can automatically transmit threat information to your perimeter defenses and stop APTs in their tracks.

Seculert’s Botnet Interception is indeed extremely powerful- but it is the combination of our technologies working together that provides the key to successful Advanced Threat Protection.

IT Specialist: One things that I noticed is that Seculert has actually integrated a Hadoop-based Big Data tool into your solution. Could you explain how this works in practice?

Aviv: Hadoop is a map-reduce technology that allows us to easily scale our Big Data analytics. We use it to implement search and machine learning algorithms on the vast amounts of data we collect and analyze using our Botnet Interception, Traffic Log Analysis, and Elastic Sandbox technologies. With Hadoop we can use the same code to analyze a small or huge data sets by running distributed algorithms.   

IT Specialist: Can you describe a specific example of an advanced threat - the actual name of the botnet if you could - and walk us through the steps of how Seculert would handle this from an Advanced Threat Protection perspective?

Aviv: Sure. For instance, take Shamoon, the targeted attack that crippled the oil and gas company Saudi Aramco for a week. One of our customers found a suspicious file and uploaded it to the Seculert Elastic Sandbox. At that point, a malware behavioral profile was automatically generated. Using Big Data analytics the malware profile was cross-referenced across Seculert’s petabytes of data. Based on the behavioral profile, we identified the same malware on the gateway traffic logs of another customer. Next, those customers using Seculert’s API received this threat’s details which they then pushed to their on-premises security devices to protect their network against Shamoon. More information about the Shamoon attack on Saudi Aramco is on our blog.

IT Specialist: BYOD is a huge issue for enterprise IT departments. It is almost an unstoppable wave, yet at the same time, there is no denying the data security risks that come to an enterprise with BYOD, considering that by definition employees will use their devices for personal as well as business. Is Seculert's product at all targeted at BYOD, or is it primarily meant for on-premises corporate PC's?

Aviv: We pride ourselves on being a comprehensive APT protection solution, and that includes BYOD. Our cloud-based solution easily scales to tens of thousands of devices providing deep network-wide visibility. And since the solution is hardware-agnostic it is compatible with any device connected to the Internet running on any operating system. Our unique Botnet Interception technology looks both inside and outside our customer’s networks to identify every compromised computer and endpoint, including remote sites and employees, and on personal mobile devices.

IT Specialist: Seculert is a purely Cloud-based solution. Does this mean there is no software that actually gets installed on the customer's networks and no hardware that is installed at the CP? If it's Cloud based then, what is the interface between the customer and the Seculert Cloud?

Aviv: Yes, you are correct. Seculert is purely a cloud-based solution. We practice what we preach and truly believe that cloud-based threat detection and protection is the way of the future. That means no hardware or software or the costs associated with each. Seculert provides customers with an intuitive dashboard, a user-friendly interface, and a protection API. By logging in to our browser-based portal, customers can instantly see results displayed on a dashboard. This dashboard also shows the degree of separation between the infected endpoints and the internal network assets. Customers can also use the Seculert API, to push suspicious executables to the Elastic Sandbox for analysis or pull the latest detected threat’s details in order to update their perimeter defenses.

IT Specialist: Looking more specifically at the enterprise, can you provide an overview of how enterprise IT specialists - who comprise a large part of our audience - can benefit from using your solution? How easy is it for an IT manager to actually use and operate your system?

Aviv: Seculert’s solution is very intuitive and user friendly. No specialized training or additional staff are needed in order to take full advantage of all Seculert has to offer. Our solution is easy to deploy and complements existing security infrastructure without disrupting the network. By connecting an enterprise’s SIEM, firewalls and secure web gateways with Seculert’s API and adding bit of code, enterprise IT specialists can leverage our automated Traffic Log Analysis and machine learning technology, eliminating the need for manual number crunching.

IT Specialist: How has your traction been in the in the market to date, and are there any examples of partners or customers that you could share with us? Who does Seculert see as it's major competitors?

Aviv: No other company does exactly what we do. Some companies have similar approaches such as incorporating elastic sandbox technology while others focus on traffic log analysis. But what makes Seculert unique is the way our technologies work together to enhance already existing on-premises network security devices. Our cloud-based solution allows us to serve enterprises of all sizes and industries, including financial services, telecom, education, healthcare, and transportation.

IT Specialist: How much capital has Seculert raised to date, and who are your core group of investors? 

Aviv: In July, we announced the closing of a $10 million Series B funding partnership with Sequoia Capital with participation from existing investor, Northwest Venture Partners (NVP). This new round, in addition existing funding by YL Ventures and NVP, brings Seculert’s total capital raised to date to $16 million.

IT Specialist: Finally, for customers who may be interested in working with Seculert and/or want to do a trial within their organization, what is the best way to interface with you?

Aviv: Interested parties are encouraged to visit our website, www.seculert.com, where they can sign-up for our free version of the service or request a demo. 

Aviv Raff is the Chief Technology Officer and Co-Founder of Seculert. Aviv is responsible for the fundamental research and design of Seculert's core technology. Aviv brings with him over 10 years of experience in leading software development and security research teams. Prior to Seculert, Aviv established and managed RSA's FraudAction Research Lab, as well as working as a senior security researcher at Finjan's Malicious Code Research Center. Before joining Finjan, Aviv led software development teams at Amdocs, an industry leader in billing systems. Aviv has published several pioneering security research articles, and is a frequent participant and requested speaker at information security conferences worldwide.

Aviv holds a B.A. in Computer Science and Business Management from the Open University (Israel).

Showing 0 Comment
Your comment will be shown after administrator's approval







b i u quote

Save Comment
The Number One Menace to All Organizations
 

Learn more about how to protect your organization against this growing menace
https://info.knowbe4.com/ransomware-simulator-tool-its