Stopping cyber-attacks as they happen

Israeli intelligence spin-off, Cybereason, comes up with a new, real-time way of identifying and trapping cyber-attacks as they are in progress

  • 10 years ago Posted in

There has, for some time now, been talk of real time, policy-based cyber-security tools appearing that, rather than attempt to defend a device or system against attack, defend an entire environment through monitoring activity in real time, and stopping in while in progress.

Well, now it looks as though some tangible developments along just such lines may be starting to appear. And given the fact that one of the most dangerous sources of cyber-attack is quite likely to be one of any number of nation-states around the world, it is probably fitting that this new defence development comes from an intelligence organisation.

It comes from a company called Cybereason, founded by elite members of the Israeli intelligence agency. It has now emerged from `stealth mode’ with the launch of the Cybereason. This is designed to deliver protection from Malops - malicious operations perpetrated by sophisticated hackers carrying out cybercrimes within enterprises - by automatically detecting the hacker’s actions and intentions through continuous monitoring of systems across the enterprise.

This empowers CISOs and security analysts to proactively identify and eradicate Malops in real time.

T“As a result of the forensic expertise of the Cybereason team, this software’s ability to detect and intuitively display malicious activity without relying on predetermined signatures is by far one of the most exciting recent advancements I’ve seen in the information security space”

he company has built the Platform from its knowledge and first-hand expertise in cracking and reverse engineering the world’s most complex hacking operations. Cybereason has raised $4.6 million in Series A funding from Charles River Ventures (CRV) to execute its go-to-market strategy.

“CRV has a history of backing industry-defining companies. The Cybereason team brings a unique approach and fresh insights to a market that today doesn’t have effective solutions and where the damage is measured in many billions of dollars,”  said Izhar Armony, partner at Charles River Ventures. “Cybereason is positioned to lead the industry in addressing cyber-attacks in the most effective way, and in doing so, define a new market,”

The `way’ in question involves tracking actions and intent in order to uncover cyber-attacks in real time, before any damage is done.The company has defined a new approach by detecting Malops that comprise distinct phases within hacking operations that have intermediate goals.

This approach fills the gap between penetration and damage by continuously monitoring the IT infrastructure, visually describing the Malops in context and enabling security analysts to stop the hacking operation.

“Part of the answer to the seemingly insurmountable problem of how to identify attacks without signature-based mechanisms lies in pervasive monitoring to identify meaningful deviations from normal behaviour to infer malicious intent. If you assume systems will be compromised with advanced targeted threats, then information security efforts need to shift to detailed, pervasive and context-aware monitoring to detect these threats,” wrote Neil MacDonald, vice president, distinguished analyst and Gartner fellow emeritus at Gartner Inc. in his report, Prevention Is Futile in 2020: Protect Information Via Pervasive Monitoring and Collective Intelligence.

Given their collective history in state security issues, the Cybereason founding team brings a rare and powerful set of skills to the public domain. They also have a different way of thinking about cybercrime based on years of analysing and executing against hacker operations and bringing enterprise security products to market.

Cybereason’s platform discerns anomalies and distinguishes between the benign and the pernicious. The system collects specific information and combines analysis of big data algorithms along with proprietary knowledge enriched with external databases and intelligence. With powerful visual reconstruction of cyber-attacks, Cybereason allows the experienced and novice users to understand the context of the attack and react quickly and effectively.

“As the frequency and sophistication of attacks facing organisations increases, relying on incident response teams to understand and prevent them from spreading in early phases can be futile; an automated technology approach like Cybereason’s is better suited to help in the early detection of the most insidious attacks, especially as they are first spreading across endpoints and the network,” said René Bonvanie, CMO at Palo Alto Networks.

The Cybereason Platform has been deployed in several early access sites in the United States and Israel, successfully identifying the most advanced and targeted attacks, such as Flame, Doqu and Stuxnet. IT has been able to reconstruct their impact, spread and behaviour; and enabled their shutdown.

Talent and training partner, mthree, which supports major global tech, banking, and business...
On average, only 48% of digital initiatives meet or exceed business outcome targets, according to...
GPUaaS provides customers on-demand access to powerful accelerated resources for AI, machine...
TMF Group, a leading provider of critical administrative services for global businesses, turned to...
Strengthening its cloud credentials as part of its mission to champion the broader UK tech sector...
Nearly all UK IT managers surveyed (98%) state cloud investment is an organisational priority for...
LetsGetChecked is a global healthcare solutions company that provides the tools to manage health...
Node4 to the rescue.