Stopping cyber-attacks as they happen

Israeli intelligence spin-off, Cybereason, comes up with a new, real-time way of identifying and trapping cyber-attacks as they are in progress

  • 10 years ago Posted in

There has, for some time now, been talk of real time, policy-based cyber-security tools appearing that, rather than attempt to defend a device or system against attack, defend an entire environment through monitoring activity in real time, and stopping in while in progress.

Well, now it looks as though some tangible developments along just such lines may be starting to appear. And given the fact that one of the most dangerous sources of cyber-attack is quite likely to be one of any number of nation-states around the world, it is probably fitting that this new defence development comes from an intelligence organisation.

It comes from a company called Cybereason, founded by elite members of the Israeli intelligence agency. It has now emerged from `stealth mode’ with the launch of the Cybereason. This is designed to deliver protection from Malops - malicious operations perpetrated by sophisticated hackers carrying out cybercrimes within enterprises - by automatically detecting the hacker’s actions and intentions through continuous monitoring of systems across the enterprise.

This empowers CISOs and security analysts to proactively identify and eradicate Malops in real time.

T“As a result of the forensic expertise of the Cybereason team, this software’s ability to detect and intuitively display malicious activity without relying on predetermined signatures is by far one of the most exciting recent advancements I’ve seen in the information security space”

he company has built the Platform from its knowledge and first-hand expertise in cracking and reverse engineering the world’s most complex hacking operations. Cybereason has raised $4.6 million in Series A funding from Charles River Ventures (CRV) to execute its go-to-market strategy.

“CRV has a history of backing industry-defining companies. The Cybereason team brings a unique approach and fresh insights to a market that today doesn’t have effective solutions and where the damage is measured in many billions of dollars,”  said Izhar Armony, partner at Charles River Ventures. “Cybereason is positioned to lead the industry in addressing cyber-attacks in the most effective way, and in doing so, define a new market,”

The `way’ in question involves tracking actions and intent in order to uncover cyber-attacks in real time, before any damage is done.The company has defined a new approach by detecting Malops that comprise distinct phases within hacking operations that have intermediate goals.

This approach fills the gap between penetration and damage by continuously monitoring the IT infrastructure, visually describing the Malops in context and enabling security analysts to stop the hacking operation.

“Part of the answer to the seemingly insurmountable problem of how to identify attacks without signature-based mechanisms lies in pervasive monitoring to identify meaningful deviations from normal behaviour to infer malicious intent. If you assume systems will be compromised with advanced targeted threats, then information security efforts need to shift to detailed, pervasive and context-aware monitoring to detect these threats,” wrote Neil MacDonald, vice president, distinguished analyst and Gartner fellow emeritus at Gartner Inc. in his report, Prevention Is Futile in 2020: Protect Information Via Pervasive Monitoring and Collective Intelligence.

Given their collective history in state security issues, the Cybereason founding team brings a rare and powerful set of skills to the public domain. They also have a different way of thinking about cybercrime based on years of analysing and executing against hacker operations and bringing enterprise security products to market.

Cybereason’s platform discerns anomalies and distinguishes between the benign and the pernicious. The system collects specific information and combines analysis of big data algorithms along with proprietary knowledge enriched with external databases and intelligence. With powerful visual reconstruction of cyber-attacks, Cybereason allows the experienced and novice users to understand the context of the attack and react quickly and effectively.

“As the frequency and sophistication of attacks facing organisations increases, relying on incident response teams to understand and prevent them from spreading in early phases can be futile; an automated technology approach like Cybereason’s is better suited to help in the early detection of the most insidious attacks, especially as they are first spreading across endpoints and the network,” said René Bonvanie, CMO at Palo Alto Networks.

The Cybereason Platform has been deployed in several early access sites in the United States and Israel, successfully identifying the most advanced and targeted attacks, such as Flame, Doqu and Stuxnet. IT has been able to reconstruct their impact, spread and behaviour; and enabled their shutdown.

New state-of-the-art data centre features Vultr’s first AMD GPU supercompute cluster.
Only a quarter (25%) think their approach to the cloud is carefully considered and successful.
Moving to AWS Cloud will enable The Co-operative Bank to adopt cutting edge IT Infrastructure.
The global airline group will upgrade the value of its data and get its AI & generative AI ready...
Barracuda Networks’s award-winning Email Protection and Cloud Backup security solutions will be...
Leading company in renewables to leverage HPE’s unique turnkey AI infrastructure solution to...
The four-year project extension focuses on cloud transformation and enhanced operational efficiency...
Businesses in the UK are risking slower development as they fail to fully embrace technologies that...