a “knowledge base” that encoded things like best practices for managing any type of security incident; privacy and regulatory constructs of all geographies; and step-by-step instructions once there’s a known breach. The latter needs to work for operations and IT staff, but also for C-level executives, human resources, and marketing. The whole thing is not quite as automated as it sounds: the approach integrates with attack-detection technologies and tries to help the “human being in the middle” take the right action, via a user-friendly interface, Bruce says.
It’s still early, but the 100-person company has some big customers and a growing business. And finding ways to help both security companies and their customers band together is one of its core missions. “We’re trying to serve as a hub,” Bruce says. “We’re trying to level the playing field with the hackers too. If you’re one organization standing alone, you’re disadvantaged. As we see the attacks, we’re learning. Customers are sharing with us somewhat what they’re seeing, and we can share that with other customers. We’re very early in the execution of that.”
The problem is the hackers are evolving, too. Which brings us back to Cybereason.
The Israeli-born startup set out with a different approach to cybersecurity—instead of focusing on the prevention, detection, or response phases, it tries to understand the intent of hackers and stop them while an attack is in progress. This seems like a different mentality from most companies—but it still speaks to unifying the security process.
Lior Div, Cybereason’s co-founder and CEO, puts it like this: “The way that people talk about security today—‘we will have this point solution and that point solution, put one on top of the other, and hope it will solve the problem’—you can see it’s not working. You need something more coherent, to help you see the full picture.”
Cybereason’s software provides a mix of machine learning, data analytics, and statistical modeling to detect anomalies in a company’s systems, files, applications, and user behaviors. Then, using a graphical user interface, it tries to show the customer’s IT and operations staff the “full story of the attack” and how to “stop attackers in your environment,” Div says, “with the current people you have.”
The 80-person startup has proven its mettle with its customers-turned-investors, Lockheed Martin and SoftBank. These big customers represent beachheads for Cybereason in the U.S. and Japanese markets, respectively, as the company ramps up its sales efforts. “The product is mature and ready for the market,” says Div, a veteran of Israel’s army and intelligence agency. (As an aside, he says his company saw evidence that attacks on Japanese enterprises, originating in China, were used as preparation for a similar attack in the U.S.—that was from an after-the-fact analysis.)
Indeed, Cybereason may represent a new breed of security company—one born from military-grade technology and experience, and one that tackles cyber attacks from the ground up, making use of government contractors and international investors for support.
The question is whether an intensive approach like Cybereason’s can scale up quickly enough to make a difference to the world’s biggest organizations and governments. Here’s betting it will take far more than one company to head off the catastrophic attacks in our future—but at least all parties seem to be listening.
