Today, data compromises and cyber attacks are almost everyday occurrences. The majority of businesses are trying to protect themselves against complex and ever-evolving adversaries. These hacking efforts are occurring on a minute-by-minute basis, and companies are unable to defend themselves effectively or proactively. The demand for automated internal and external security operations is now an essential part of combatting cybercrime.
CyberSponse debuted its technology in late 2014 with a vision of enhancing the current security operations centers (SOC) used by most large companies, with velocity and automation through API driven orchestration. Most SOCs today operate manually, relying heavily on human capital (due to soaring demand in the marketplace, accomplished analysts are hard to come by – and increasingly expensive) and immature processes which are often unable to respond to the number of alerts the organization’s security tools are throwing off. We at CyberSponse believe that security automation technology, when done right, has the ability to revolutionize an enterprise’s cybersecurity posture.
The market demand for automated incident response has taken off recently, as more companies shift their focus from prevention to remediation speed. CyberSponse’s success and influence in this category has been embraced and welcomed by the security industry with open arms.
So how did it all start?
In 2012, the idea came to me from my growing up in fire services and having an appreciation for fast and effective incident response. Since I had a background in cyber crime, I knew that the evolution of security was going to take place in the next year or two. While doing research to see if incident response platforms existed, I was surprised to find that this market hardly existed at all. The only solutions I could find were legacy and clunky case management modules within existing yet dated SIEM technologies – this just didn’t make any sense.
One of the very first presentations for CyberSponse was to incident response legend, Kevin Mandia, Founder/CEO of powerhouse Mandiant. I reached out to Kevin because I wanted to get his opinion on what I was in the process of creating, and his encouragement motivated me even more. After more than a year of testing the market with our initial SaaS platform, I discovered that most organizations were unprepared or unable to find ways to innovate and implement incident response into their cybersecurity practices. We also found that no one wanted to use a SaaS based technology either. Timing is everything, and I learned a very important lesson about being the first to market with a good idea.
Over the next two years, I have been fortunate enough to build an ecosystem of top-notch advisors, mentors and investors who have helped me achieve my vision. Building this company was never something I just did for the money. I did it because I wanted to help others, just like my father had as a local fire chief for more than 20 years.
The vision for CyberSponse is that automation will be the future of cyber security. Without it, it’s going to continue to be a repeat of more tools and no one to use them. The big buzz word for RSA 2016 was automation and orchestration. Everyone finally gets it and understands that without interconnectivity between security tools,
So how did we figure out that interconnectivity would be the future? 15 months into building the CyberSponse incident response platform, I was walking the floor of a NYC cyber security conference checking out all the latest and greatest tools, I remember the day explicitly. I started to ponder what would a CISO do if he or she wanted to build an enterprise security perimeter yet by doing so, they merely added more consoles and data screens to look at. It didn’t seem to make sense that security tools really didn’t speak well to each other. In 2013, no one was talking about API’s and integrations, it was all about prevention and elimination of risk. I think we all know now that avoiding compromises isn’t possible and an organization’s ability to detect, respond and recovery are much more important.
The problem with integrations was also the carnage of bad experiences that large services companies put the market through. In order to create connectivity between legacy tools it would cost a customer a small fortune to make custom one off solutions. This also did not make sense.
If you’re to make interconnectivity expensive and time consuming, no wonder the industry was hesitant about the idea of connectivity in the first place. Now that we’re past professional service hours getting in the way, the road looks promising for building cyborg security operations centers. This is what I think when the human and the machines work as one. Part human, Part machine.
Today the market demand from government, law enforcement & commercial sectors couldn’t be better. Organizations finally realize that tossing bodies at the problem isn’t the answer and I think they finally realized that even with approved budgets, finding the staff and keeping them for more than six months proved also an impossible task. Setting up a repeatable, measurable and manageable environment was much more appealing than conventional thinking.
Security automation around incident response will be the new standard for organizations in the coming years. The CyberSponse team is already contributing our knowledge and expertise around this topic with standardization bodies so that we clearly define and educate the market on this new area of cyber security. If the world is building widgets, cars and everything else through automation and orchestration, isn’t it time to embrace it for cyber security?
Little did I know that building CyberSponse would be one of the most difficult and rewarding experiences of my life. I look back and see how our technology has progressed since our original idea rap session with Kevin. It’s like we went from building Model T’s to Ferrari’s in less than three years. I feel like the luckiest guy in the world and it’s been an honor working with such a dedicated and determined team.