Today, data compromises and cyber attacks are almost everyday occurrences. The majority of businesses are trying to protect themselves against complex and ever-evolving adversaries. These hacking efforts are occurring on a minute-by-minute basis, and companies are unable to defend themselves effectively or proactively. The demand for automated internal and external security operations is now an essential part of combating cybercrime.
CyberSponse debuted its technology in late 2014 with a vision of enhancing the current security operations centers (SOC) used by most large companies, with velocity and automation through API driven orchestration. Most SOCs today operate manually, relying heavily on human capital (it’s important to note that due to soaring demand in the marketplace, accomplished analysts are hard to come by – and increasingly expensive) and immature processes which are often unable to respond to the number of alerts the organization’s security tools are throwing off. We at CyberSponse believe that security automation technology, when done right, has the ability to revolutionize an enterprise’s cybersecurity posture.
The market demand for automated incident response has taken off recently, as more companies shift their focus from prevention to remediation speed. CyberSponse’s success and influence in this category has been embraced and welcomed by the security industry with open arms.
SO HOW DID IT ALL START?
In 2012, the idea came to me from my growing up in fire services and having an appreciation for fast and effective incident response. Since I had a background in cyber crime, I knew that the evolution of security was going to take place in the next year or two. While doing research to see if incident response platforms existed, I was surprised to find that this market hardly existed at all. The only solutions I could find were legacy and clunky case management modules within existing, yet dated, SIEM technologies – this just didn’t make any sense.
One of the very first presentations for CyberSponse was to incident response legend, Kevin Mandia, Founder/CEO of powerhouse Mandiant. I reached out to Kevin because I wanted to get his opinion on what I was in the process of creating, and his encouragement motivated me even more. After more than a year of testing the market with our initial SaaS platform, I discovered that most organizations were unprepared or unable to find ways to innovate and implement incident response into their cybersecurity practices. We also found that no one wanted to use a SaaS based technology either. Timing is everything, and I learned a very important lesson about being the first to market with a good idea.
Over the next two years, I was fortunate enough to build an ecosystem of top-notch advisors, mentors and investors who have helped me achieve my vision. Building this company was never something I did just for the money. I did it because I wanted to help others, just like my father had as a local fire chief for more than 20 years.
The vision for CyberSponse is that automation will be the future of cyber security. Without it, it’s going to continue to be a repetitive cycle of more tools and no one to use them. The big buzz words for RSA 2016 were automation and orchestration. Everyone finally gets it and understands that without interconnectivity between security tools, the current failures of the status quo will never be cured.
So how did we figure out that interconnectivity would be the future? 15 months into building the CyberSponse incident response platform, I was walking the floor of a NYC cyber security conference checking out all the latest and greatest tools, I remember the day explicitly. I started to ponder what would a CISO do if he or she wanted to build an enterprise security perimeter, yet by doing so, merely added more consoles and data screens to look at. It didn’t seem to make sense that security tools really didn’t speak well to each other. In 2013, no one was talking about API’s and integrations, it was all about prevention and elimination of risk. I think we all now recognize that avoiding compromises isn’t possible and an organization’s ability to detect, respond and recovery are much more important.
The problem with integrations was also the carnage of bad experiences that large services companies put the market through. In order to create connectivity between legacy tools, it would cost a customer a small fortune to make custom, one-off solutions. This also did not make sense.
The concept of interconnectivity was expensive and time consuming, no wonder the industry was hesitant about the idea of connectivity in the first place. Now that the industry is past professional service hours getting in the way, the road looks promising for building cyborg security operations centers. This is what I think when the human and the machines work as one — part human, part machine.
Today the market demand from government, law enforcement & commercial sectors couldn’t be better. Organizations finally realize that committing bodies to the problem isn’t the answer, further exacerbated by the reality that even with approved budgets, finding a capable staff and keeping them for more than six months proved an impossible task. Setting up a repeatable, measurable and manageable environment was much more appealing than conventional thinking.
Security automation around incident response will be the new standard for organizations in the coming years. The CyberSponse team is already contributing our knowledge and expertise around this topic with standardization bodies so that we can clearly define and educate the market on this new area of cyber security. If the world is building widgets, cars and everything else through automation and orchestration, isn’t it time to embrace it for cyber security?
Little did I know that building CyberSponse would be one of the most difficult and rewarding experiences of my life. I look back and see how our technology has progressed since our original idea rap session with Kevin Mandia from Mandiant [Now CEO of FireEye]. It’s like we went from building the first Model T to now racing Ferrari’s against other vendors/competitors in less than three years. I feel like the luckiest guy in the world and it’s been an honor working with such a dedicated and determined team as we continue to build, scale and differentiate in the market with CyberSponse. Many people shared their doubts, bet against me and the team, and quite frankly were more happy to see us struggle than succeed. I think few realize that the more that people reject you, the more it motivates a guy like me that’s willing to do anything, and I mean literally anything, to create a healthy, functional, profitable and unique business opportunity for our team, investors and customers.
THE INCIDENT RESPONSE CONSORTIUM (IRC)
Early into my journey with CyberSponse, I obtained the domain name, www.IncidentResponse.com and parked it, knowing one day I would use it as the central hub of all cyber incident response information, articles, news, playbooks and more. Finally in 2017, with the encouragement and support of our team, I mustered the will and courage to put together the first free, non-profit 501(c)(3) educational organization primarily focused on offering training and support for security operators, by security operators. In short, I wanted to develop a fully comprehensive support community where security operation teams and members alike could go for access to playbooks, training, support and mentorship in order to arm the next generation security operations soldier. So in late 2017, the Incident Response Consortium, Inc. was born and our inaugural event, Incident Response ‘17 Convention (IR17) took place on September 11 & 12, 2017 at the Ritz Carlton in Arlington, Virginia. IR17 allowed me to bring the centralized resources of incidentresponse.com to life; with over 40 workshops and over 400 attendees all in the same location, with the same goal in mind: Becoming the preeminent and most effective cyber soldiers that this nation has to offer.
Following the event, I was overwhelmed and humbled by the breadth of positive feedback and support received from the community about the event itself, with many demanding more events in the future. As it was a new organization holding its inaugural event, I also couldn’t believe that the Governor, Terry McAuliffe, came to our event, delivering a keynote address expressing his support for Cybersecurity Operations and also the importance of cybersecurity for our democracy. The future of the IRC looks strong, with a serious agenda planned for 2018, I hope that its purpose and mission of helping security operators come together as a community lives on well after CyberSponse is under the banner of future acquirer.