To beat a hacker, you have to think like a hacker, and in some cases, even work with them, according to two Microsoft Ventures’ startups who spoke during the Microsoft Inspire 2017 event this week.
Microsoft Ventures launched last year to focus on startup investments, unlike Microsoft Accelerator, which focuses on startup enablement through its accelerators around the world. Two companies that were added to its portfolio this year were on hand at Microsoft Inspire to talk about their approaches to cybersecurity, which remained a hot topic over the week dominated by news about Microsoft 365 and Azure Stack.
Synack Crowdsourced Cybersecurity Platform Helps Close Talent Gap
In a breakout session on Wednesday, Synack CEO and co-founder Jay Kaplan talked about its crowdsourced approach to cybersecurity, which he said is much more scalable than hiring security pros, particularly in light of the massive cybersecurity talent gap.
“Clearly there’s a big issue here; we need to recruit more talent and frankly most organizations are not going to be able to fill the positions they need,” he said.
The company is based in Redwood City, Calif., and was launched in 2013 when Kaplan and Mark Kuhr left the NSA. In March, it closed $21 million in Series C funding, with Microsoft Ventures participating in the round.
Kaplan said that crowdsourced security is not a new concept, pointing to bug bounty programs, which have been around since the mid-nineties. But he says Synack lets customers reap the benefits of crowdsourced cybersecurity expertise without worrying about negotiating payouts or verifying that the research is legit.
Its security platform offers crowdsourced penetration testing, vulnerability orchestration, analytics and risk reporting. According to Kaplan, 75 percent of its programs find a severe vulnerability in the first 24 hours.
“From a process perspective it is much more scalable, it’s on-demand, you’re not waiting for someone to come on board, and you have a whole stable of people not working on these problems,” he said.
As the gap in cybersecurity talent continues to mount, Kaplan said that Synack helps organizations close this by leveraging cybersecurity expertise from researchers and experts all over the world. This diversity is critical in helping companies find threats faster, he said – much faster than relying on consultants or a handful of on-premise staff.
“You can crowdsource security; to beat a Russian you have to have one on your team,” he said, noting that the cybersecurity talent that you need may not be available in your local market.
Through its platform, Synack is able to address some of the potential pitfalls of a crowdsourced cybersecurity approach, namely verifying that random people on the internet are who they say they are.
“We were able to solve these problems with process and technology,” he said.
Synack does background checks on its security researchers, and they sign an NDA. Its platform also handles triage and prioritization of reports, which takes a considerable amount of work, particularly if a company was to do that in-house, Kaplan said.
Illusive Networks: Beating Hackers at their Own Game
Israel-based Illusive Networks became a Microsoft Ventures portfolio company in Q1 2017. It was the first company launched out of the Israeli cybersecurity incubator Team8, whose founders are alums of the Israeli Defense Forces.
Tracy Pallas, VP of channel sales and strategy, who joined Illusive Networks from roles within Extreme Networks and Palo Alto Networks, spoke at Microsoft Inspire on Wednesday about its platform which rethinks the common post-breach strategy.
Post-breach technologies can be problematic for security operations centers because there are a lot of false positives making it hard to determine which ones should get priority. Vallas claims that Illusive Networks solution has no false positives. She said its motto is if it is positive, it’s positive.
“A new post-breach detection strategy is a must,” she says, “We approach the problem by thinking like an attacker.” Part of this approach includes understanding the psychology of an attacker and what they are looking for through watching how they move latterly within a network, she said.
“We don’t focus on signatures; we focus on lateral movements,” she said. Once a hacker breaches a perimeter, it needs to determine where it has landed, where it can go from there, and how it will get there. Illusive Networks thwarts this approach by making the network look much larger than it already is, Pallas said, basing its methodology on the OODA Loop.
Illusive Networks deploys deceptions such as fake browser history and false credentials, which resolve back to a trap server. These deceptions are used to track the hacker and send the information it collects back to the incident response teams.
It uses an agentless approach, which means it doesn’t require any additional IP space, and is distributed through a 100 percent channel model.