Advantages of rethinking from the attacker’s perspective

An interview with XM Cyber CEO Noam Erez.

“It’s like deploying an army of automated red teams working 24×7 just for you, followed immediately by a blue team that prioritizes simple-to-follow actionable remediation.”

After operating in stealth mode for almost two years, CEO Noam Erez is looking forward to opening the doors and unveiling XM Cyber at the up and coming RSA Conference. With a team of 30+ employees and a growing customer base, he welcomes the opportunity to disrupt the cybersecurity community and respond to hard-nosed questions left unanswered.

What triggered the inception of XM Cyber?
Despite all the security controls deployed in networks, advanced attacks continue to cause a lot of damage. Attackers, encouraged by incentives and even notoriety, are becoming increasingly more sophisticated and their network penetration rate is gaining pace. Working under the radar, they often wait patiently for months to exploit a security hole left undetected by conventional security systems. It’s tempting to think we’ve hit rock bottom but we’re seeing just the tip of the iceberg, as the perimeter fades and the world becomes more connected.

Following years of experience and expertise in cybersecurity we felt it’s time to address the huge gap between how organizations perceive their network security and the real picture. The scale and complexity of modern networks, within an increasingly dynamic and distributed environment makes it almost impossible to really know if your organization’s critical assets are secure.

Due to the complex nature of networks, it is human to expect to find loopholes, created almost daily. We found that many cyber-mature organizations with multiple protection measures were still subject to blind spots and gaps along the attack vectors to their digital crown jewels. We identified an opportunity to deliver a data-driven solution that could continuously assess critical assets at risk and provide simple actionable guidelines for resolving the most pressing issues.

Why establish yet another cyber company in a highly dense market?
The market density is merely an indication of the scale of the problem. The real question is whether organizations have the right tools to combat increasingly sophisticated cyberattacks. Given the sheer volume of advanced attacks, I think it’s fair to say there’s still a market void waiting to be filled in the cyber space. In response, we wanted to build a game-changing solution that will make the life of hackers extremely difficult, particularly sophisticated hackers working under the radar and eluding detection for prolonged periods.

How is your approach different to existing market solutions?
My co-founders and I understood that even when an organization has deployed and configured modern security controls, applied patches and refined policies, it should still ask: ‘Are my crown jewels really secure?’ This question is key because there is a plethora of ways hackers can still infiltrate the system and compromise critical assets with tools and techniques that enable them to work undetected.

Let’s say your organization has installed everything by the book, and enforced multiple compliance rules and policies, and let’s say you ensured that all the security solutions were configured and integrated well. Sophisticated hackers will still find a way to work under the radar and around your security solutions, by taking advantage of social engineering mishaps and human errors, that often occur daily.

We found a way to expose those simple, yet potentially critical human errors, that can lead to the loss of billions of dollars every year.

Working as an advanced attacker, with knowledge of the most up-to date hacking techniques, we pick up on every invisible misconfiguration in real time, 24×7. To complete the workflow, we don’t just pinpoint the loopholes, we immediately deliver simple-to-follow, prioritized fixes to accelerate remediation and ensure gaps are closed immediately, causing the attacker to lose network superiority and eventually seek other pastures.

Why did you choose to focus on attack vectors to the critical assets?
We understood that the perimeter is dead, and that the battleground really begins inside the network. We established that the primary dimension of resilience is the identification of an organization’s digital crown jewels because this is usually the hacker’s target. It’s the attack vectors to the critical assets that sets them off into hunt mode. So the next logical step was to ask:

What will it take to find every hidden attack vector leading to an organization’s critical assets?
We believe it’s is essential to keep your network in a state of perpetual reconnaissance 24×7, because eventually someone will successfully penetrate your network; maybe by taking advantage of a technological mishap, or maybe through a social engineering loophole… If they are using a combination of Advanced Persistent Threats (APT) methods, they can leap frog from one network section to another, completely undetected. They can work this way until they reach their final goal; whether it involves stealing your data, demanding ransom, or disrupting control systems, with potentially kinetic implications.

What is unique about XM Cyber’s approach?
The XM Cyber platform, coupled with an in-depth strategy and methodology, enables organizations to prevent APTs from compromising critical organizational assets and provides actionable remediation in a continuous loop. Leveraging vulnerabilities, misconfigurations and user activity in the network, our system is able to run multiple vector campaigns simultaneously that simulate an APT at 100% reliability. To ensure we’re always one step ahead, our team of experts thinks and operates like a sophisticated hacker that scours the cyber landscape. We constantly stay up to date on all methods and techniques used by the most sophisticated attackers

It’s like deploying an army of automated red teams working 24×7 just for you, followed immediately by a blue team, that responds to prioritized remediation in real time, with actionable simple-to-follow resolutions. Both red teams and blue teams work synergistically around the clock to meet potential hackers at every twist and turn. They operate in the safest way without affecting the network, and without compromising the user experience.

What were the reactions to date to XM Cyber’s HaXM system?
Although we were officially in stealth mode, several large organizations heard about us and reached out to us. Many of them found great value in a platform capable of leveraging human errors on a daily basis.

Following a brief POC (Proof of Concept) process highlighting fractures in the security posture, all the organizations were converted into customers. Today we have customers at the forefront of finance, manufacturing and critical infrastructure industries in the US, Europe and Israel.

After our launch last month, we can’t wait to get the show on the road and begin working above the fold. More