Automate your Blue and Red Teams with XM Cyber's APT Simulation Platform
XM Cyber was founded by the highest caliber of security executives from the elite Israel intelligence sector. Together they bring a proven track record in offensive and defensive cyberspace. In this interview CEO Noam Erez overviews some of the problems that corporations are facing with cyber security today, and explains how XM Cyber can help. Share
Please describe the background behind founding XM Cyber.
XM Cyber was established in 2016 by former head of the Israeli Mossad and senior executive in the IDF, Mr. Tamir Pardo. Boaz Gorodinsky, our CTO and myself, Noam Erez, both came from executive positions in the IDF.
Many companies have established protective measures to defend their networks, but organized cybercrime still manages to penetrate and succeed in their attacks. We have seen this happen to Sony, HBO, and many other renowned corporations.
The reason is that advanced persistent threats (APT), are using holes in the system that are mistakenly created by legitimate users and IT people, allowing them to go under the radar of all protective measures by mimicking legitimate user behaviors that cannot be identified.
What we built is an automatic machine that combines the work of red and blue teams, which can find the full attack vectors, from the entry point and all the way the company's crown assets. We find the vectors and provide an automated remediation report that explains to the customer what problems were found, along with precise instructions on how they should be fixed.
Our vision was to come up with a game changer that will identify all the hidden attack vectors and provide the ability to prevent and fix everything in advance, thus prevent the ability of the attacker to reach the crown jewels. By the time a hacker manages to penetrate into the network, everything will already be hidden, making it impossible for them proceed with the attack.
So far we have seen an amazing success. We deliberately went for the most sensitive and sophisticated companies in the world, who saw huge value in our product. As evidence, we have 100% conversion between our pilot users and our paying customers.
We work with financial and industrial clients that run critical infrastructure. Our clients are highly sensitive large scale corporations that are mostly based in the EU and USA, but presently we are also starting to enter the Far East.
What's unique about XM Cyber?
Our product is the only one on the market to offer an automated APT simulation platform. XM Cyber operates an automated red team and an automated blue team. We can find many hidden vectors that cannot be detected with any other product.
While most of our competitors will usually test against known malware, we go the extra mile by finding holes in the network that are being created un-purposely by legitimate users, allowing the hacker to mimic a legitimate user while attacking the network. This is the major difference.
The Red team is a team of hackers that test the network by simulating an attack, in order to find holes that are under the radar. Finding personnel for the red team is extremely difficult, for several reasons. Primarily because there are very few "good" hackers who have the right skills; secondly, because it's a very expensive service; if you’re a bank and you want to test an entire network, it is going to be a long and costly process that will require lots of experts to work together. Thirdly, it's hard to expect humans to find every single loop hole. The minute the red team will finish their job, anything can come back. You may find new holes the day after they leave, which means its an ongoing process. Our automated red team works 24-7 with multiple campaigns to ensure that no stone is left unturned.
Using our solution is like having hundreds of red teams with the best knowledge and know-how, all working at the same time.
After finding the attack vectors, the machine will provide you with a blue team- which is the team in charge of fixing all the problems that were found by the red team.
Our reports show you how to fix problems in a prioritized way, and this is also a major advantage that we offer, because in many cases, reports will show thousands of vulnerabilities, but you'd have no way of knowing which ones are urgent. We take only those holes that are already in the hacker's path, and prioritize them by how accessible they are for the attacker.
Our reports provide IT teams with precise instructions, so they can fix everything and upgrade their level of security, with crucial problems already prioritized for them. Most things we find go under the radar, so there is no product on the market that can help, but if you follow the instructions, you can fix it using your own IT team and save lots of money.
How do you combine technology and policy?
XM Cyber will show you all the mistakes that were made by legitimate users, allowing you to keep a good level of hygiene and maintain preventative measures.
In many cases, the company's policy is what makes the life of the attacker easy. Our product provides recommendations on what changes can be made in the policy to tighten the security and promote good practices across the organization.
How do you keep up with the constantly emerging threats?
We have the "What if" scenarios that can make the system work as if you had an attacker inside. Our unique knowledge and know-how is a key part of what we're all about.
First, we make an assumption of what can be penetrated, and then test it to see how far the attacker can reach before being detected. Our simulation process can shed light even on new threats,, because rather than studying the attacker, it studies the network. We can see what will happen if an attacker reaches certain points, so they can be patched in advance.
What is the first step to protecting an organization from cyber-attacks?
The most important thing is to understand whether you are protected or not. Companies invest a lot of money in security products which don't necessarily address their actual needs. The only way to know if you're protected is to run a red team who will find the attack vectors. It helps to understand where your vulnerabilities are, what problems can be expected, how to fix them, or which security product will fix them. People buy security solutions before they even know what their problem is, just to find out that the threat is in a totally different realm to what the security solution is aimed for. Judging from our experience with some of the most sensitive and technologically advanced companies in the world, understanding the threat is the first and most important step towards the solution, which is why every company we work with finds great value in our product.