Lior Div: Cybereason – The Best Defense Against Cyber Attacks is to Adopt Post-Breach Mindset

Founded by three members of Unit 8200, the Israeli military’s elite cyber security unit, Cybereason enables organizations to detect and contain complex cyber attacks in real time. It’s flagship solution, the Cybereason Endpoint Detection and Response Platform, leverages big data, behavior analytics and machine learning to visually present the five TRACE elements of every attack: Timeline, Root Cause, Adversarial Activity, Communication and affected Endpoints and users. By revealing the full Malicious Operation as it unfolds, Cybereason provides the context needed for fast, effective incident response. Cybereason is headquartered in Cambridge, MA with offices in Tel Aviv, Israel.

Info Security PG: Tell us something about your company.

Lior Div: I founded Cybereason in 2012 with two of my colleagues whom I met while serving in Israel’s military cyber security corps, Unit 8200. We took our experience cracking and reverse engineering some of the world’s most complex hacking operations to develop the company’s flagship product, the Cybereason Endpoint Detection and Response platform. The Cybereason platform to identifies and visualizes threats in real time, enabling organizations to find and contain attacks before they spread. We built our platform on the premise that most organizations have already been (or will be) breached. MalOps hunting engine can analyze up to eight million events a second, providing a real time view of the TRACE elements of an attack: Timeline, Root cause, Adversary Activity, Communication and affected Endpoints and Users, automating forensic and incident response processes that would take level 3 security analysts hours to days to accomplish. We just learned that we were selected as a finalist in RSA Conference’s Innovation Sandbox competition, meaning that we have been shortlisted as one of the 10 Most Innovative companies at RSA Conference 2015. We’re backed by leading VC’s, and are based in Cambridge, MA with R & D in Israel.

Cybereason Co-founder and CEO Lior Div is a cyber-security expert who gained his security expertise as a commander in the IDF, unit 8200, where he received a medal of honor for his efforts cracking and reverse engineering some of the world’s most complex hacking operations. Prior to Cybereason, Lior founded a cyber security services company serving government agencies.

Info Security PG: Tell us about your company’s solutions. What new or upgraded product or service has your company recently introduced to the market?

Lior Div: The Cybereason Endpoint Detection and Response Platform leverages behavior analytics and machine learning to uncover, in real-time, complex cyber-attacks purposely crafted to evade detection by traditional defenses. It automatically investigates and connects isolated malicious events to visually present a cyber-attack in its entirety, enabling security teams to quickly digest the attack’s timeline, root cause, adversarial activity, the malware involved, and all related communications by and between endpoints and users. Cybereason also validates alerts produced by other installed systems, reducing “alert fatigue” and enabling security teams to focus their efforts on attacks that matter. Cybereason’s architecture is unique it is deployed in user-space, the memory area where applications execute, to ensure that it is least intrusive, fast and easy to deploy and requires little maintenance. A Cybereason deployment takes hours-days depending on the size and complexity of the organization’s IT network and the product provides customers with out of the box value, with no need for additional customization, building of queries or parsing of data on the customer side.

Info Security PG: How do your customers benefits from your company’s solutions? What advice would you give to CSOs?

Lior Div: Our platform enables our customers to detect and contain breaches exponentially faster then they could previously. It does this by not only providing unobtrusive visibility into an organization’s IT environment, but also by automating the investigation process and presenting the full picture of an attack. This enables less-experienced Level 1 security analysts to perform investigation tasks that otherwise could only be done by an experienced Level 3 security analyst. In addition, it increases the productivity of Level 3 analysts because we immediately provide them with the contextual data they need to understand if an attack is being deployed in their environment. As far as advice we would offer to CSOs: It is no longer feasible to only focus on breach prevention and perimeter based security. You MUST adopt a post breach mindset and allocate resources to active scanning of your IT systems for malicious activity. It takes organizations an average of 205 days to detect an advanced attack. That is simply unacceptable, and once solutions like ours become a textbook component of a defense in depth security strategy, it will become a tiny fraction of that.

Company: Cybereason | Cambridge, MA USA

Categories: Featured

Tagged as: