The year 2020 was the ‘worst year on record’ for cybersecurity, with almost two thousand data breaches reported in the first three months alone. On the one hand, the pandemic had fast tracked the digital adoption of organisations, on the other, it exposed the fractures in their digital security systems as they scaled. The cybercriminals had a field day with most of the companies opting for remote work in the aftermath of Covid-19.
From Twitter and Zoom data breach to Unacademy, Big Basket, EasyJet and Marriott, the data breaches continued to make headlines in 2020. Consequently, the role of cyber resilience gained more criticality. FireCompass is a Bangalore-based SaaS startup working on automating Red Teaming — a continuous process of rigorously challenging the systems using ethical hackers and by adopting an adversarial approach.
Analytics India Magazine got in touch with Bikash Barai, Co-founder and CEO of FireCompass to dig into how the company is leveraging artificial intelligence to automate the process of ethical hacking.
Traditionally, the process of red teaming is mostly manual with the need for multiple tools and a lot of human intervention, and hence highly error-prone. While organisations test some of the assets with ethical hackers, cybercriminals tend to attack all of the assets, all of the time. FireCompass, on the other hand, designed CART — Continuous Automated Red Teaming in order to automate red teaming and achieve the breadth and depth of the process to make it scalable to conduct continuous proactive testing.
Explaining the process, Bikash stated — during the CART process, an organisation can search already indexed, deep, dark, and surface web data using similar reconnaissance techniques as nation-state actors. It automatically discovers an organisation’s dynamic digital attack surface, including unknown exposed databases, cloud buckets, code leaks, exposed credentials, risky cloud assets, open ports, etc. “Once an attack surface is recognised and the simulated attack scope is authorised, the attack engine launches multistage attacks on the discovered surface to identify security blind spots and attack paths before hackers do. The platform then prioritises the risks and recommends the next steps for mitigation.
The Use of AI
The SaaS platform CART has been designed for continuous automated red teaming and attack surface management, which maps out an organisation’s digital attack surface, including Shadow IT blind spots. The platform then automatically identifies attack paths before hackers do, eliminating the need for multiple tools and significant manual effort.
To facilitate this, artificial intelligence has been implemented on both sides — defence as well as offence. Eliminating non-AI techniques for automating ethical hacking, FireCompass used artificial intelligence to transform rule-based automation into more learning-based automation. AI has also been used to learn new attack patterns independently and deliver scalability and extensibility, which is otherwise tricky with non-AI based systems.
Talking about the challenges while using AI, Bikash stated — Lack of training data became quite a hassle as hackers do not leave traces, and even if they do, they are typically distorted. “The massive data was mostly unstructured in terms of logs, binaries, network protocols etc.” To resolve the issues, “we are using a semi-supervised learning algorithm that learns new attack paths in a similar way attackers correlate, learn new attack paths and discover the security loopholes,” said Bikash.
The semi-supervised learning algorithm learns from unstructured data, builds a gigantic graph of entities and relations, and then applies various learning techniques for classifying the vulnerabilities, according to its criticality.
The key places FireCompass is using AI/ML include:
- Planning: Finding and prioritising the attack paths and critical vulnerabilities.
- Correlation: Tracking attack vectors from threat intel sources, latest branches and ransomware attacks.
- Automation: Automate Mundane tasks such as false-positive reduction.
- Prioritisation: To prioritise vulnerabilities into critical/low ones and increase the priority of two medium vulnerabilities when they occurr together.
FireCompass primarily uses microservices, Python and Java in the back end, and Angular and React. Additionally, the attack engine has many attack vectors, which are coded using Python and other languages.
Use cases of CART:
Attack Surface Management & Shadow IT Discovery: CART can identify orphaned domains/subdomains, risky IPs, exposed database/cloud buckets, code leaks, leaked credentials, exposed test/pre-production systems and other Shadow IT and risks associated with them.
Continuous Automated Red Teaming: CART can conduct multistage attacks just like real attackers to find vulnerabilities before them.
Ransomware & Nation-State Attack Emulation: CART can discover ransomware attack surface and its risk by scanning the entire internet for risky assets potentially belonging to the organisation.
FireCompass is currently backed by prominent investors and VC funds like Bharat Innovation Fund, Ed Adams – president Security Innovation, Phanindra Sama, former Co-founder Red Bus, Khiro Mishra, the former CEO of NTT Security USA. CART has also been currently deployed by some top telecom and IT companies, along with notable banks/financial services companies and others spanning multiple industries.
FireCompass is also aggressively hiring great talent globally, particularly for senior-level personnel. “Hiring great talent is always a challenge. We try to hire youngsters and train in cases where talent is hard to find. Our network of relationships also comes in handy,” added Bikash.
With its advanced expertise in automating the ethical hacking process, FireCompass aims to build the most distributed, scalable and sophisticated cyber attack engine to keep customers ahead of the hackers. “The field of hacking is ever-changing. We work on new research and attack vectors every day. That’s what makes life exciting and fun,” concluded Bikash.