The COVID pandemic has massively escalated the surge of cyberattacks and data breaches despite having robust security controls, software, and solutions abundantly available in the market. A lot of this could be attributed to the vulnerability businesses offer the cybercriminals to take advantage of the situation quickly. While the conventional cybersecurity approach has benefited many, having cybersecurity without cyber-intelligence and necessary awareness can put the security professionals off-guarded to more complicated and novel threats.
Furthermore, with limited cybersecurity resources, businesses need to prioritise their efforts to strengthen cyber posture effectively; however, many organisations do not have an anchor point or a guiding principle, to begin with. With cyber-intelligence inputs missing from cybersecurity capabilities like incident management, vulnerability management, risk assessment and brand monitoring, businesses end up running their security practice in silos instead of an integrated approach.
And, thus, in an attempt to revolutionise the cyber threat visibility and intelligence market, CYFIRMA, a cyber analytics startup assists businesses to understand the relevance of the current threat landscape. Not only it provides insights on threat actors and indicators, emerging threats and digital risks, but also automatically applies intelligence into cyber posture management. To dig deeper, Analytics India Magazine got in touch with the chairman and CEO of the company, Kumar Ritesh, to understand how the company uses a predictive intelligence-driven approach to discover cyber threats.
Incubated under Antuit Inc, CYFIRMA was started as a business analytics firm in 2017 under the cybersecurity analytics arm, which developed the first-ever intelligence-driven approach — CAP (Cybersecurity Analytic Platform) for companies. Later in 2018, the company established a foothold in Japan and secured marquee clients such as Mitsubishi Corporation and NEC. However, in 2019, the company spun-off from Antuit to become an independent entity, backed by Goldman Sachs, Zodius Capital and Z3 partners.
DeCYFIR Uses Strategic Cyber-Intelligence For Threat Discovery
In June 2020, amidst COVID, CYFIRMA launched DeCYFIR, their flagship product which provides threat visibility and intelligence, cyber-situational awareness for businesses and cyber incident analytics. DeCYFIR is cloud-based threat discovery and cybersecurity platform, which discovers threats from hackers’ trenches, decodes signals from noise to get the most in-depth insights and apply threat intelligence to take necessary actions.
Ritesh said that with the platform, it becomes easy to connect the dots to provide businesses with full contextual details on their threat landscape. “Our analysis uncovers the following insights – who is the threat actor, what assets are interesting for hackers, why the compelling interest, when is the attack mounted, and what is going to be the approach. In a nutshell, we help organisations predict future cyberattacks,” said Ritesh.
According to the company, DeCYFIR is the only product currently available in the market to provide cyber intelligence to businesses to get a hacker’s perspective and their approaches. Not only it discovers hidden signals by recognising signs of an impending attack, but it also predicts the attacks quite early providing enough time for businesses to take necessary actions. The DeCYFIR platform picks up ‘indicators’ of the threat attack rather than the ‘indicators of compromise.’
Alongside, the DeCYFIR platform provides strategic, management and tactical intelligence which can be harnessed in totality to make accurate decisions. While strategic cyber-intelligence provides long-term implications for businesses such as changing the overall regulatory framework, the management cyber-intelligence highlights the approaches for a robust cybersecurity planning, and tactical cyber-intelligence focus on techniques to examine the indicators of compromise.
How Does DeCYFIR Work?
The platform DeCYFIR works on four logical layers — data collection, data analysis, data dissemination, and reporting. In the stage data collection, the platform knows where to look for collecting relevant data, which is critical for unlocking actionable insights. Secondly, in the data analysis layer, the platform applies correlation, attribution and association using AI and ML to seek indicators of threats beyond IoC.
The platform further runs probability models to predict the likelihood of a cyber-attack. This layer helps in understanding the threat vectors, actors, method etc. In the third layer of data dissemination, it reads signals to identify farthest threats, consumption to apply cyber intelligence and predictions to oppose proaction. And lastly, in the reporting stage, the platform provides relevant information on a dashboard highlighting early warning of impending threats and real-time insights.
The company also uses various NLP engines and language efficacy models to gather and generate information and classification and regression algorithms to enhance the threat intelligence insights of the platform. Alongside, it also uses probability models to anticipate the upcoming threats, and decision tree and attribution algorithms to connect different pieces of threats.
Explaining further, Ritesh started — the company predicts the impact and probability scores based on a regression model, to keep a check on the new threats evolving every day. Also, CYFIRMA uses semantic, syntactic and lexical analysis to summarise the text of articles. Moreover, “based on the various attributes of an URL, the company also manages to predict if the URL is malicious in nature or not,” said Ritesh.
Challenges & Future Road Map
As a disruptor in the cybersecurity space, CYFIRMA has faced quite a few changes to bring a change. One of their prominent concerns was to educate organisations and business leaders about the disadvantages of the conventional approaches and layered defences. “And therefore, we needed to invest in substantial resources to showcase the new way of looking at cybersecurity,” said Ritesh.
The company noted that there was an urgent requirement for companies to change their mindset and focus on more ‘intelligence-driven’ methods of managing cybersecurity. This approach would help them redirect their resources to predicting impending attacks.
Additionally, till date, CYFIRMA has secured $8 million funding in their SeriesB round, which they claimed to be using for product development and enhancement, market expansion and business development. Currently, the company works with several companies, including government bodies, Fortune 500 MNCs, and commercial businesses. A couple of named clients are Mitsubishi Corporation, Toshiba, NEC, Suntory, SBI Holdings, Digital Hearts and Toppan.
In the light of COVID pandemic, CYFIRMA has been helping customers with early advisory and helping them predict the next attack so they can close their cybersecurity gaps in time. Simultaneously, CYFIRMA has been actively advocating governments, businesses and the public on the importance of cybersecurity education and awareness.
“To beat hackers in their own game, we have to stay a step ahead, and this calls for continuous iteration and improvement. We, at CYFIRMA, are focused on building the best product in our category and will continue to invest in product engineering,” concluded Ritesh.