We are excited to bring Transform 2022 back to life on 19th July and virtually 20th July – 3rd August. Join AI and data leaders for sensible conversations and exciting networking opportunities. Learn more
Cyber security concerns are growing among enterprise decision makers, as companies invest in new technologies to protect their businesses from ever-evolving cyber threats. A survey of cybersecurity providers by McKinsey found that spear-phishing attacks have increased almost sevenfold since the epidemic began. Another McKinsey article states that the Covid-19 epidemic has forced rapid changes in corporate cyber security functions.
While the epidemic accelerated the digital transformation in the global enterprise ecosystem, it also widened the surface of enterprise attacks – leaving room for malicious artists to attack organizations with sophisticated attacks. The most popular of the long list of attacks that have affected many areas in recent years are the Solarwinds and Cassia supply chain attacks as well as the Colonial Pipeline Ransomware Attack.
CYE, a Herzliya, Israel-based cybersecurity company that provides data-driven cybersecurity solutions to organizations, has launched a new group called Critical Cyber Operations to provide “data-based and mathematically proven cybersecurity investment optimization”. Capabilities that allow for fast, accurate and efficient cyber security maturity construction. “
CYE founder and CEO, Ruwen Aronashvili, believes cybersecurity is broken because big companies already have a lot of vulnerabilities – so it’s hard to control them all. While budgets for security are on the rise, according to Aronashvili, the proceeds of the offensive have reached $ 1.5 trillion from offensive activities in 2018 alone. He said CYE’s Critical Cyber Operations will provide Data Forensics and Incident Response (DFIR), Threatening and Computer Threats Intelligence (CTI) assessment, advanced cyber architecture solutions and executive cyber and physical security.
How CYE’s platform works
CYE’s critical cyber operations are integrated into all of the company’s Hyver platforms that provide business insights and optimize the reduction in cyber exposure by analyzing the relevant security data on the organizational risk profile.
The platform is cloud-based and operates in three levels:
- Attack route visualization: It offers fully automated attack route mapping that conducts comprehensive cyber security assessments covering the entire organization, creating a complete visualization of the attack surface and showing complete attack routes and vulnerabilities that can be evaluated in real time.
- Risk parameter: This level utilizes automated route modeling and machine learning capabilities to accurately measure the risk of each vulnerability. It translates technical hazards into business hazards by correlating attack routes, exploitability, importance of business assets, costs and other parameters. Risk authentication uses risk intelligence, hunting capabilities as well as community and expert knowledge to help security teams track, report, benchmark and optimize their security effectiveness.
- Mitigation optimization: At this level, the platform creates optimized mitigation plans by weighing the potential business impact against the risk absorption and mitigation costs. It also provides actionable measures to mitigate related risks, starting with what poses the highest risk to business assets – all while enhancing the organization’s security posture and enabling efficient allocation of resources and remedial efforts.
Aronashvili said the platform aims to provide the ability to make comprehensive decisions after a thorough analysis of the organization’s vulnerabilities, including how likely it is to be, the threshold for each vulnerability, costs in case of violations and more.
“It provides clear decision-making parameters for decision makers, they can see the numbers and make decisions based on their risk appetite, budget, etc. The whole point of the platform is to help decision makers make decisions with data, ”he said.
AI and ML capabilities
Aronashvili said CYE uses AI and ML across different parts of its platform for things like risk, cost and predictability of exploitation. The future of AI and ML will help to curate data, improve predictions and estimate the modus operandi of attackers, he said.
“Attackers are also using AI and ML and improving their ability to steal. Our solution will improve but also the attackers. It’s going to be an endless game, but the scientific approach we’re offering is changing the way we look at cybersecurity from reactive / passive to something more predictable and prescriptive, “said Aronashvili.
He also said that CYE will continue to consider new features that could further benefit AI and ML with plans to improve its search, data collection and forecasting capabilities.
The main difference
CYE is active in many cybersecurity categories, but Aronashville said it is difficult to name direct competitors. He said that while CYE has a whole bunch of companies addressing every specialty, the company offers a comprehensive approach that is hard to find elsewhere.
“Consulting firms are similar to us in the sense that they provide a strategic solution based on financial analysis, but we have a platform to provide a complete solution. Our platform is real-time, providing a quick, easy to understand and timely solution, “he said.
Market Opportunity for Critical Cyber Operations
Aronashvili noted that CYE’s clients are the victims of a wide range of attacks by actors ranging from cybercrime to superpowers. He said the attacks could be for various purposes such as CNE, CNA and CNI, or even CN-ALL and supply chain attacks.
Organizations ’digital footprint is growing and the attack surface is rapidly increasing while visibility and authentication remain a problem, Aronashville said. “CISO is struggling with a lot of service providers, equipment and vendors. Multiple vendors lead to confusion and errors, a noisy environment and a strong reliance on multiple specialized products, leading to difficult decision processes. ”
He noted that Critical Cyber Operations addresses this challenge for CISOs who seek a single tool to gather all their critical assets and findings.
According to Aronashvili, critical cyber operations are based on an intelligence-oriented behavioral approach and include experienced cybersecurity professionals with in-depth knowledge of technical operations. He said they have proven experience and capabilities to guide, lead and demonstrate defense, technology and cyber operations to counter and / or execute state-level cyber attacks.
Aronashvili declined to say the exact number of CYE customers, but said the company has customers in all industries – many in security, finance and healthcare, as well as in many multinationals and Fortune 500 companies. According to Aronashville, the company saw a 150% growth in customers in 2021.
The current CYE number is 130 and is expected to double in the next 12 months. The company has raised $ 140 million in total so far. Following the launch, cybersecurity expert Schmulk Ezekel joined CYE to lead the Critical Cyber Operations Group. The company also added tech industry veteran Steve Midgley to its leadership team as chief revenue officer. The CEO and founder was Ruven Aronashvili, a founding member of the Israeli Army Red Team and the Incident Response Team.
Venturebeat’s mission Transformative Enterprise is about to become a digital town square for technology decision makers to gain knowledge about technology and transactions. Learn more