Neutralise Cyber Attacks Faster

Last year I spent time with a serial entrepreneur exploring the possibility of setting up a new cyber security company. Given my recent experience when Jon Reeve, a former colleague and VP Product Management at the cyber security start-up “Spyderbat”, contacted me I was naturally intrigued to learn more.?

The Spyderbat product provides a unique, patent pending approach, that reduces the time, effort and skillsets required to identify and neutralise the root cause of cyber attacks.

Spyderbat’s mission is incredibly important because on average cyber attacks go undetected in organisations for weeks or even months. This is concerning because the amount of time it takes to detect and remediate cyber threats can directly impact a organisations revenues, profitability and share price, resulting from disruptions to business operations, loss of IP, cyber ransom payments, data breaches and the impact of regulatory penalties and the loss of revenue resulting from reputational damage.?

Many organisations are already ill equipped to deal with sophisticated cyber threats because of a shortage of cyber skills. This is born out in a recent survey by Cobalt where 45% of respondents reported they are suffering from a shortage of skilled cyber security staff. More worryingly 54% of employees reported they plan to quit their job due to the overwhelming impact of responsibilities and workforce shortages within their departments.

Using software to streamline root cause analysis and remediation can significantly reduce the business impact of cyber threats and the workload on existing cyber staff. It also enables less skilled resources to carry out complex work. This means that more of the workload can be delegated across disparate IT support functions, such as the dev/ops team, enabling a step function in an organisations cyber protection capabilities.

Today most organisations have a myriad of software tools deployed to correlate security events in an attempt to determine when their IT systems are under attack. These might include Security Incident & Event Management, Extended Detection & Response, Network Detection & Response and Threat Intelligence Platforms.?

While these tools might highlight critical events worthy of attention, security investigations often struggle to connect disparate events that result from related activities, that take place across systems, as cyber attacks progress over days weeks or months. Rudimentary aggregation methods (e.g. combining alerts from the same host or the same user) miss the point. These methods themselves can result in inaccurate conclusions.?

For example, the malware used in the SolarWinds breach used a random wait period of 10 to 14 days before attempting lateral movements. This waiting period foils these rudimentary aggregation methods and makes it increasingly impossible, to manually recognise the relationship between these activities.

In todays cloud native environments with containers, virtual and physical machines, hosted on premise and/or in the cloud, the complexity only increases exponentially because the number of interconnected systems and services and the constant changes taking place due to the short-lived nature of workloads.?

Spyderbat brings a new approach to address these challenges called Attack Tracing and Intercept or ATI for short. ATI surveys and maps the activity of all computing devices, seeing all causally-connected activities across systems, users, and time, that are related to cyber attacks.

Jon shared examples of an international telco and a New York based hedge fund that have been able to achieve new levels of situational awareness using the Spyderbat product, giving security and dev/ops teams immediate insight into the cause of alerts and what action should be taken to either stop an attack that is in process, or remediate one that has already occurred with lightning speed.?

If this article has peaked your interest you can glance at a 90 second video demo or visit the Spyderbat website where you will find more resources to learn more.