Julian Mitchell of Forbes recently sat down with Brian Beyer, CEO and co-founder of Red Canary, to talk about the vision behind the company, the future of cyber security, and top tech trends impacting the industry in 2018. Read the interview below. This article originally appeared in Forbes.
What was the specific void or opportunity you identified that inspired the idea behind Red Canary?
We started Red Canary because we kept getting called to respond to data breaches, and we believed that businesses could do a better job stopping breaches. Our three founders had solved cyber security and massive satellite data processing problems together in the past, and we believed that a new approach was needed. To use the physical analogy, most businesses spend their time adding padlocks and door alarms to protect their sensitive data. They earnestly hope that adding more tools and systems will make them better, but often times it just results in more false alarms going off. Industry stats show that only 5% of those alarms actually get investigated. We believe that cyber security needs to evolve: organizations need to be able to continuously surveil and hunt for threats and stop them quickly.
Describe how your service works. What are the key benefits it offers to businesses?
We start with a small piece of software that installs into laptops, workstations, and servers, then begins passively recording extremely detailed information about what is happening on that computer. We collect an immense amount of data and send it back to our cloud for processing. The algorithms and bots in our cloud perform a first-pass through that data and hunt for any activity that looks like an attacker. These attackers might be the commodity ransomware that hit many hospitals several months ago, or advanced nation-state operators like those that appear to have targeted the DNC.
Most security systems look for specific ‘indicators’ of an attacker that are easy for an attacker to change. We look for the general behaviors. Anything that looks potentially threatening is handed to our hunting and response team—some of the best threat hunters, investigators, and breach responders in the industry. They perform a detailed investigation and pinpoint where the attack started, what happened, and begin responding. Red Canary makes continuous hunting and response possible for every security team at a fraction of the cost. Customers are able to level up their security program, know when they are being attacked, and adequately defend their organization.
What have been some of the biggest blind spots or areas of concern within the cyber security space and how should industry leaders be looking to solve for them?
There are three significant blind spots that stand out, which we work to address:
1: Massive Expertise Shortage
Every security team has open job postings that they are struggling to fill. A lack of supply and increasing demand has made it impossible for companies to field the security programs they need to defend their business. Red Canary takes the expertise of dozens of expert threat hunters, investigators, and incident responders and amplifies them to stop breaches for hundreds of companies.
2: Lack of Visibility
For a long time, security teams were only looking at data that came in and out of their corporate offices and had no visibility into employees who traveled or worked from home. Even on systems in their offices, they had minimal visibility from antivirus and other security software. In most cases, attackers just walked by those tools unnoticed. Red Canary collects an immense amount of data about what is happening both on systems and between them to identify attackers as soon as they land. This visibility shines a floodlight that has sent attackers running and forced them to rebuild their tools to be more stealthy.
3: Uninvestigated Alerts
Security teams on average are investigating 5% of the alerts sent from their security tools, and often continue adding more tools that generate even more alerts. When you aren’t investigating 95% of alerts, you’re completely blind to what is happening in your environment. You also have no chance to improve your ability to detect new threats because you aren’t even keeping up with the alarms going off today.
What are the top 3 cyber security trends you expect to see significantly shape the industry in 2018?
These are the three cyber security trends I see emerging now that will shape the future:
1: Continued Increase In Ransomware
Extortion will continue to rise. Attackers are always looking for ways to increase the return on their efforts. Expect to see more and more attackers using advanced techniques to increase the impact of a ransomware attack on an organization. Rather than encrypting a subset of machines right away, attackers will spend the extra time to ensure they are spread as wide as possible across an organization before launching an attack. In general, a lot of the attacks are focusing on data that’s supposed to be well-protected or can’t be easily recovered if it’s destroyed. It’s hard for people to investigate and refute in any timely manner, and many times organizations are having to pay.
2: More Proactive Use Of Endpoint Data
For many security teams, the driver for more visibility was being able to respond faster in cases of incidents and breaches. I hope this is the year that organizations start using endpoint visibility more proactively. Instead of buying it to ‘stop breaches and do faster incident response,’ they might realize the power of the data at their fingertips. Rather than waiting for a product to alert them of a suspicious behavior, more organizations will have a deeper understanding of normal behavior by watching what happens on their systems. This means understanding things like: What do my servers normally do? What is normal activity from my accounting team – and what is strange?
3: Reliance On Shared Frameworks
Speaking a common language makes it possible to measure and compare what we see. As defenders, this means that we can identify the spectrum of techniques that we expect an attacker to exhibit. Once we’ve done this, we can look across our various processes and controls to identify visibility or analysis gaps. We can look at a specific threat and clearly understand how it was found and what happened. Frameworks like those provided by MITRE and the National Institute of Standards and Technology (NIST) enable us to measure operations and controls. I believe we’ll see an increased movement toward the use of a common language so that security teams and vendors can better communicate, measure, and improve their programs.
How do you see the industry evolving in the next 3-5 years and how do you hope to impact this shift?
Everyone’s data is moving toward the cloud, so you have all of these cloud-based services where more data is moving in that direction day over day. Systems to control and protect that data have not yet caught up. If we look a few years down the road, thin computing platforms like chrome books are going to become more prevalent. At that point, you still have an endpoint, but the type of data you’re collecting is drastically different.
In the coming years, I think we’ll see a pretty steep uptick in attacks against those systems, and you’ll see Red Canary continue spreading our unique expertise from corporate networks to these cloud systems. As those cloud-based platforms become much more prevalent, we’ve already battle tested and refined their hunting and response.