I wanted to talk about what we are doing to stop unknown malware and threats as well as risks from turning into fines for customers or worse stolen IP and or data of customers, contracts, research or any relevant value in the form of a given asset type.
I said before that risk intelligence in essence is finding things that will be tomorrows next attacks, when you think about it this is really a tall order and most solutions out there don’t come close to delivering. We wanted to change this, and we believe have done this in a secure yet open platform way that does not tie any customer to a specific solution, firewall, siem or anti virus. Risks are not things that are known (usually) and since that is the case no firewall rule or antivirus signature exists that can block something that is unknown. If we are really lucky an attacker or an attack has just enough similar components so that previous rules or signatures or behavioral statistics or a profile may fit. If none of these previous detection and deterrence options exists then you have the issue of classifying and finding something that you don’t know anything about, how it works, what it is doing and how you can detect it with an indicator or alert. This is where risk intelligence comes into play. We have spend literally 1000’s of hours looking into some of the most complex attacks that use social engineering as well as every other trick in the malware, phishing and virus bag of tricks so far. When you compare attacks and how these evolve you start to understand that attacks no longer use the standard attacking plan or profiles that we are use to finding and tracking. Recent attacks that reuse code look like one thing but may in fact be something total different. Often as details of those attacks surface we find something much deeper or significant going on that requires very specific training, data and experience. This is where Operation NeedleStack comes into play with CyberNSight.
We believe that only solutions that can evolve with attacks and learn from them will be successful in the years to come in finding and collecting information and indicators of those attacks so that people can protect themselves. Simply put, attacks follow a nation-state or espionage type of game plan. If you have a flexible system that is open and can help you find the unfindable, then you can start to protect yourself against the unknown. I like to compare our solution and approach to a flashlight. If you are in the dark and you want to know where to go you need light. Only when you have light do you see the stones, roots, ledges and any other types of risks that can turn into threats to your life or your teams well-being. NeedleStack is your light in the darkness!
We offer the first customizable and flexible Risk and Threat Assessment engine, automated searches and research in any website, forum, or available data (structured and unstructured) , additionally streaming of various threat and risks intelligence sensors and data in near real time with data science analytics that are customizable. All this information in an easy to use, easy to configure, easy to report and easy to import into any other system using our very own API. Our team of experts and expert partners help us every day to find the unfindable, to classify the un-classifiable and to do the impossible.
We think its important to talk about some of the examples that you can use NeedleStack to find risks that others can not or currently don’t. (and we are far from done…)
- Example 1: Your customer fired an employee recently, this employee is trying to make the company look bad, they post a bad review on Forum/Website XYZ. We can look at websites like Glassdoor(etc.) and find comments or posts about the customers company. We know where to look and can help you configure searches that you can do to find threats and risks to your company. If you don’t know where to look and how to get the info, you don’t know who is saying what about you where. The amount of time and resources it takes is enormous.
- Example 2: A group of hackers is looking at your company, they follow your social media user to see what you are doing. They use this information to post “fake” comments about you that result in a lost deal or work. We can help you to identify potential followers, friends or lurkers that are waiting for you to make a mistake or attack you. We can help you score and classify potential threat actors and attackers from dynamic data. This data can also be used in forensics to log as evidence later should an attack actually happen.
- Example 3: A Person of Group wants to infect your company or steal your data, they look at what you do and what resources you have online, they get this information and attempt to break into your systems. If you do not know this is happening you can not block the attack because they send you phishing emails. We have suspicious as well as known information of bad senders and phishing domains, we also ca see if someone is following you on social media, we can see if someone is asking about you in the Internet and on the Darkweb, finally we can see what types of threats are being sold on Dark Markets and also see how new threats are being developed using old code and possible 0-Days that no one knows about.
- Example 4: You are a company that manufactures a product, at some point you suffer a data breach and you repair the damage to systems. 3 months later you see that a company in China is building the exact same product. They build the product at a lower price and take your business away. With our solution you can search Darknet Markets and any other online resources to see if someone stole your data and is selling your building plans or IP. If you don’t know this and data is still being taken you suffer lost business, lost customer and IP data and also fines for not reporting the breach.
- Example 5: You have suffered a breach, months later you notice that emails are sent to you and other people in your company. These emails contain contracts, malware and ask for data that you never asked for from customers. At the same time someone logs on to your financial data server and copies customer and contract records, you wonder how and why this happen. We can show you exactly what users have been stolen in which breaches when and where so that you can check which accounts are at risk and change passwords. When you know this data is out there, you can increase your security without buying any new AV, firewall or other product ( these products can not protect you against these types of risks or threats)
- Example 6: You are the police and you are looking for a threat actor, you have no information besides a name or email, with our solution you can search for social media, underground groups and also any online resources to see if additional information is available. Using our solution you find information, can document what you found and also verify and dig into more websites and forums for more details. Our solution saves you money for staff and time that you reduce by up to 90% through exact information gathering and evaluation. Results that are found are scored for reference to up to three groups of keywords that are relevant to your case, company or risks / threats you want to see and find.
Our solutions are based on finding information that is hard to see without experience and a team of people that know exactly where to look, why to look and how to look. After you find information the next task is how to know the information is relevant. Here we can qualify threats, risks and unstructured data in any way you want to reduce the time you need to view and evaluate the relevance of a found threat or risk is to you.
We are looking for customers tired of the fear and FUD sales campaigns, great researchers that do so much to help identify threats and risks and partners who want to sell something that actually works and is open. If this is what you are looking for then lets talk, we are here for you! Its time to make security fun and fair again.