CISOs hate Warnings More than Attackers

Cybersecurity is one of the key challenges in the current era. Various risk assessments have been done and many are about to roll but to create a strong wall against attacks we have to think beyond boundaries.

We discussed with Sourabh Issar, CEO, CloudSEK to understand challenges and available solutions.

Next Generation cyber-security products

CloudSEK is an AI-driven Unified Risk Management enterprise. It’s SaaS-based products help clients assess their security posture in real-time from the perspective of an attacker. CloudSEK’s tools “CloudMon” and “X-Vigil” are the result of 4 years of extensive research and development and offer unique digital risk management capabilities to its customers.

Sourabh Issar, CEO, CloudSEK

CloudMon is an outside in discovery and posture assessment tool that enables us to track and assess all the external facing assets of our customers and help identify insecure infrastructure.

Xvigil is our internet monitoring tool that scours 1000+ sources on our client’s behalf to detect cyber threats, data leaks, identity thefts, etc.

Both these tools are powered by CloudSEK’s proprietary AI based machine learning platform that allows us to provide specific, actionable and timely intelligence/ warnings to our customers, that allows them to intervene and take remedial action preventing costly breaches and losses.

Cyber-security model and how it works?

The one thing that CISOs hate more than attackers are warnings that are late, vague or false positive. Solving this problem is what CloudSEK had in mind when we built our Unified Risk Platform. Let’s see how it works...

• For each customer that we onboard, we do an “outside in” discovery and posture assessment that enables us to track and assess all the external facing assets of our customers and help identify insecure infrastructure. Along with that, we create “hotlist” of all of that client’s domains, sub-domains, URLs, IPs, etc.
• At the same time, CloudSEK tools and experts constantly collect data from 1000+ sources including internet sources, underground/discussion forums, deep web/ dark web exfiltrated data, internet exposed applications etc.
• This collected data is processed through our proprietary machine learning algorithms to interpret, classify, filter, index, and store all this extremely valuable information in our data lake. This is where we apply all the big data analytics techniques of pattern recognition, anomaly detection, and event correlation.
• And then the magic happens. Our AI based machine learning algorithms correlate the client asset hotlist with all the 7TB of data in our data lake, in a matter of seconds, and give us alerts which are specific, actionable and timely. Something that CISO’s appreciate a lot.

This 3-step process of collect, index and correlate, took us 3 years to build and continuously improve, and is at the heart of CloudSEK’s platform.

Utilizing artificial intelligence to combat modern threats

Artificial intelligence is at the heart of the CloudSEK’s platform. All along the threat value chain, it is AI-based machine learning algorithms that power it.

1. First stage- Collect, these bots and crawlers use AI to determine which link to traverse, which forum to trawl, where to double-click, what data is relevant, etc.

2. Second Stage- The entire process of interpreting/ parsing this data, classifying/ identifying, noise filtering and indexing are driven by RNN (recurrent neural networks) based learning systems. This allows us to determine the severity of a threat. So for example, a threat involving a credible threat actor, with a successful past history, is grounds for a higher severity.

3. Third Stage- The correlation is driven by CloudSEK’s proprietary AI based Relevance Engine. This engine allows so to very quickly and accurately correlate the threats to our customers. For example, if a certain IP’s vulnerability is being discussed in a dark web forum, then we are able to determine the client it belongs to, and accordingly red flag that information for immediate action.

How does it benefit the customers?

Here are some of the unique features of the CloudSEK platform:

Machine-based: The entire platform is based on machine learning. This ability to use machines instead of manual effort allows us to process large amounts of data, very quickly and cost-effectively. These are then bolstered by our security SME’s which allow us to confirm the signal from the noise.

SAAS: The entire platform is available to our customers in a SAAS model where they pay for what they are using. This allows our customers to scale up and down as required without worrying about restrictive lock-in.

No internal data access: The system doesn’t need any access to customer systems/ data. This allows our customers to avoid time-consuming and cumbersome integrations and/ or IT approvals.

Flash Deploy: Hardly taking a couple of days to go live for a customer, there is no long deployment cycle. Allowing customers to get ahead in the superfast cybersecurity world.