Give us an overview of the challenges in the SOC space and help us understand how CyberHat’s solutions address them?
The main challenge within the SOC market is a lack of professional and domain expertise amongst employees — all the way from the design to the operation phase. While most existing tier 1-2 SOCs are commodity services that provide basic offerings like monitoring and auditing for reporting of processes, controls, and compliance. Further, most SOC providers claim to support the full stack of tier 1-4 level of services but fall woefully short of delivering advanced SOC features like incidence response (IR), forensics, and proactive monitoring. Unfortunately, most enterprises do not have the expertise to make an educated decision when choosing a SOC provider. Put bluntly, most SOC providers today are only able to assist in compliance issues or basic security operations on daily low-level topics, but in large, will neither identify a real attack nor block it. Moreover, most SOC providers cannot proactively stop attacks and lack the ability to run post-mortem forensic investigations to prevent future attacks, thereby leaving their customer’s reputations and brand at risk.
CyberHat provides the most crucial element in today’s SOCs—the skill sets, experience, and capabilities beyond a specific tool, system, or vendor. Our solution CYREBRO, the world’s first smart SOC, offers advanced cybersecurity capabilities and functionality. It has been explicitly designed to extend expert cyber defense services while providing proactive and efficient identification and response capabilities to users. CYREBRO is 100 percent technology agnostic and is an extension of our operational experience in the offensive and investigative world combined with our experience in building defense and SOC management.
How is CyberHat different from others?
CyberHat differentiates itself in multiple ways; First, we are 100 percent technology agnostic; Secondly, our team has real-world incident response, forensic and investigative expertise, Third, we employ a proactive approach from a hacker and investigator point of view to monitor, assess, and secure the entire infrastructure.
Our solution CYREBRO is the world’s first smart SOC with advanced cybersecurity capabilities and is explicitly designed to provide expert cyber defense services, to be proactive and efficient in providing identification and response capabilities to users.
Another aspect that keeps us ahead of the game is the constant and continuous education of our employees in the execution of advanced hacking simulations, in-depth practical assessments, and real-life incident response for our global clients. We have found If one doesn’t actively take part in the offensive and investigative tactical side of cybersecurity, he/she CANNOT be relevant in defense long-term.
Can you share one or two case studies with us wherein your company has helped its clients overcome security challenges and attain desired outcomes?
CyberHat is traditionally hired by organizations wishing to move beyond the “practical” aspects of defensive cybersecurity to the “real-world” practice of proactive cybersecurity. For example, CyberHat was hired to assist a multi-billion-dollar international company, with over 15,000 employees building, implementing, and operating a SOC. The client had already implemented one of the leading security incident and event management (SIEM) systems in the market. However, their IT group had little or no experience in cybersecurity, nor did they have the right personnel in-house to manage more than 60,000 security incidents per week, and expertise in SIEM and other security deterrent tools. CyberHat was called in to re-design, qualify, and operate a SOC-as-a-service from Israel, train the client’s local analyst team, and enable a clean handover of local tier 1 support within two years. At the end of the 18 months, CyberHat had re-designed, structured and were operating a round the clock operational SOC with tier 1-4 analysts’ and expert incident response (IR) teams. We handed over the SOC to the client after 20-months. CyberHat redefined the monitoring strategy, re-defined log sources and types, cleaned out the irrelevant noise, rewrote all the Run books, process, and procedures required for the client’s systems, and built a valid and relevant flow between Tier 1- 4 and a reduction of incidents to under 85 per week.
Today, that client operates a local tier 1-2 team in their local SOC (all CYREBRO certified) on its own, while we provide the required intelligence and tier 3-4 support on an on-going basis.
Where do you see more customer traction today and why? Moving ahead, what does the future for CyberHat look like?
With the rise in the sophistication of cyber-attacks combined with increases in regulatory requirements, especially in the financial services industry, enterprises are finding it increasingly difficult to keep up with the many changes that are occurring. Forward-looking companies are turning to service providers like CyberHat to become proactive and improve their organization’s security. The next segment would be high profile Fortune 500 companies that have growing concerns about cyber threats and a willingness to invest.
Over the last year, 80 percent of CyberHat’s new clients and prospects have been organizations that have bought SOC-as-a-service from big vendors such as IBM, Accenture, and Deloitte but were extremely unhappy and unsatisfied with the service. But essentially, any organization that is truly concerned with its security posture is a valid potential client.
In the coming days, CyberHat will position CYREBRO as an international standard for expert SOC infrastructure, establishing third-party SOCs through our “CYREBRO inside” business model. We also envision providing the ideal balance between expert cybersecurity skills and advanced proprietary technology developed by CyberHat. We will continuously execute advanced hacking simulations and cybersecurity assessments across the globe for Fortune 500 organizations and leading companies, enabling them to stay ahead of the game in the offensive and defensive cyber domain.