The Leading AI Cyber Security Firms (Part 1)
In a new era of digital business, companies are being driven to rethink their approach to technology. And there is now more focus on using technology strategically, which forces more collaboration between IT and commercial business units.
And as more organisations prepare to buy AI-enabled security tools, potential customers have a lot of concerns about the best ways to install and use these products, as well as the technology behind them. This Report will help you choose the right organisation for your protection.
Being closer to the cutting edge means that businesses need to have a better understanding of which technologies can directly be adopted and which ones are security safe to engage with enabling more comprehensive solutions.
Among the many emerging technologies that companies are exploring to gain a competitive edge is Artificial Intelligence (AI).
But it’s security is often misunderstood.
This research report provides context for the state of AI adoption, describing general perceptions around the concept, current implementation status, and hurdles in the way of future success.
Artificial intelligence may be closer than ever, but there are still security steps to take before it is fully integrated into everyday business.
Using a broad definition for AI, many existing IT activities could be placed on an AI spectrum, and building on these activities could lead to better automation or stronger data analysis.
However, most companies take a modern view of AI, imagining use cases such as personalised customer experience or security incident detection.
Along with the introduction of new AI components, companies must also consider the infrastructure needed, the data that will drive the work, and the processes for integrating AI into workflow.
Furthermore, the skill set required to develop modern AI is not a simple extension of existing software skills. There are certainly new algorithms to learn, but there are also new concepts around training these algorithms and reverse engineering unexpected results.
As much as companies may be adding experience in software development, true AI development requires a new way of thinking.
Of course, most companies will not perform their own AI development. Their adoption of AI will come in the form of products that incorporate these new software methods.
The Business Case for AI
The question of how AI is being used in the enterprise is closely related to the question of what AI is in the first place. Given a fluid definition over the years, many existing IT components could once have been classified as mimicking human intelligence.
The development of Artificial Intelligence (AI) has begun to appear in a lot of different IT products, including in the field of cyber security and corporate analysis.
Improvements in technology is being driven by competition and developments that includes new innovations by a number of firms and organisations.
And as more organisations buy AI-security tools, there has been a number of concerns raised about the technology and the best ways to implement and use these products.
Specifically, vendors need to understand how a customer will ensure the data used to train and run an AI-enabled security product is high in fidelity and free from bias.
The field of cyber security is very active at the moment, with new techniques and attack prevention methods appearing almost every day and we would like to highlight the leading AI cyber security organisations that are really effective and currently operating.
But first we will succinctly discuss the concept of AI.
Artificial Intelligence
AI is a blanket term that shifts over time as computing becomes more powerful, then this most recent incarnation has specific characteristics that are worth understanding.
As the name implies, AI or Artificial Intelligence is not natural, and it is a simulation of how the human mind works. Much like a machine, the human brain controls all function of an organism.
For example, how the mind managed active functions and another is autonomous responses that are basically knee-jerk responses. More technical know-how is available to give machines an iota of sentience, like self-driving cars and interactive robots that can manage without human assistance.
Look at the brain, once scientists could only dream of making something as good as the human brain. Now we have computers that are made up of electronic components, to make computer approximate what is human thinking.
For example, every biological component has an electronic part that approximates how machine work in the real world. AI constructs have sensors that are similar to sight, hearing, touch, and feeling that is almost similar. Human operate on the same idea, but are biological machines based on carbon, and AI is steel and electronics.
One requirement to make AI this responsive and smart is using lots of data, the human mind has the most data in nature. Teaching machines with AI, allow them to do tasks smartly, and better than humans.
Three concepts in particular play a large role in defining the unique properties of modern AI.
Machine Learning. To a large extent, machine learning is actually the end goal for most of the cutting-edge work in AI.
Machine learning generally refers to techniques that allow computers to gather data and build their own pathways for analysing that data. There is no single approach or algorithm that defines machine learning; instead, there are many different methods being used to produce machine learning capability.
This means that an end user needs to know the details behind the specific machine learning process they are implementing.
Deep Learning. Deep learning is one of the most common approaches for machine learning. With deep learning, computers analyse problems at multiple layers in an attempt to simulate how the human brain analyses problems.
Visual images, natural language, or other inputs can be parsed into various components in order to extract meaning and build context, improving the probability of the computer arriving at the correct conclusion.
Neural Networks. These software models consist of five parts, a decision-making unit called a neuron, inputs, weights that can be assigned to the inputs, biases that shape the analysis, and a single output (also called an activation function). Multiple stages of neurons can be stacked together to result in the multi-layered analysis found in deep learning.
AI Concept
AI is not so much a new tool or product as it is a new concept. Fully understanding this concept and putting it to use requires an appreciation for how AI fits into the overall IT plan.
It starts with data, consolidating all corporate information together in order to properly train an AI system and then feed in the appropriate inputs. It extends to the other technology initiatives in a company, so that AI is integrated with existing systems and innovative solutions.
The final step is applying AI results to business processes, recognising that when AI comes close to human intelligence, it is making an educated guess that can still be balanced by workforce expertise.
With that in mind, organisational data capabilities should be a prime consideration for AI readiness. Very few companies feel that they are exactly where they want to be in terms of how they manage their data.
This could mean some degree of dissatisfaction at any stage of the data process, from capturing new data streams to data storage and manipulation to data- driven decision making.
The same deficiencies that would have kept companies from fully embracing big data models will be an impediment to AI adoption.
AI is the application of heuristics, or a shortcut, that allows problems to be solved and judgements can be made quickly to distinctly improve programming.
Rather than running through a list of instructions like a procedural programming language, AI methods maintain a database of instructions and act on data as variable. The selection of the next action to take relies on the application of probabilities.
This methodology enables the programs to write their own rule bases by tracking activities on a network. The longer a program is resident, the less likely it is that your business’s activities will be crippled by “false positives” that cause the security software to shut down internet access and close down programs.
Machine learning and variable workflows have transformed the cyber security industry but current analysis suggests that come next year 2021, cyber-crime losses will cost upwards of $6 trillion.
Because effective information security requires smarter detection, many cyber security companies are upping their game by using Artificial Intelligence to achieve that goal.
Now AI is being used as a cyber security tool to find and mend system vulnerabilities continuously and as cyber criminals develop new ways of penetrating IT systems and so organisations must try to stay on watch and AI will help the process.
From a benefit perspective, companies are still focused on a traditional IT viewpoint around cutting costs. AI can help with cost savings, but the greater potential lies in opening new doors. Nearly half of all companies are hoping to discover new insights, but these must be factored into a new decision-making process rather than taken as gospel.
Most AI activity today is happening within companies with the resources to perform their own AI development, but over time AI will become more and more productised.
For businesses to truly reap the benefits of AI beyond moderate improvements to existing processes, they will have to embrace the changes necessary for handling probabilistic results and build the capabilities needed for managing massive quantities of data.
In Alphabetical order here are some of the top cyber security companies for AI implementation you should review and consider using:
All of Blackberry Cylance’s products integrate AI technology. The threats that BlackBerry Cylance’s AI security platform protects against include malware, file-less attacks and zero-day payload attacks.
Its main packages are:
Cylance Protect is an endpoint security system:
Essentially this is an AI-based anti-malware system that looks for changes in patterns of activity on the device rather than relying on a threat list distributed over the Internet from the AV provider. In addition to checking on activities, this system controls access to the device.
Cylance Optics is a corporate version of Cylance Protect. The threat detection is applied to all devices on the system and stored centrally. The responses to a detected intrusion are triggered automatically, making this a classic IPS.
Cylance Threat Zero is the consultancy arm of the company. Consultants propose a blend of products and can also customize protection software.
Cylance Smart Antivirus is another AI-based AV system, which is suitable for home users and small businesses.
BlackBerry is also innovating its security products by integrating AI, so the acquisition of Cylance will propagate this new technology throughout the parent company and its other divisions.
By harnessing artificial intelligence, machine learning, and automation, BlackBerry Spark delivers world-class cyber threat prevention and remediation while providing visibility across all endpoints, including desktops, mobile devices, servers, and IoT.
Its main aim is to prevent threats before they infiltrate company systems and cause them damage.
BlackBerry provides intelligent security software and services to enterprises and governments around the world, securing more than 500M endpoints including 150M cars on the road today.
Based in Waterloo, Ontario, the company leverages AI and machine learning to deliver innovative solutions in the areas of cybersecurity, safety and data privacy solutions, and is a leader in the areas of endpoint security management, encryption, and embedded systems.
Following its acquisition in 2019, BlackBerry integrated Cylance’s AI-powered endpoint protection into the BlackBerry Spark platform to provide a comprehensive Unified Endpoint Security layer that works with any Unified Endpoint Management to deliver Zero Trust.
The platform offers a broad set of security capabilities and visibility protecting people, devices, networks, apps and automation from advanced threats including malware, file-less attacks and zero-day payload attacks.
BlackBerry Spark is built to enable a Zero Trust security environment, focused on earning trust across any endpoint and continuously validating that trust at every event or transaction.
By validating user actions, it continuously authenticates users to deliver a Zero Touch experience that improves security with no user interruption. In this way, dynamic trust is achieved across all devices, networks, data, users, and apps.
Blackberry is listed on the Toronto Stock Exchange and has a market capitalisation of C$6.25 billion ($4.75 billion).
Cylance started out as an independent cyber security company, but since November 2018, it has been a division of BlackBerry Limited. The company’s sale valued it at $1.4 billion. BlackBerry has maintained Cylance as a separate brand.
The founder of Cylance, Stuart McClure is well-known in the cyber security industry. He co-founded a security consultancy, called Foundstone in 1999 and sold it on to McAfee in 2004. That buyout saw McClure appointed to Chief Technology Officer at McAfee. That position, together with his book Hacking Exposed, gave McClure a high public profile.
Cylance began existence in 2012 at a base in Irvine, California.
Blue Hexagon was founded on the belief that deep learning will fundamentally change cyber security and it offers customers real-time network threat protection which can be delivered in less than a second.
Therefore, Blue Hexagon is a deep learning innovator focused on protecting organisations from cyber threats. The company’s real-time, deep learning platform is proven to detect known and unknown network threats with speed, efficacy, and coverage that set a new standard for cyber defense.
It uses AI to create malware based on global threat data and the dark web, all in an effort to test its own systems and push its capabilities to the limit.
Blue Hexagon's systems work in networks and in the cloud, covering a variety of threats across a multitude of different platforms.
Key Blue Hexagon platform differentiators include the following:
- Coverage: The Blue Hexagon platform supports malware detection across a variety of operating systems, including Windows, Linux, MAC, BSD and Android. Protection is available on-premise, private and public cloud deployments (AWS and Azure)
- Speed and Scale: Blue Hexagon’s Deep Learning Platform offers a stateless architecture and orders of magnitude faster detection over legacy rule or signature matching and malware sandboxing. This enables superior threat prevention for the multi-gigabit networks of today.
- Accuracy: The Blue Hexagon platform detects and blocks 99.8% of the malicious software that can enter an enterprise network before malware variants are even seen in threat databases like Virustotal.
- Predictive AI-IOCs: The platform can generate probabilistic indicators of compromise that can significantly reduce SOC analysis burden & improve incident response SLAs.
Blue Hexagon is headquartered in Sunnyvale, CA, and backed by Benchmark and Altimeter Capital.
Callsign uses AI and ML to validate a person's identity just from a swipe on a touchscreen, number of keystrokes on the keyboard, number of locations, and other activities.
The company's trademark platform, Intelligence Driven Authentication, combines multi-factor authentication and fraud analytics powered by deep learning technology to fight against fraudulent activity, from identity fraud to SMS phishing.
The platform collects thousands of data points, including behavioral, device, locational, and telecoms, to correlate identity traits and combines this with threat analysis information to ensure that this data has not been compromised.
The data is then analysed in real time using advanced machine learning and intelligence models to deliver a confidence score that the user is who they say they are when making a transaction. The Intelligence Engine works from the first interaction, getting richer with every subsequent interaction to build a unique identity profile for every user.
Whereas other authentication companies may use AI to detect the occurrence of fraud, Callsign creates profiles at an individual level. The idea is that everyone isn't the same, so the company doesn't apply general predictive models.
Data breaches are increasingly devastating, often wiping out billions in market capitalisation and costing public company CEOs their jobs. Damage rarely results from a single compromised server.
It results from attackers moving laterally (East-West) through the datacenter from a single point of compromise, often for months, as they locate, harvest and exfiltrate sensitive data.
Most security professional know this, but struggle to adequately protect their data centers.
Carbon Black focuses on understanding the attackers behaviour patterns and therefore can detect and stop unique attacks.
Carbon Black uses the power of the Cloud and analyses more than 500b events daily.
VMware software powers the world’s complex digital infrastructure. The company’s cloud, networking and security, and digital workspace offerings provide a dynamic and efficient digital foundation to customers globally, aided by an extensive ecosystem of partners. Headquartered in Palo Alto, California.
Behind the web tier, micro-segmentation and in-band East-West firewalling helps prevent lateral movement of attackers. The VMware NSX Distributed IDS/IPS, a new capability of the VMware NSX Service-defined Firewall, will provide intrusion detection on the many different services that make up an application making it easier to get deep visibility.
The distributed architecture of NSX Distributed IDS/IPS will enable advanced filtering to be applied to every hop of the application, significantly reducing the blind spots created when using traditional perimeter security products.
Policies will be automatically generated and enforced on an application-specific basis, thereby lowering false positives.
“We believe cybersecurity professionals should be looking at existing kill chain models with a new lens,” said Tom Kellermann, Carbon Black’s Chief Cybersecurity Officer and the paper’s primary author.
“It’s no longer helpful to approach cybersecurity linearly. Cognitions and context are critical and help reveal attackers’ intent.
Understanding the root cause of attacks and the way attackers think is paramount to good cybersecurity. With the ‘Cognitive Attack Loop,’ we’re offering defenders an updated model of how attackers think and behave.”
Carbon Black is a leader in cloud endpoint protection dedicated to keeping the world safe from cyberattacks.
The CB Predictive Security Cloud consolidates endpoint security and IT operations into an endpoint protection platform that prevents advanced threats, provides actionable insight and enables businesses of all sizes to simplify operations.
By analysing billions of security events per day across the globe, Carbon Black has key insights into attackers’ behaviors, enabling customers to detect, respond to and stop emerging attacks.
Check Point offer its customers the option of customising threat intelligence it receives via its IntelliStore platform, allowing for specific protection for the company’s needs.
Security from Check Point spans across cloud, on-premise and mobile infrastructures.
Additionally, the company offers services to governmental bodies as well as companies.
Check Point is a maturing technology company that has managed to transition from “startup” status through to established multinational. This Israeli company has long been at the forefront of the use of AI in cybersecurity.
Starting off as a firewall producer, the company consolidated its position in that market in 2003 with the acquisition of Zone Labs, the makers of ZoneAlarm security software. Check Point expanded into threat detection and prevention in 2006 with the acquisition of NFR. This purchase indicated the main move of the company into more complex cyber security solutions.
Rather than producing a specific AI-based threat management product, the company invested in the development of three AI-driven platforms that contribute to many of the business’s key offerings.
These are Campaign Hunting, Huntress, and Context-Aware Detection (CADET).
Campaign Hunting is a centralised service that updates client-site threat detection systems with the latest attack vectors and defense strategies. This is similar to the virus databases used by antivirus providers.
The data transmission is two-way because onsite implementations report back to the Check Point lab when any new threats are detected. This tool accounts for about 10 percent of Check Point’s successful threat prevention events.
Huntress is a sandbox for software that is about to be introduced to a network. The AI-based system analyses the performance and behavior of the program under examination and reports back to Check Point’s central system if anomalies are encountered. Once again, the solutions derived for this analysis are shared with all of Check Point’s customers.
CADET is an entire platform for all of Check Point’s network protection products. A network discovery and monitoring system underlies this platform and its research extends through to applications and out into the cloud. The monitor continually assesses all events occurring in the business’s network, including email contents and exchanges with web servers.
The CADET AI engine aggregates event data in real-time, so attack vectors that exploit seemingly unrelated resources simultaneously can be blocked. The unsupervised machine-learning feature of CADET hones the threat database to cut down crippling false positives. It creates a digital security analyst and triggers prevention measures automatically.
As an early leader in the cyber security field, Check Point has hot-housed many of the cybersecurity stars of the industry. This is where Imperva founder Shlomo Kramer first built his credibility in the industry, and Palo Alto Networks founder, Nir Zuk made his name at Check Point before going on to found a rival company.
To a certain extent, this talent flight makes Check Point a victim of its own success, as it has acted as a training academy for future rival startup entrepreneurs.
The company went public in June 1996 with a listing on the NASDAQ exchange. The headquarters of the business are still in Tel Aviv, Israel, where the company first started up, and there’s a major development center in San Carlos, California.
Because of Check Point’s ability to so far keep ahead of the competition and exploit new technologies, such as AI, the company now has a market capitalisation of $19.4 billion.
CrowdStrike is one of the most popular cyber security companies in the market, with dozens of high-profile customers.
CrowdStrike's Falcon platform uses AI to give users quicker visibility and protection across their entire organisation and focuses on preventing end-point attacks.
With Falcon, CrowdStrike is able to provide real-time protection and actionable threat intelligence as well as around-the-clock managed threat hunting.
CrowdStrike is a SaaS (software as a service) solution that leverages advanced EDR (endpoint detection and response) applications and techniques to provide an industry-leading NGAV (next generation anti-virus) offering powered by machine learning to ensure breaches are stopped before they occur.
The CrowdStrike Developer Portal provides documentation, use cases and tutorials to help channel partners create apps and integrations to address various security issues, the company stated.
It enables channel partners to engage with CrowdStrike so they can develop apps and integrations that leverage the company’s endpoint protection platform.
For modern businesses, the standard lifecycle of incident recovery is often a long and expensive process involving large amounts of operational downtime and interruptions.
Endpoint Recovery Services was introduced to fundamentally shift the traditional approach of how businesses recover from known security incidents.
By leveraging the power of the cloud-native CrowdStrike Falcon Platform and Threat Intelligence at the hands of CrowdStrike’s highly-experienced Services team, Endpoint Recovery Services helps customers actively remediate ongoing security threats and rapidly recover from a potential incident while minimising business interruptions.
Cybereason is a cyber security analytics platform that provides threat monitoring, hunting and analysis. It gives companies and organisations greater visibility within their security environment as well as the ability to get ahead of threats.
Cybereason’s AI-powered hunting technology determines whether or not an organisation is under attack. Threat hunting typically requires significant resources, but Cybereason automates the job so security teams of all sizes and skill levels can benefit.
Cybereason, creators of the Cyber Defense Platform, gives the advantage back to the defender through a new approach to cyber security.
Cybereason offers endpoint detection and response (EDR), next-generation antivirus (NGAV), and active monitoring services, powered by its cross-machine correlation engine. The Cybereason suite of products provides visibility, increases analyst efficiency and effectiveness, and reduces security risk.
Cybereason received a AAA rating in the Resistance to Evasion category by detecting and blocking 100 percent of the malware and exploits when subjected to 49 evasion techniques used by NSS Labs during the test.
According to the NSS Labs 2020 AEP product rating report “It is imperative that endpoint protection correctly handles evasions. If an endpoint protection platform fails to detect a single form of evasion, an attack can bypass protection.
“Our engineers verified that Cybereason’s endpoint protection was capable of detecting and blocking malware when subjected to numerous evasion techniques.”
According to the results from the 2020 NSS Labs AEP report, the Cyber Defense Platform is comprehensive and has robust management capabilities. It produces low false positive results, has excellent resistance to evasion, excellent malware protection and strong exploit protection.
In addition, Cybereason received NSS Labs’ AA rating, or near perfect scores in several additional categories, including:
Malware Delivered over Emails:
The Cyber Defense Platform blocked 99.9 percent of the 1,531 malicious emails sent during the test. Crime actors have turned to social engineering to successfully breach enterprises through spear phishing, hijacked email accounts and other deception techniques.
Malware Delivered over HTTP:
The Cyber Defense Platform blocked 98.3 percent of 424 attacks using websites to deliver malware. Hackers oftentimes hijack widely used websites to carry out malware attacks.
Tuning and False Positives:
The Cyber Defense Platform was tested against a varied sample of legitimate application traffic that might be identified as false positives. Cybereason flagged less than 1 percent of the 645 samples, that included but wasn’t limited to the following file formats, exe, jar, pdf, doc, docx, zip and xls.
Drive by Exploits:
The Cyber Defense Platform blocked 98 percent of the 256 drive-by exploits. A popular infection technique used by criminal actors is to exploit a user that visits a particular website and installs the exploit onto the user’s computer.
Cybereason is privately held, has raised $189 million from top-tier VCs, and is headquartered in Boston, with offices in London, Sydney, Tel Aviv and Tokyo.
Cynet deploys AI in its network threat detection systems that examine threats and act on them automatically. The ethos at Cynet is to make advanced threat protection as straightforward as running any system monitoring package.
The Cynet network protection suite is written to provide accessible threat protection to organisations that do not have specialist cybersecurity personnel.
That said, the system is not just for understaffed small enterprises. The service’s customer base includes large multinationals with tens of thousands of employees, including organisations with a high cost of security failure, such as banks.
Cynet has one product, called Cynet 360.
This is a complete cybersecurity system that includes AV endpoint protection through to device detection, threat prediction, user behavior modelling, and vulnerability management.
The system has a discovery phase, which uses standard network topology mapping methods to discover all network devices and endpoints. The system checks through event logs and tracks traffic patterns to build up a baseline model of regular network activity. This logging stage creates a risk ranking for traffic sources and types of behavior.
With these actions, Cynet 360 creates its AI knowledge base and threat monitoring can begin.
Threat detection extends to the placement of decoys masquerading as real endpoints, files, and servers, that aim to attract attackers away from genuine network resources.
The company is relatively new, being launched in 2015 by “boy security wonder,” Eyal Gruner. Young Gruner had already developed and sold off cybersecurity firm Versafe by the age of 25 in 2013.
Gruner’s solid reputation as an innovator and high flyer no doubt helped the fact that by 2018, Cynet was picking up speed, expanding to serve large corporations and drawing in venture capitalists. A 2018 sale of a small stake in the company to IT investors for $20 million gave the entire enterprise a multi-billion-dollar price tag.
Key investors in Cynet include Shlomo Kramer, founder of Checkpoint, which is also on our list. Other key providers of funds are Norwest Venture Partners and Ibex Investors. Cynet is based in Tel Aviv, Israel and is still a private company with no stock exchange listing. Eyal Gruner still heads the board as co-CEO, alongside Uzi Krieger.
The services offered by Darktrace involve analysis of real-time company data via machine learning. This allows for examination of any deviations from usual behaviour, which may suggest that a company’s system is under threat.
The company has used artificial intelligence with its Enterprise Immune System and Darktrace Antigena platforms, both of which leverage the power of automation to identify a diverse range of threats at its earliest stages, including cloud-based vulnerabilities, insider attacks, and state-sponsored espionage.
A notable AI-powered platform offered by Darktrace is the Enterprise Immune System. This helps you analyse what is happening within your systems and detect problems.
Darktrace developed its Enterprise Immune System as a platform for all of its cyber security products. EIS uses AI methodologies and populates status rule bases through unsupervised machine learning.
The first thing that EIS needs to do when installed on a network is to establish a baseline of normal activity. This is termed the “pattern of life” in Darktrace terminology. Traffic pattern for each network, the activity of each device on the network, and the behavior of each user is modelled to provide this record of standard conduct.
With the pattern of life established, the monitoring system is then able to identify any event that is out of the ordinary. Deviations from the standard traffic patterns on the network raise alerts. The learning mechanism of EIS does not stop, but continues to refine the pattern of life models throughout its service life.
The EIS system’s establishment of a norm means that it doesn’t have to maintain a threat database. Any unusual occurrence on the network is treated as a threat. The pattern extends out beyond the corporate LAN to cover Wi-Fi segments, cloud-based resources, WANs, and the internet connections between them.
The detection of an anomaly triggers an automated response, which also relies on AI technology.
A group of mathematicians and government cyber intelligence experts in the US and the UK founded Darktrace in 2013.
They did this with directors who previously worked at Autonomy and key staff members with mathematics experience gained at the University of Cambridge. Other key members include former secret service personnel, such as the former CIO of the CIA, Alan Wade, and the former Director General of MI5, Lord Evans of Weardale KCB.
The company is headquartered in Cambridge, UK and has a second head office in San Francisco. The company has over 1,000 employees. The business reached a valuation of $1.65 billion by 2018.
Digital Shadows minimises digital risk by identifying unwanted exposure and protecting against external threats. They review how your business operates on-line and they analyse the potential risks from employees, cloud and your businesses connections.
Organisations can suffer regulatory fines, loss of intellectual property, and reputational damage when digital risk is left unmanaged.
Digital Shadows SearchLight helps to minimise these risks by detecting data loss, securing your online brand, and reducing your attack surface.
Digital Shadows finished 2019 with a record quarter and year. More than doubling partner revenue, the company is focused on expanding its lead in the digital risk protection space by boosting the partner and sales leadership team.
Digital Shadows’ SearchLight service has clients register their document-marking systems, email headers, subsidiaries, employees, keywords, and intellectual property, and it continuously monitors over 100 million web data sources in more than 27 languages for matches.
When it spots a problem with one of its clients using a combination of search engines, APIs, and custom crawlers, the managers will receive alerts that include remediation suggestions, along with shortcuts to launch take-downs directly within SearchLight’s web-based portal.
As for Digital Shadows’ Shadow Search, it allows customers to quickly surface threat information from a curated set of published and shared material, or to research mentions of third-party products, brands, and other observables.
It’s a largely autonomous affair on the backend, but Digital Shadows retains a team of human analysts charged with filtering and vetting info to eliminate false positives.
Digital Shadows says that for one financial institution, it managed to find a folder of over 3,000 documents that included its ATM network’s designs.
For another, a West Coast tech firm, it detected database admin passwords that had been shared online on a coding site.
FireEye was founded in 2004 and specialised in threat research and recovery consultancy services. This is a labor-intensive field of work and didn’t make the company any money. Through innovation and acquisition, the company has moved into the production of cyber security tools that use AI to monitor networks and spot anomalies.
Now FireEye has a unified platform of services and intelligence includes threat detection, prevention and response.
Mandiant threat intelligence comes in a range of packages which cater for a variety of needs that a company may have, including resource strategy, vulnerability prioritisation and intelligence by sector.
This strategy, together with moving from a fee-based structure to a subscription Software-as-a Service has made the business profitable and turned what was beginning to look like an overrated novelty into a sought-after investment.
FireEye offers a full suite of security products, intelligence and services to protect customers from cyber threats. FireEye was the first to use virtual sandboxes, known as FireEye MVX, to identify new threats that bypassed traditional signature-based solutions.
FireEye Helix centralises customers’ security infrastructure and uses AI to identify new threats and automate both human and machine responses.
FireEye provides endpoint, email and network products to prevent, detect and respond to cybersecurity incidents. The company also offers intelligence and consulting services, including Managed Detection and Response and Incident Response. The company makes its cyber security experts available via a live chat facility within Helix.
FireEye was founded in 2004 by a former Sun Microsystems engineer, called Ashar Aziz. One of the first financial backers of the company was In-Q-Tel, the investment arm of the CIA.
The company expanded through acquisition, resulting in a high revenue, but no profit. Ashar was the CEO of the company until the end of 2012. He stepped down on the appointment of former McAfee CEO, David DeWalt.
DeWalt was seen as an attractive corporate head for the stock market, which was a key attribute needed for a company that wanted to launch an IPO. FireEye listed on the NASDAQ stock exchange in late 2013. As a tech startup, FireEye never had problems raising finance.
However, the bar of expectation is much higher for listed companies and FireEye needed to go through a restructuring in 2016 to finally push the business into generating profit.
Today the business is worth $3.3 billion.
Fortinet AI capabilities involve analysis of billions of cyber-attacks, with intelligence based on analysis sent from its FortiGuard Labs to its customers. The company also offers Ai-powered firewall technology in the form of FortiWeb, which features threat detection for web applications guided by two layers of statistics.
Although Fortinet is not a well-known brand to the general public, it is a leader in the cybersecurity industry and is slightly bigger, in terms of market capitalisation, than the more famous Symantec.
The company has its headquarters in Sunnyvale, California and was started up in 2000 as Appligation, Inc. by brothers Ken and Michael Xie.
Ken Xie had previously been an executive of NetScreen Technologies, a company that he co-founded, and Michael Xie was an executive of ServeGate before starting up Application. The company name was changed to AppSecure in late 2000 and then became Fortinet.
The first product that the company produced was FortiGate, a hardware firewall. This is still a key product of Fortinet, although it has been through a number of redevelopment phases over the years. The firewall is now also available as a cloud service.
The company developed the concept of the security fabric to express a strategy that collects network activity points from several points in the enterprise to search for threats.
The general industry term for this category of service is “unified threat management.” This workflow includes endpoint protection, access protection, application monitoring (such as email and web security), and advanced threat protection.
The various data collection points in the organisation collect threat intelligence, which is compiled at a central point on the networks to monitor for intrusion or infection.
Fortinet developed the AI-based Self-Evolving Detection System (SEDS) as the main analytical engine of the security fabric. The defense mechanism requires access to network resources, such as firewall rules and operating systems, to enable it to trigger automated defense actions to block any detected threats.
Fortinet has continuously proved to be a good bet for investors. It first turned a profit in 2008. By 2009 the company supplied 15 percent of the unified threat management market. When the company floated on NASDAQ in November 2009, its share price rose from $9 to $16.65 on the first day of trading.
Fortinet has a market capitalisation of $14.84 billion.
Kaspersky, one of the world's top security firms, said recently that it had discovered a new hacker group that is targeting organisations from the Middle East industrial sector.
Kaspersky Global Research and Analysis Team have uncovered a targeted campaign to distribute Milum, a malicious Trojan that gains remote control of devices in various organisations including those representing the industrial sector.
This operation is currently active and has been named WildPressure.
Advanced persistent threats (APTs) are commonly associated with the most sophisticated types of cyberattacks. Quite often, the attacker secretly gains extended access into a system to steal information or disrupt its normal operation.
These attacks are typically created and deployed by actors that have access to some large financial and professional resources. Given the nature of this threat, WildPressure quickly gained the attention of Kaspersky researchers.
Moscow-based Kaspersky Labs, founded in 1997 by Yevgeny Kaspersky ,has been selling one of the most lauded antivirus programs on the market for more than 20 years.
Today the company's revenues are closing in on a billion dollars annually, and significantly, more than 85% of these revenues come from outside Russia.
Commercial spyware programs are background-running apps installed on phones, which can be used to monitor and track device activity. In 2018, Kaspersky Lab products detected stalkerware programs on 58,487 unique mobile devices, proving the severity of the threat.
Kaspersky Lab has upgraded its Kaspersky Internet Security for Android with Privacy Alert, a new feature that warns the users if their private information is being monitored via commercially available spyware.
While this kind of software is deemed to be legal, the program’s presence is often both unwanted and unknown by the user affected. In some cases, a program’s download page specifically states the software is intended to be used for secretly spying on the user.
For this reason, Kaspersky Lab decided to introduce a special alert for such programs, enabling those affected to decide for themselves what they want to do about it.
Commercial spyware programs are background-running apps installed on phones, which can be used to monitor and track device activity. Usually used to spy on partners or ex-partners, there is nothing to stop people using such programs to target specific individuals for malicious purposes.
This is often done without the victim’s knowledge, leading to these types of programs being commonly referred to as ‘stalkerware’.
While functionality varies, it often allows the person who installed it to access their victim’s device information, SMS messages, photographs, social media conversations, geolocation data and, in certain cases, to transfer audio and camera recordings in real time.
While installing stalkerware on someone else’s device requires physical access, it can be done quickly by downloading an app onto the phone from a distributor’s website. In 2018, Kaspersky Lab products detected stalkerware programs on 58,487 unique mobile devices – proving the severity of the threat.
Kaspersky Lab has now developed new attention grabbing alert that clearly notifies users of Kaspersky Internet Security for Android if such programs are found on their devices. In addition, Kaspersky Lab researchers have looked at the wider landscape for such software. The resulting report, ‘Beware of stalkerware’, features analysis of commercially available spyware, including the most popular consumer surveillance apps.
The research shows that alongside the obvious privacy invasion, such programs generally lack protection measures for the sensitive data being hijacked.
For instance, five out of 10 stalkerware programs analysed had either experienced a data-breach or were found to be vulnerable to such attacks. Analysts even discovered one vendor storing victim data files on a server with critical security vulnerability, leaving the stored data accessible to all.
Kaspersky is one of the world's best-known antivirus companies, trusted by millions of people. But from 2015, there were questions about Kaspersky's data collection practices. ... A few years ago, US government departments banned the use of Kaspersky's software on staff computers. The scandal hurt Kaspersky badly.
The US Department of Homeland Security banned Kaspersky products from all government departments on 13 September 2017, alleging that Kaspersky Lab had worked on secret projects with Russia's Federal Security Service.
Kaspersky Lab denies the allegations, but regardless of what the truth is, the accusation is out there. Now, one of the first things many Americans think of when it comes to Kaspersky is Russian espionage.
When we reviewed the Kaspersky controversy, several security experts said that for most people the Russian government would not be part of their threat model. In other words, the allegations, if they’re true, would have little impact on them.
If you work in a sensitive industry such as civic engineering or aerospace, definitely weigh the risks and the rewards of using this suite. Perhaps even get some guidance from your employer, especially if you’re prone to bringing your work home and putting it on your personal machine.
However, for most Kaspersky is a recommended and trustworthy cyber security organisation.
The company provides an end-to-end security solution for organisations to detect and quickly respond to cyber security threats.
The company uses machine learning to profile and detect threats, compromised accounts, privilege abuse and other anomalies. A user interface allows security teams to more easily and quickly respond to threats.
LogRhythm is a world leader in NextGen SIEM, empowering organisations on six continents to successfully reduce risk by rapidly detecting, responding to and neutralising damaging cyber threats.
The LogRhythm platform combines user and entity behavior analytics (UEBA), network traffic and behavior analytics (NTBA) and security automation & orchestration (SAO) in a single end-to-end solution.
LogRhythm’s Threat Lifecycle Management (TLM) framework serves as the foundation for the AI-enabled Security Operations Center (SOC), helping customers measurably secure their cloud, physical and virtual infrastructures for both IT and OT environments.
They are based in Boulder, Colorado, USA.
Spun off from SAP in 2005, SAP NS2 uses data analytics and fusion technologies from SAP and applies them to cybersecurity, working with a number of US security agencies and corporations.
Their AI and ML technology helps national security professionals process troves of data and protect sensitive information passing through a variety of locales.
In addition to their work with defense industry customers, SAP NS2 systems also handle the hard work of securing supply chains, which often involves dozens of companies operating in a variety of scenarios.
The company also uses AI and machine learning to protect cloud platforms for a number of different customers.
"If you're not deploying AI and machine learning, you're probably still selling stage coaches," said Mark Testoni CEO at SAP NS2. "We're either users of these things or developing capabilities with them. It's become extraordinarily important in everything from a cyber fight to the competitiveness fight."
A main focus of Sophos cyber security services is on endpoint protection using AI, which is carried out through its Intercept X Endpoint product. Also offered is its XG Firewall, which leverages its XStream DPI engine. This is connected to endpoints via Sophos’ Security Heartbeat.
British-based Sophos has its headquarters just outside of Oxford. It also has a US base in Burlington, Massachusetts and offices around the world. The company began as an antivirus producer in 1985.
Sophos expanded its range of products and opened new offices across the globe to feed its expansion, much of which was driven by acquisition. The move by Sophos into AI-based cybersecurity products occurred in February 2017 with its acquisition of Invincea.
Invincea was founded in 2006 under the name Secure Command, LLC. Its first aim was to produce security products for mobile devices. It landed a $21 million commission from DARPA to secure the Android devices used by the military and its personnel.
The fruit of this project is called Intercept X and it is based on AI-driven deep learning techniques. Sophos has applied the X strategy to products for a range of operating systems.
The two main AI-based Sophos products are Intercept X for endpoint protection and the XG Firewall to protect networks.
Intercept X uses AI to avoid the need for a threat database distributed from a central location. The heat of the service is a deep learning neural network that was developed by Invincea.
This monitors regular activity on the protected device and raises alerts when unexpected events occur. Endpoint Detection and Response (EDR) triggers workflows and actions to shut down exploits and isolate infections once they are detected.
The Intercept X methodology has been particularly effective at blocking ransomware attempts. It is also a comprehensive solution to zero-day attacks, which means that no company needs to be the first victim of a new virus.
The XG firewall is a hardware device for networks. Its dashboard gives feedback on current events and traffic on the network, but its main value lies in its automated response mechanisms that enforce security without the delays caused by the necessity for human intervention.
Sophos was funded by venture capitalists until June 2015, when it floated on the London Stock Exchange. It is now a component of the FTSE 250 index and has a market capitalisation value of £1.5 million ($2 billion).
Sovereign Intelligence’s AI platform constantly investigates data and compares it against non-traditional data sources to give enterprises an early insight into vulnerabilities.
The company provide commercial and government entities smarter understanding of threats from external and internal sources through the application of deep-learning artificial intelligence and high-fidelity data from otherwise inaccessible domains.
This is used well so that the risks that cyber, financial, brand, and enterprise integrity risk are quickly identified and mitigated.
Additionally, the company’s cyber threat feeds, constantly monitors malicious actors, and uses AI to predict attacks and suggest the proper defenses.
The Ai-powered security services offered by Symantec ranges from endpoint protection to defence for email and cloud applications.
Its Integrated Cyber Defence (ICD) is based in the cloud, which allows for the integration of a variety of services for cloud, on-premise and hybrid infrastructures.
Symantec is a well-known brand, with which the general public is familiar. The company is famous for its firewall and antivirus products, but in recent years it has harnessed the innovation of AI to expand its excellence into threat detection and prevention.
Symantec also owns the Norton brand and uses that to market its consumer products to the general public. Since a demerger of its information management functions into Veritas Technologies in 2016, Symantec has become a highly focused corporate cybersecurity solution provider.
The key development at Symantec that puts it on our list of the leading AI innovators is its Targeted Attack Analytics (TAA) tool. Symantec decided to pour resources into AI research in 2014 and the results of all of that R&D is now feeding through the development pipeline into innovative products. TAA is one of the fruits of that labor.
TAA was released in May 2018. It uses unassisted machine learning to model patterns of behavior on the network and create a baseline of performance. Any deviation from regular activity raises an alert.
The AI functions of TAA sit on top of the Symantec Cyber Defense Platform, which is able to gather performance data from many points on the network simultaneously. TAA is principally integrated into the Symantec Advanced Threat Protection family of products, but it will probably eventually roll out to all Symantec cybersecurity packages.
As a publicly traded company, Symantec is an easy investment to make. The company is listed on the NASDAQ exchange and currently has a market capitalisation of $14.5 billion. It’s a component of the NASDAQ 100 and the S&P 500. As a large corporation, Symantec offers a safe investment. However, mature corporations don’t usually deliver much capital growth.
The innovative deployment of AI by the company makes it a good blend of capital-increasing risk and savings-defending stability. Symantec’s large investment in AI was a calculated risk, and after four years of intensive research, that gamble is starting to pay off.
Tanium provides customers with insight and control into endpoints including laptops, servers, virtual machines, containers, or cloud infrastructure.
The technology can help IT security and operations teams ask questions about the state of every endpoint across the enterprise, retrieve data on their current and historical state, and execute change as necessary.
Tanium also enables organisations to assess security risks and contain threats.
Tanium navigates, interrogates, and act on problematic issues, as well as detect and remediate threats, in 15 seconds, regardless of infrastructure size or complexity.
It's already being used by customers with more than 500,000 endpoints, and the newly released Version 6.5 is designed to serve some of the world's largest organisations, especially in the public sector.
The platform's natural language search capabilities allow users to search box queries for finding configuration items; for example, you would type the following to find all servers in the environment with OpenSSL 1.0.1:
The platform's performance benefits are achieved through the use of its peer-to-peer model for threat response and remediation.
Tanium's server interacts with select agent-installed endpoints, these in turn communicate with adjacent endpoint agents until the last one transmits a consolidated response back to the mothership.
Tanium is easy enough to deploy and get up to speed with. The platform sports features and interfaces typical of modern SaaS applications.
Tanium's website contains an active knowledgebase and updated repository of resources for supporting Tanium customers.
At the heart of Tanium's software is the ability to rapidly reach all endpoints throughout an organisation, which can speed up both security and IT management tasks. Tanium makes this work by organising endpoints into linear chains in which they communicate peer to peer.
It's more efficient than hierarchical systems that require servers to check in with multiple clients out at the edge of the network, said Joe Lea, senior director of product management.
How Tanium organises its linear chains of devices to deliver data as quickly as possible is part of the core technology that the company set out to create when it was founded in 2007.
Read Part 2 of this report HERE.
