Compromise Intelligence: A New Approach to Cybersecurity
Cybersecurity is always a fun topic. Everyone knows it’s important, but most only do the bare minimum to prevent attacks.
Case in point: Whenever I ask people about their tech stack, they always list a ton of free add-on apps they use.
What I hear is a list of vulnerabilities an attacker can gain access through.
And most companies are completely unaware.
But today’s guest, Karim Hijazi, sees these vulnerabilities every day. Karim is CEO at Prevailion, which provides a compromise intelligence platform that companies can use to monitor compromises to their system in real-time.
We talked about:
- What a compromise intelligence platform is (and isn’t)
- Why fighting off attackers is asymmetrical warfare
- The future of cyber insurance
What is a compromise intelligence platform?
If you don’t already know what a compromise intelligence platform is, it’s probably because Prevailion is trailblazing in this space.
Maybe it would be helpful to first say what it’s not.
There are threat intelligence, security intelligence and business intelligence platforms already out there. Compromise intelligence is different.
Compromise intelligence is specifically about understanding and knowing there is an active breach or compromise happening within an organization and identifying it in real-time.
The platform is able to provide clients this intelligence about themselves and, more importantly, about the third-party partners in their ecosystem so they can prevent their partners from spreading infections to them.
“My favorite analogy is: ‘You’re either a zombie or you’re not.’ And we’re helping non-zombies keep from getting bitten by zombies.”
KARIM HIJAZI at Prevailion
Compromise intelligence platforms look for existing compromises — as opposed to other forms of security intelligence, which usually center around vulnerabilities and possible exploitable areas.
How does it work differently?
I’m glad you asked.
It would be impossible to put an iron-man suit over the world and make it safe from all attackers — and the same is true for cyber attackers. So, instead of looking at all the exploits or each individual attack, compromise intelligence looks to the convergence point of the outgoing messages the attackers send.
Put simply: If a victim has been infiltrated, the malware in their system pulls an E.T. and phones home. Compromise security doesn’t need to find all the victims; instead, it monitors the command and control center E.T. is phoning.
This way, your organization can find out how many E.T.s are communicating with the mothership.
A dynamic and asymmetric battle
The reason this kind of platform is so valuable comes down to two main problems.
First, this is a dynamic issue, and it won’t be solved by buying the latest iron-man suit solution on the market. Unfortunately, no single product can prevent every attack because, well, the attackers keep changing it up.
And they’re usually the first to buy those products when they come on the market.
When evaluating your security, you should be proactive. If you feel safe because you’ve checked all the boxes on some security audit or you downloaded an antivirus, it doesn’t mean you are.
“Being in compliance does not mean you are secure. It just means you’re in compliance.”
KARIM HIJAZI at Prevailion
Being overly reliant on one widget or piece of tech is foolhardy. Unfortunately, there is no silver bullet for this, so you have to stay vigilant.
And this is where the other problem comes in.
The battle you are fighting is asymmetric: Your adversaries can fail repeatedly until they finally succeed. You can only fail once.
Outside of the “script kiddies” — who are probably just messing around after watching too much Mr. Robot — often, the most motivated attackers are governments of foreign countries. And they have unlimited resources and time.
This unfair advantage means you need to take this issue extra seriously. Losing a single battle loses you the whole war.
Where does cyber insurance come in?
Unfortunately, what we see now as far as insurance against cyber attacks is not wholly adequate in the case of recovering from a truly vicious attack.
While there are forms of insurance to cover breaches, which usually only inform you that a breach has, in fact, happened, the actual scope of damage from any breach is too complex for a comprehensive reimbursement model.
That’s not to diminish the insurance already on the market — learning about breaches as quickly as possible lets you respond just as quickly.
But, so far, no insurance company has really had enough data to create the actuary tables needed in order to pay out after an attack.
Compromise intelligence may be what finally changes this, though. It gives long-term data on an organization’s security, essentially providing something like a credit report for cybersecurity.
“We can give insurance companies some hard evidence on the systemic success, or failure, of an organization over time.”
KARIM HIJAZI at Prevailion
This makes insuring people against these attacks easier to quantify. Actuary tables can include things like all the malware beginnings from an organization, how clean they are or how quickly they remediate an attack.
It’s just like health insurance, where knowing how sick the patient already is, how well they take care of themselves and how quickly they change their habits when they get sick makes it a lot easier to insure them.
This post is based on a B2B Revenue Executive Experience podcast with Karim Hijazi. Subscribe to hear this episode and many more like it. For the entire interview, you can listen to The B2B Revenue Executive Experience.
If you don’t use Apple Podcasts, we suggest this link.