Briefly define your product?
CYFIRMA is threat discovery and cyber-intelligence platform company. We are a Goldman Sachs portfolio firm and have been helping companies and government agencies with their cyber threat intel for close to four years now. We are a team of cyber researchers and we use our platform called DeCYFIR to decode impending threats. Via the platform, we will connect the dots to provide clients full contextual details on their threat landscape. Our intel would provide the following insights – who is the threat actor, what assets of yours he is interested in, why is he interested in you, when is he mounting an attack, and how does he intend to do so. The insights we provide to clients would attribute threat, campaign, motive, and method. This is what we define as quality cyber-intelligence.
What are the key problems you solve for today’s businesses?
The unabated tide of cyberattacks and data breaches have continued, and in fact, escalated, in recent times. And this is in spite of the vast number of security controls, software, and solutions that are abundantly available in the market.
The threat landscape is fast evolving and cybercriminals are moving quickly to take advantage of global events. The traditional approach to cybersecurity without quality cyber-intelligence will always leave security professionals blind-sided to the threats that are coming from the outside.
With a wealth of experience of over two decades across various facets of cybersecurity, CYFIRMA Chairman & CEO, Kumar Ritesh, had identified important gaps in the global cyber threat intelligence market:
- Cyber intelligence companies were operational-intelligence focused. Strategic and management intelligence were being overlooked, and they are equally important to manage the evolving cyber threats and risks.
- Most organizations were still ‘reactive’ to cybersecurity events occurring in and around their surroundings. Prudent cyber threat intelligence and insights should have provided proactive cyber posture management by identifying threats at the planning stage of cyberattacks. Read Ritesh’s views on ‘events-based’ vs ‘intelligence-based’ approach to cybersecurity here.
- To strengthen cyber posture and to effectively prevent data breaches and cyber attacks, companies need to have a complete view of their threat landscape and this means the ability to correlate and attribute hackers to campaigns, motives, and methods.
To bring in the Outside-in view and address the industry challenges of making cyber posture management intelligence-driven, Kumar Ritesh founded CYFIRMA in December 2017.
CYFIRMA assists organizations to understand correlated view of current threat landscape – threat actors to IOCs journey, insights into new emerging threats and digital risks, situational awareness of global and local cyber events; and automatically apply intelligence into cyber posture management.
Our unique approach of presenting risks and threat indicators at the planning stage, versus the execution and exploitation phase of a cyber-attack, provide us an edge in proactively identifying indicators that can become threats. This predictive capability is much-needed to solve the challenges faced by cybersecurity teams today.
Who are your customers? And why do they need your product?
We have been doing work for Fortune 500 companies and our client-base includes high-tech manufacturers (where hackers, state-sponsored or otherwise are keen on IP and R&D data), national broadcasters (where hackers want to bring down for geopolitical reasons), major chain retailers (hackers’ motive to create business disruption and steal PII and FII), critical infrastructure (state actors and hacktivists target for geopolitical supremacy or to forward an agenda).
Our clients include government bodies, Fortune 500 MNCs, and commercial businesses. A couple of named clients are Mitsubishi Corporation, Toshiba, NEC, Suntory. We market to clients from all around the world.
With whom does your product compete in the market? How is it different or unique from others?
CYFIRMA has pioneered the “Outside-in” view of predictive cybersecurity.
Data collection from multiple discrete sources – 900+ Anonymity Networks in the deep/dark web
- Open/Closed Sources
- Government Intelligence
- CERT, ISAC, CIRT
- Commercial/News Forum
- Social Platforms
- Peer-to-peer Channels
- Dark/Deep Web Channels
Automated filtering and analysis of the collected data. Apply analytics using AI/ML engines as follows
- Associating threat attributes
- Co-relating with client’s IT/OT assets
- Identify, map active hackers in the client’s industry, upcoming cyber-attack, vulnerability, digital risk
- Finding threat indicators in structured and unstructured data including the deep and dark web
- Performing client & industry-specific risk scenarios
Disseminate insights specific to organization, industry, and geography
- Real-time Dashboard
- Correlated view of the external threat landscape
- Holistic user experience with an ability to slice, dice and refer any data point across the platform
- API integration through known industry protocols
The analysis that comes from CYFIRMA’s platform takes into consideration the client’s industry, geography and technology. This means the insights provided would always be fully relevant and actionable.
CYFIRMA has made cyber posture management effective, efficient, and predictive by allowing cyber-intelligence to be consumed across three levels – Strategic, Management and Tactical.
Who are your product users? What are the different use cases of the product?
Our users include the security operations team, security management team, chief security information officers, and chief risk officers.
- With data breaches and hacks making headlines around the world on a daily basis, the role of the Security Operations team and the Security Operations Center (SOC) has become more indispensable than ever. This specialized unit tracks, identifies, investigates, and responds to cyber threats on a 24×7 basis.
DeCYFIR is the ideal ally and an authoritative source of threat intelligence to your organization’s security operations outfit.
- Provides details on ‘WHO’, ‘WHAT’, ‘WHEN’, ‘WHY’, and ‘HOW’ of an impending cyber-attack
- Reliable, actionable and context-rich intelligence from DeCYFIR helps the SOC team to reduce the number of false positives and inefficiencies of sorting through invalid and low-priority alerts
- Rapidly identify alerts associated with relevant threats to the organization
- Automated analysis of attack evidence with attribution to potential hacker group, their motivation, and objective of the attack
- Helps secure the operating landscape with faster decision making
- Actionable, timely, contextual, and customized insights help empower SOC teams to avoid similar incidents in the future.
At the helm, the Security Management team is responsible for crafting and implementing the policies and procedures to keep the organization’s assets- including its products and services, people, critical information, the overall infrastructure, and its brand value and reputation – safe from external as well as internal threats.
Security Management team relies on DeCYFIR to keep business up and running 24X7. The platform’s Risk View and Risk Dossier provide unparalleled insights for decision-making.
- DeCYFIR’s platform provides Risk View and Risk Dossier so that Security Leaders can leverage these insights to enhance communication with the board and external stakeholders about the company’s threat and risk profile – and staying in sync with the evolving threat landscape.
- It helps in clear evaluation and determination of the enterprise’s risk appetite and plans the corresponding initiatives.
- Improve transparency in decision making around cybersecurity budget allocation.
- Improves effectiveness and efficiency in compliance with applicable statutory, regulatory, and other mandatory requirements.
Chief Information Security Officer (CISO)
Security leaders must be both strategic and tactical while bridging between business and IT. Equipped with technical expertise and leadership skills, the CISO understands his or her company’s operations and articulate security priorities from a business perspective.
DeCYFIR is a comprehensive decision toolkit consisting of Threat View, Risk View, Risk Dossier, and trend analysis for the CISO to develop credibility and trust amongst senior leadership and board members. With DeCYFIR, the CISO will be able to attain the successes illustrated below.
- Gathering insights into cyber threats and risks applicable to an organization, its industry, and geography.
- Offering reliable, strategic, actionable intelligence to help the CISO Identify and prioritize risks based on threat intelligence that’s relevant to the enterprise.
- Enabling early identification and treatment of undesired cyber threats and risks, thereby reducing costly surprises.
- Assessing the risks of new business initiatives with confidence.
- Ensuring better strategic decisions on security budgets and staffing.
- Responding effectively to incidents through a better understanding of threat actors, their tactics, techniques, and procedures.
- Helping him or her keep the top management aligned about risks, threats, security preparedness, and responses.
- Ensure security compliance, keeping all aspects of security controls up to date, manage all cyber risk.
Chief Risk Officer (CRO)
A CRO leads efforts to reduce business risks that can put an organization’s profitability and productivity at risk. Tasks with the identification and analysis of events that could threaten a company, the CRO will find the DeCYFIR cyber-intelligence analytics platform with detailed Risk View and Risk Dossier analysis the perfect risk-mitigation solution.
- Effectively manage risk register using real-time threat intelligence
- Enabling early identification and mitigation of cyber threats & risks.
- Helping to effectively monitor the organization’s cyber risk profile and reduce costly surprises.
- Enabling effective inclusion of risk management in decision making using Strategic, Management, and Tactical intelligence.
- Establishing rigorous strategic planning using structured consideration of threats and associated risks.
- Prompting the management to enhance communication with its Board and external stakeholders about the company’s threat and risk profile in line with the evolving threat landscape and plan corresponding cyber risk management initiatives.
Any winning case studies you would like to highlight?
We have assisted many companies in their fight against cyber-crime as well as thwarting cyber-attacks at a national level.
Here’re two of the most recent cases:
We have recently cracked the case of a Global Phishing campaign by N. Korean Lazarus Group. The targets were over 5M email IDs, 6 nations, and trillions of government financial support in aid of businesses and citizens affected by COVID-19 economic fallout. The 6 nations CERT authorities (include US Department of Defence) verified the threats and issued alerts to their respective populations.
Here are a few news snippets:
Our team is currently in the midst of sharing our insights and findings related to the China-India border conflict at Ladakh. The activities from Chinese state groups like Stone Panda and Gothic Panda have increased dramatically. We have uncovered a list of targets and have similarly shared with Indian CERT.
How does your product work?
Follow the link below to understand how our product works
What have been your top product or growth challenges lately? And how are you managing that?
As a disruptor in the cybersecurity space, CYFIRMA’s biggest challenge has been to educate organizations about the ineffectiveness of the traditional approach and layered defenses. Expounding,
- With the evolving cybersecurity landscape, establishing the fact that the way of the past is not effective was a long-drawn journey via conversation and POCs with organizations.
- A perception change was needed wherein most organizations continued (and still continue) to focus on internal protection, building barriers to keep hackers out — an ineffective approach in the face of constantly evolving attacks and the cybersecurity landscape.
- The concept of a threat correlated ecosystem to provide the ability to search, correlate, analyze, and provide insights into emerging threats on a single platform; it was alien and farfetched.
- Incorporating the missing Strategic and Management intelligence with insights into WHO, WHY, WHAT and WHEN of a cyberattack, was not easy.
We continue to educate the market on what defines ‘quality’ cyber-intelligence.
What’s ahead on your Product Roadmap?
We have mapped out a comprehensive product roadmap that covers all aspects of cybersecurity, all with an intelligence-driven approach as the foundation of our innovation. In the coming months, the product will include more functions and further integration with other third-party technologies.
The Maker behind the product
CYFIRMA Chairman and CEO, Kumar Ritesh, has 2+ decades of global cybersecurity leadership experience across all facets of the cybersecurity industry. He spent the first half of his career as the head of a cyber-intelligence agency, gaining first-hand cyber threats and risks insights on a global scale before transitioning into the commercial arena as a senior executive for multinational corporations such as IBM and PwC. Ritesh was also the global cybersecurity leader for one of the world’s largest mining companies, BHP Billiton. A highly dynamic executive who successfully blends technology expertise with business acumen, Ritesh has a strong track record of developing successful cybersecurity strategies, products, policies, standards, and solutions, in addition to running complex cybersecurity programs.