Thought Leaders in Cyber Security: Neal Creighton, CEO of CounterTack (Part 3)

Sramana Mitra: Next, let’s talk about some of your customers. In your work with them, what kinds of threats are you able to protect them from? Get a little bit more granular and bit more technical.

Neal Creighton: We have customers all over the world. We sold products to a couple of thousands and we have three products. At the end of the day, we’re trying to stop the types of attacks you’re reading about in the newspapers. Let’s go through some use cases. One use case is an insider threat use case. We’ve all heard about Snowden and the NSA and understand that insiders can have access to very valuable information. One of our customers is a large multinational firm from which its data was being taken. They didn’t know who was doing it but it was costing them. It was costing them a huge amount of money. We were able to put our technology in.

Our technology watches behaviors of the operating system and behaviors of users. The only way to pick up a lot of these threats is to watch them over some period of time as they become malicious. We were able to pick up the insider, what data they were taking, and how they were taking it, and shut that one down.

Another use case that’s really applicable for our product is I think we are all aware of what happened to Target and how Target’s POS systems were compromised. An attacker was able to put a payload or a piece of malware on the POS system that was able to read all the credit card information in memory and send it back to the attacker. Our technology is able to watch these things. Instead of coming in like an anti-virus would and look for a piece of malware, we look at the behavior once it starts.

What we can see is the actual behavior of something scraping credit card information and sending them out. We can pick that up immediately. Most organizations pick up this type of attack maybe 200 to 300 days after it’s been in the organization. We can pick it up within minutes, if not hours, of the attack itself before the damage is done, and shut it down. We’re watching things very closely. We’re predicting malicious behavior and we’re able to stop these attacks before they sit in the network for a very long time. They need a very long time to actually do the damage. They need significant amount of time to be undetected and to get that data out. We definitely find it during that period, which we call dwell time.

This segment is part 3 in the series : Thought Leaders in Cyber Security: Neal Creighton, CEO of CounterTack
1 2 3 4