Thought Leaders in Cyber Security: Avanan CEO Gil Friedrich (Part 2)

Sramana Mitra: I want to go down one level. Let’s take the phishing use case. Give me a little primer on what the approach has been in dealing with phishing so far and tell me what is differentiated in your approach. What are the benefits of your approach over others?

Gil Friedrich: That’s a great question because phishing is not a new problem. Phishing was present ever since email was present. However, one big change is the data and emails going to the cloud.

For hackers, it has made it easier to compromise the accounts so that potential damage from a successful phishing attack is bigger. Now, you just need the credentials and you have access.

From another aspect, everyone that is using the same default security that Microsoft provides is easily bypassed around and now you have access to hundreds of millions of accounts. That is one side. The hacker has some advantage with that move to the cloud.

The other aspect is that the legacy providers – companies that have significant market share – didn’t implement anything for their security. For the longest time, they relied a lot on blacklisting and reputation extenders. Those don’t work in the new world where people pay $30 a month for an Office 365 or a Gmail account.

They can target your organization specifically with names and organizations that look exactly like yours. They were okay with this spray of phishing that is sent to millions of accounts. They weren’t that great with the targeted attacks.

For the targeted attacks, we introduced two things that are unique to us. The way we install, we are not the first line, we are the last line before the inbox. We really see what the breach of security was that Microsoft or Google missed.

Our entire machine learning trained on real attacks that they miss. It became good at detecting just that. We don’t care much about the spam emails out there. We care about the attacks that make it through.

The other aspect of it is that every time something does bypass the default security, our security analyst goes into the reverse engineering exercise to figure out what about that email allowed it to bypass. Unfortunately, there’s a lot of creativity and ingenuity from the hacker side where they use multiple ways and encoding methods to evolve their attacks.

What’s unique to us in that context is, we need to make sure that we are not vulnerable. Second, we use the same methods as an attack against them. We say, “Hey if you use that method, 99% of this email is an attack.” There’s no harm in send some legitimate email that comes in but then we correlate that with all the other indicators that we have in our machine learning which is what allows us to catch what everyone else misses.

This is about the algorithm and installing it inside of Office 365 and scanning the emails before it ever hits the inbox. It gives us the visibility and enforcement that is needed for a full bulletproof solution. 

Sramana Mitra: What is the current situation in adoption? Is your approach being adopted heavily in enterprise right now?

Gil Friedrich: From a growth perspective, I believe that we are the fastest growing email security vendor. We just got acknowledged by one of the largest accounting firms that covers the 500 fastest-growing companies in North America.

We also see that some of the companies that are in our industry are public, so we could see how many new customers they have. Their total is high and they have been doing it for 10 to 15 years. We exceed the number two in our market in terms of the number of customers.

At a high level, I think the transition has happened. The disruption is already on its way in terms of changing the architecture of the old email security to how it is being delivered with the cloud-based email. Four years ago, we still needed to educate the people on our approach, but today there is coverage by Gartner and others. This cloud-to-cloud method that we deploy just gained a lot of legitimacy and popularity. 

This segment is part 2 in the series : Thought Leaders in Cyber Security: Avanan CEO Gil Friedrich
1 2 3