Today, I’m proud and excited to share that I’ve joined the talented team at HYAS as CEO. After selling Realm to MongoDB earlier this year, I took some time to reflect on the current state of the world and think about the intersecting venn diagrams of (a) what software solutions were most needed and (b) what spaces were interesting to me. Not surprisingly, cybersecurity was squarely at that intersection.
I have always been attracted to the world of cybersecurity, ever since my first days learning to hack email and developing anti-spam and anti-virus countermeasures. I had the good fortune and opportunity to help setup and attend the very first MAAWG (Messaging Anti-Abuse Working Group), and I developed some of the world’s first algorithms and heuristics for detecting and preventing dictionary attacks against a provider’s email directory. I even spent time talking to mobile operators about AV and related solutions, and vividly remember being told that they weren’t worried about that attack vector. My, how times have changed.
More Complicated. More Vulnerable.
Today’s world is dramatically more complicated. The attack surface has increased exponentially with the explosion of cloud, mobile, connected, and IOT devices. I recall one famous example where hackers broke into an enterprise via a connected coffee pot on the internal network! Protecting an enterprise is now more than just closing off known access points and establishing and defending a network perimeter. Anyone trying to fend off bad actors with reactive solutions, and even many that claim to be “proactive security”, will always be susceptible to new zero day — the almost daily headlines of new breaches are the unfortunate proof of that. The key today is to detect and mitigate cyber risks before the attack happens, before the zero-day event. That’s why I joined HYAS.
A Better, More Proactive Way
HYAS looks at cyber security in a different way, and I believe it should be a critical part of any modern security stack. HYAS focuses on pre-zero-day security attribution intelligence and intent – the ability to to detect and mitigate cyber risks before attacks are even launched. It may sound like magic, but it’s not – it’s an incredibly innovative use of exclusive, proprietary, and non-proprietary data. Leveraging deep relationships around the globe, HYAS collects billions of data points daily from Internet Domain Name Servers and a wide range of other sources, and uses proprietary algorithms to identify and monitor adversaries and their attack infrastructure. Armed with HYAS, enterprises can make real-time, automated, risk-based assessments to proactively and efficiently adapt their security defenses and prevent attacks before they are launched. Post attack, threat and fraud response teams use HYAS to hunt, find, and identify adversaries, often "to the doorstep", and perform full attribution on them. Knowing the difference between a state-sponsored focused attack and being caught in a generic campaign launched by an inquisitive teen is critical in today’s world – knowing the identity of the enemy is key to stopping them.
Shining Light on the Shadows
HYAS’ threat attribution and response platform, is already used by threat and fraud teams, law enforcement, government agencies and enterprises across various verticals, and from what I have seen in my short time with HYAS, I expect it will be used by orders of magnitude more soon. Bad actors are successful in attacking enterprises because they hide in the shadows. We don’t know who they are or where they attack from until it is too late. HYAS shines a light on them, removes the shadows, and enables both their identification and attribution as well as the ability to mitigate risk and be proactive against they are likely to do next. As such, I am proud, honored, and humbled to help lead the charge with a fundamental new approach – pre-zero-day cybersecurity — that enables organizations to identify threat actors and prevent future attacks. Cyber criminals and bad actors may run, but they can’t hide from HYAS.