It’s been a year full of significant milestones for David Barroso, CEO and Co-founder of cybersecurity startup CounterCraft. We spent just half an hour with the man in very high demand before he headed off to his next industry conference and penultimate event of the year in Brussels.
So, David, to get us started, how would you sum up deception technology in 280 characters?
OK! I’m glad Twitter extended their character limit…here goes. Deception tech enables you to be one step ahead of attackers. It’s a much more proactive approach to security strategy. Through using deception, we can change mindsets; instead of building walls, we can be more proactive and detect attackers as soon as possible. How did I do?
260 characters, you’ve even got room for a hashtag! Next question, what’s the current appetite for investing in deception technology as a cybersecurity solution?
This is something that has increased a lot recently. Customers and partners are looking for new products to detect cyber attacks and understand more about them, and deception certainly helps to achieve this. There is interesting debate going on right now about whether analytics or deception tools are more valuable when searching for unknown unknowns; our technology and our customer uses cases prove that CounterCraft delivers more value and requires less effort; efficiency features very strongly in our product vision and roadmap.
Customers and partners are seeing the results that deception technology delivers, developing greater trust in its ability to support their security strategy, and have a keen desire to expand on its use. This is a huge change when we reflect on 2017 and earlier in 2018.
And as a business?
The answer is similar actually. The appetite is largely down to that fact deception is still an emerging technology, and people are looking for innovation and a strong differentiator. Most days there’s a new headline about a security breach, so investors rightly anticipate huge market growth and are eager to invest. And as more and more providers raise strong rounds of investment, deception is starting to form a security vertical of its own.
At the beginning of 2018, CounterCraft celebrated another round of investment and you recently marked three years since the business launched. What are your three biggest successes or biggest learnings to date?
I don’t need to think very hard about this one. One of our biggest successes is the team we’ve built. Attracting and retaining the kind of talent we have is difficult because everyone is looking for it. Second would be sticking to our original vision, which is just as valid now as it was three years ago and much of our success is down to that. Third, thinking big and competing with the global market from day one. We’ve always been a global player, even though we’re the smallest company in our sector.
So what differentiates CounterCraft?
Definitely the vision and the product itself. We’re still trying to create a new market that is cyber counterintelligence by differentiating ourselves from a saturated market of security solutions focused on networking or securing organizations purely from an inside out point of view. CounterCraft boasts a broad and advanced set of features that deliver something extremely useful for cyber deception, threat hunting and counterintelligence campaigns.
With exception for the previous question, what do you get asked the most?
No matter whether it’s an industry conference or a customer meeting, people always ask “what type of attacker are you finding?” They’re interested in whether it’s employees, APT, nation state sponsored attackers, competitors, or criminal gangs. They want to know the detail about specific incidents. I guess deception really offers a level of insight previously never seen or talked about.
Your diary is always full of international speaking engagements. What do you enjoy talking about the most?
For me, it’s sharing the latest on the various new approaches we’ve developed and the new deception campaigns that we’ve created. Many of our most innovative features are as result of strong collaboration between our customers and the team. As a CEO, I’m lucky. We’re always hearing fantastic feedback. Talking about real case studies of ours is easy, and people really do love it. You should see the looks on their faces!
How would you describe 2018 in terms of the deception tech market? What advancements and level of adoption have we seen?
This year everything has increased. More and more people are exploring deception technology and looking at ways to adopt it. Deception is an essential threat hunting tool and the demand is increasing as these new teams form and grow. 2018 This year has been better than ever for deception, and I predict 2019 will be one of the best yet.
In light of the dynamic and complex threat landscape we face, what are the three main use cases for the CounterCraft Cyber Deception Platform?
Threat hunting is definitely top of the list. These days, uncovering adversaries and the point at which an attack began is like looking for a needle in a haystack. Every single day, companies are being targeted and experiencing millions of security events. New methods to investigate suspicious activity are required. Breach detection is also a very topical use case – you don’t need to look much further than the 2018 Ponemon Institute Cost of a Data Breach Study and today’s headlines to know that the risk of a data breach is increasing every day. Associated costs are reported to have increased by over 6% compared to last year, which should alone be a compelling reason for organizations to seek solutions that enable early detection and provide actionable insights that facilitate mitigation and reduce overall losses.
Thirdly, and perhaps a more common example, is cyber espionage. This is about recognizing the value of confidential information and protecting the jewels in the crown from both internal and external attackers. It doesn’t matter which vertical your organization occupies, every company has something they need to protect and in every cyber attack reported, someone at some stage in the attack lifecycle was able to steal information.
How does the role of the threat hunter revolutionize enterprise security defence?
The ‘threat hunter’ is helping to change the way in which security teams face all types of incidents. Many large organizations are totally overwhelmed by the number of events, or security incidents, that are happening every day. The problem is that most of them are still focused on detecting the most common cases and they’re only seeing the tip of the iceberg. Threat hunting enables SOC teams to focus on real incidents using hypotheses and automation. We’re hearing more about ‘black swan’ incidents; when a security event looks small but has potentially catastrophic outcomes. Every company is understanding the need to invest in this.
So, we’ve got three more minutes and two more questions! In your opinion, what is a priority for 2019 in terms of the cybersecurity market?
The security market is cyclical. We’ve heard a lot about protecting endpoints, and there’s a lot of hype around AI, but in reality, very few companies are using AI or getting results from it at the moment. Threat hunting is certainly something we’ll hear more about, and in the context of threat hunting, everything that correlates to the MITRE Att&ck Matrix™. Everyone is looking to this now to help discover what exactly is happening.
And in terms of the CounterCraft roadmap?
This summer we integrated the MITRE Att&ck Matrix into the CounterCraft Cyber Deception Platform. We’re going to continue working on this, and we’ll focus on integrating with other vendors too, including orchestration, EDRs, to form alliances and formal integrations. Something that’s very important to us is the credibility of all of the assets available within the platform. Our deception campaigns include the deployment of a wide range of endpoint assets, so it’s important that these don’t become static. If it looks like no one is logging in regularly and nothing is happening, adversaries in our synthetic environments will become wise to it. We’re working on simulating human interaction to maintain the highest level of credibility possible.
You may know already that we’re increasingly working with MSSPs, so we’ve already made a number of changes to the product to ensure it’s MSSP-friendly. We’re focusing on efficiency so that we can support a number of customers from the same console and eliminate bottlenecks.
What other emerging cybersecurity developments are you keeping an eye on?
Some companies are starting to release adversary simulation products. This, of course, fits very well with what we do. We are the blue team, they’re the red team. We want to explore how we can engage with attackers using AI. So I guess when I said companies aren’t really using AI yet, I wasn’t talking about CounterCraft!
Efficient as ever, David wrapped up our session with just seconds to spare. What fascinating insights into the emerging deception technology market, the rise of the threat hunter and the secrets to success from the mind behind CounterCraft. If you’d like to know more, follow David on Twitter and LinkedIn, and stay tuned to find out where CounterCraft is headed in the next few months for a chance to meet the man himself.