In his famous Lyceum address delivered in 1838 – his first major public address – up and coming politician Abraham Lincoln said the greatest damage to America would come from Americans themselves. “It must spring up amongst us,” said Lincoln. “It cannot come from abroad. If destruction be our lot we must ourselves be its author and finisher.”
He might have been talking to a chief information officer in a modern enterprise firm, said Idan Tendler, CEO of cyber-security firm Fortscale. “According to studies by security analytic firms, eighty five percent of all cyber-breaches involve not outsiders hacking in, but attacks from the inside, with hackers getting hold of credentials that let them get into a server and steal data.”
What that means for companies, said Tendler, is that firewalls and anti-virus software can only go so far in providing protection.
“If cyber-thieves are getting into systems using legitimate credentials, the only way we can catch them is by observing what they do and nipping suspicious behavior in the bud. Our system examines behavior anomalies to determine if something is amiss in the way users are engaging with the system, and provides reports on those anomalies to managers so they can take action immediately.”
It’s a system that would have come in handy at JP Morgan Chase, where three people – two of them Israeli – pulled off one of the biggest hacks of all time, stealing the data of 83 million customers. According to an indictment handed down last week in federal court in Manhattan, the three, according to US Attorney Preet Bharara, “showcase a brave new world of hacking for profit,” engaging in a long-term hacking conspiracy “to support a diversified criminal conglomerate. This was hacking as a business model.”
The group used accounts that they had managed to steal credentials for, using stolen data to “artificially manipulate” the price of certain stocks, as well as operating an Internet gambling business and a payment system for shady websites.
How did the group pull it off? Simple – by stealing user identities and passwords, the indictment said, as well as working with insiders who either willfully or accidentally passed information on to the hackers. “Besides stealing user credentials, there is a lot of leaking of data by employees,” said Tendler. “The employees are the ultimate ‘authorized users,’ and other than using behavior analytics like we do, there is little a company can do to defend itself from that activity.”
Fortscale’s offering is essentially a big data collection and analyst system that examines the way users interact with a computer system – network, database, financial records, or anything else – and establishes a picture of “normal” behavior, noting what files the user accesses, the times of day they are online, where the connections are made from, etc. The more interaction, the more data is gathered, and the more accurate the picture is.
If anomalous behavior us discovered – such as too many logons into a specific file, or access from an unknown location into the network – it could indicate a problem. But, said Tendler, there are often legitimate reasons for that. “You could have a situation where the CEO is on a trip and the security department is informed that he is a ‘risk’ because he is logging in from some Eastern European country – which might look suspicious, until you find out his plane had to make an emergency landing and he is stuck there for the night.”
To prevent such false positives, Fortscale hones its analysis, “passing” data through several filters and comparing it to other sources of data (such as the CEO’s travel schedule) before deciding that an anomaly really is a breach. “Preventing those false positives is very important, since each alert needs to be followed up on, and time is a limited resource in most IT departments,” said Tendler.
The Times of Israel spoke with Tendler not in Tel Aviv, where Fortscale’s R&D center is located (the company recently opened a sales office in San Francisco), but at the recent Intel Capital Global Summit in San Diego, where the world’s largest and most successful venture capital firm hosted partners and companies it has invested in, both present and past. Fortscale was one of those companies; in 2014, it got a $10 million investment led by Intel Capital and Blumberg Capital. At that conference, Fortscale announced version 2.0 of its system, which Tendler said was more accurate and user-friendly than the previous version.
As one of only five or six companies doing behavioral analytics on an enterprise level, Fortscale was courted by numerous investors who wanted to get into one of the most promising segments of the cyber-security industry – but Tendler said that he was happy that Intel Capital made the offer.
“They’re known as long-term investors, and have a good perspective on the lifetime of an investment is and the best and most advantageous exit may be.” Which means, he said, that Fortscale won’t be under pressure to sell itself to a suitor before it’s ready – if it’s ever ready, that is.
And while not promising to keep Fortscale independent forever, turning into another Israeli “unicorn” – “it’s impossible to know the future,” said Tendler – he and his investor partners are in no hurry. “It’s a long journey, and you want to make sure you have a partner that understands what you are doing, and where you want to go. I think the investors we work with understand us, and that for a lot of us, it’s not only about the money, but about a lot of other issues.”