A big payday could be in store for cybersecurity startups that borrow ideas from the hackers they’re trying to stop.
Cybersecurity vendors that find a way to scale technology that translates offensive security lessons into defensive techniques could benefit from an influx of venture capital funding, a panel of investors said Thursday at the 2019 Cyber Investing Summit in New York.
In practice, that could mean more efficient red team exercises, filling more open security jobs with former government hackers, or experimenting with new ways to sift through the false flags that hackers are starting to use to disguise their activities.
Put another way: Don’t expect Fortune 500 companies to start retaliating against criminals by hacking back, but deploying more inventive ways to mitigate vulnerabilities.
“We’re trying to move from being reactive to proactive,” said Bob Ackerman, founder and managing director at the early-stage venture firm Allegis Cyber and a board member at DataTribe. “You have to understand offense because this is where the playbooks are written and the expertise is developed. This is where the best engineers are developing their playbooks and expertise.”
That mentality is already powering some defensive measures at Aflac.
The insurance giant relies on a number of techniques to protect its data, like the use of Attivo deception technology for threat intelligence and the recent introduction of “automated purple team” exercises. The concept involves blending red teams, white hat hackers probing for vulnerabilities in corporate systems, and the blue team defenders trying to stop them. Aflac implemented a blended approach this year, betting that combining those processes will quickly bring in more test results about everything from Powershell attacks and malicious scripts, among others.
“The old approach was the red team going away and doing tests and then coming back with a list of finding for the blue team or an operations team to fix,” said DJ Goldsworthy, director of security operations and threat intelligence at Aflac, in an interview with CyberScoop. “Purple teaming solves the reactivity of that by bringing them together so the blue team and red team are collaborating so one can launch an attack and see if the other side can see what they’re doing.
“You can take it from a handful of exercises a month to thousands,” he said.
Venture capitalists are on the lookout for other companies that provide similar efficiency, or other value. Investors have poured some $3 billion into the security industry so far this year, according to Dino Boukouris, a founding director at Momentum Cyber. A larger slice of that pie will go toward technologies that prove to be dynamic, and change as attack techniques evolve, predicted Mike Steed, managing partner at Paladin Capital Group.
“If you do not have deterrence, then you’re going to fail,” Steed said.