As early-stage investors, we see a myriad of new innovations in some of the most impactful industries for the growing data economy. Our newest investment into the cybersecurity space, Binalyze (with a cool short name B!), where we led a $10M round, is one of those cutting-edge innovations that will shape the future of Enterprise Forensics.
The cybersecurity space is crowded with tools that promise to detect and respond to cybersecurity attacks. When talking about cyberattacks prevention, the space is getting even more filled. We would expect that most of the cyberattacks would be preventable with all these tools available, and if not prevented timely, they would be in general detected seconds after the attack emerges and dealt with efficiently.
But the same challenges seem to still remain for enterprises: with more data and more digital assets under management, there is a fast-growing number of severe cyberattacks, increasing length of detection times, and rising liabilities from not dealing with attacks efficiently enough. We need to acknowledge that within enterprise cybersecurity, 100% breach prevention is no longer a realistic expectation.
Cybersecurity is a massive money-hole – but is it going to do the job with its current approach?
According to Cybersecurity Ventures, the cost of cybersecurity attacks was expected to be $16.4 billion per day in 2021. Combined with the fact that the cost is doubling approximately every five years, we are facing quite a gloom future. Everyone, including Governments and Fortune 500 companies, is at risk of losing the trust of people, as the SolarWinds attack demonstrated in 2019. 60% of SMEs do not survive attacks like Black Tulip in 2011.
The attacks are also moving from privacy loss to life loss attacks like in the St Jude Medical brand attack back in 2017 when 500,000 pacemakers were recalled due to the hackers’ attack and patient death fears.
Concurrently, the cybersecurity IT budgets are growing rapidly. Gartner estimated that the Worldwide Cybersecurity and Risk Management spending (including services) was around $150 billion in 2021 with a roughly 12.5% annual growth.
With expanding budgets, it feels appropriate to ask: even with all this money going out, why do we feel each year less secure? Let us point to a few reasons:
- Assets under attack are worth $21 trillion. Even if $150 billion is spent to protect, there is a huge incentive for cybercriminals to attack under-protected assets.
- The Enterprise IT architecture is increasingly complex and hard to protect. Disappearing enterprise perimeter, distributed teams, edge devices, and complex software toolchains are all contributing factors.
- Increased pace and number of attacks mean that enterprises are generally overwhelmed. In a 2020 Sumo Logic research survey, over half of the large companies reported dealing with more than 1,000 security alerts every single day, with 93% of organizations unable to respond to all alerts on the same day (200 days response time is not unusual).
- Last but not least, there is an increasing talent scarcity in that space, and even the largest highest paying companies (like banks) are struggling to have teams of the required size to constantly monitor cyber
The logical conclusion is that what we are doing today only solves the problem to a very limited extent.
We are seeing the realization of this happening quickly for major enterprises, with a strategic shift of IT budgets from Prevention to Detection & Response.
This shift of priorities from prevention to dealing with cyberattacks, is the right direction, in our view. The next step is to get the tools and systems right so that the spending is converted into the best outcome.
The next step is getting the tools right – B! on top of the game with the Enterprise Forensics holistic approach
Spending is only remotely converted into the best outcomes in terms of minimising the effect of cyberattacks. If the tools and systems are wrong, it is still hard to discover and deal with the attack effectively.
It is important for the modern enterprise to get the equation right. At the end of the day, there is a direct correlation between the number of days spent on detecting and dealing with the attack and the cost of the attack. It took 1.5 years to detect SolarWinds going on, and 1 month to notify about it. Attack on Uber took 1 month to detect and 1 year to notify about it due to investigations. Attack on Marriott took 4 years to detect and 2 months to notify about. Let us mention that GDPR requires to notify about the attack going on within 72 hours.
When we first met Emre, the CEO of Binalyze, and the team, we were impressed by their deep knowledge in cybersecurity from their previous start-ups, and also by their intrinsic approach to the root-cause of the threat. They talked about approaching cybersecurity in a holistic way, similar to how you would think about applying antibiotics when treating a bacteria.
Bacteria develop resistance with extremely high doses of antibiotics or when you get other parameters wrong. With an analogy such as this, the team abandoned the approach where you treat each attack in a closed context of a subsystem, and instead look at the memory level at the edge. To detect the real root cause, the doctor – or a security tool – should ponder all interdependencies on the system level.
In short, we need a tool that intelligently parses information from filesystem, memory and the network, analyses this information and reports relevant parts to the central AIR server in a matter of minutes.
This might sound like an over-engineered, slow and complex tool. In reality, it’s the contrary.
Binalyze approaches this process through automation and deep memory-level analysis, so instead of a manual dot-connecting, even small teams can deal with cybersecurity incidents with ease. Binalyze can get to the cause of the incident from within minutes to a few hours at latest, as opposed to several months that it takes today due to current processes and the scarcity of human resources.
We are talking about a completely new approach to cybersecurity management here. We are abandoning more reactive way (= costly, lengthy) of dealing with incidents and moving into more proactive monitoring and on the fly detection of the root-cause.
Binalyze is effectively the next generation of Digital Forensics that enables you to see what was previously unseen and lets you use this information to change the way you fight against cyber crime, and we are more than proud to be backing them in this journey.
Emre is actively evangelising this new approach of holistic Enterprise Forensics, which in effect can replace several tools across the NIST framework that companies are deploying today, including tools for detection, response, forensics and to some extent prevention. With Binalyze’s ambitious team their highly respectable clients are better equipped than ever to address the cybersecurity threats that they face, now and in the future.