Yes, thank you and good morning from my site. Unfortunately I can't be on site. I was for the last days and my colleague Christine is still around. If you want to join our booth, it's on the first floor, you'll find her. My name is Tillman if I'm the sales director for the dark region based out of Munich, Germany. And I'll talk briefly about our advanced tech pass management solution during the next minutes.
So the company Exm Cyber is based out of Israel, has 20 minutes north of Tel Aviv and we were founded 2016 by former executives of the cyber defense in Israel and we're quiet by the fourth's largest retailer globally, Leland Schwartz Group in 2021. The reason is that they saw in Exm Cyber a unique solution to protect the network against real attacks. And since then we have one numerous customers in in the region and globally.
The reason for the success is that there is always a big disconnect between what you can see from the different security tools you are using in the network, be it a firewall, vulnerability management, CM and other solutions. And this siloed security leads to a situation where you see different misconfigurations vulnerabilities, et cetera. But you can't see how that all comes together from the view of an attacker like a layer over all your silos you have in your organization. And we can see that during the proof of concepts we conduct with prospects.
This is not an eye doctor's viewing test, but I hope you can see the numbers well. So 94% indicates the number of critical assets we can reach in in four hops or less during a poc, which keep in mind is still such just a simulation. So we do not deploy any malicious code.
We analyze telemetry data from the individual devices. We work with APIs in the cloud and then we can see that a real attacker would be able to reach a critical asset in for hops or less.
We can also see that in 75% of the cases, the critical assets in the way they are managed right now in the current security state can be compromised and in over 70% of the cases top tech techniques involve stolen credentials or passport hazard hazard real attacker could use. Again, we furthermore have a tool in place in which we monitor your security controls. It's called XM Observer. So we have a tech pass management and we have continuous controls monitoring and, and this is where we monitor your security controls, be it on-prem, be it cloud services or actually the entire cloud platform.
So we can let you know if firewalls, for example, work after specifications from the vendor or your own requirements.
And if you need to go through an audit, be it an ISO audit or PCI audit or whatever audit you need in your specific vertical segment, we can provide you with the full audit report for for the auditors.
So in, in a brief way, I show you how XM cyber works. You deploy a sensor on service and clients we have REST API for for the cloud. And what we do is we show you all possible communication passes towards the critical assets which have this diamon shape on the right hand side.
Yeah, this is just an example for demonstration purposes. So we show first of all, all hidden attack passes towards the critical asset and then we let you know that there might be vulnerabilities, misconfiguration, user behavior, whatever might lead to a possible and successful attack if a real attacker would enter into the organization's network.
XM cyber just analyzers data. We do not penetrate the network with malicious code. We do not stop services, we do not generate additional alarms in the S O C and we do not lay out breadcrumbs for packer to follow towards the critical asset.
But what we show you is there might be vulnerabilities which have a low ranking in the vulnerability management. There might be credential issues and other stuff which leads right towards a so-called choke point. A choke point is a device, it may be the laptop of an admin IT admin which gives the ataa quick access to a critical asset. And then we go into the remediation phase and through a reporting we let you know specifically and we start with the low hanging fruits. So this might be the choke points on how to remediate.
We suggest different ways.
We also provide linkage to MI tech database so you can read what what MIR has to say. And I know there is a friendly gentleman from San Antonio, Texas in in Berlin from mir. So we cooperate with with mir and we provide this specific information for the IT teams to mitigate the issues immediately. And so you run the scenario again and you see that specific ways are stopped and, and a real attacker would not be able to reach the critical assets of your organization, be it domain controller, active directory databases and, and you avoid a serious attack scenario.
So in detail it looks like you'll have a breach point which you define. It can be all devices with a specific EDR score. It can be your DM set, can be a specific device, it can be a whole region. And from that we show you possible tech scenarios and bres assured we always find a way towards a critical asset.
It can be a firewall with an open port, it can be vulnerability, it can be the over permissioned user. And then you have an RDP session which is opened and the AKA can use to reach a misconfigured a w s bucket for example.
And then reaches and then last attempt the compromise critical asset which might be an S3 bucket for example. Any on-premise device or any any cloud device. So Exm cyber works in a hybrid environment. It works in a pure sauce environment or in a pure on premise environment. We provide our customers with a continuous and safe attack pass management because again, we do not deploy any malicious code. We are not an automated pen testing tool. We analyze telemetry data in the cloud so there's nothing we analyze inside your network and then we provide you with a prioritized guided remediation.
And last but not least, we provide the C for example, or the head of SOC or the head of IT operations with a so-called executive summary which you can provide the board with.
So our customer see us usually get quality time with the management once a month to go through the executive summary of exm cyber to show them how the efforts went, which looks in reality pretty much like this when we start a project, you will see a lot of red colored devices, which means it could be detected and breached by a r tucker.
The color blue indicates the device can be reckoned but not breached and gray simply means the device cannot even be detected by a real attacker. And it usually takes a while depending on the size of the entire network. We have customers with over 500,000 sensors deployed. Usually it's mid-size customers up to a few thousand sensors and you go into the mitigation or remediation phase and in the end there is a few assets which can be still reckoned and breached, but they would not lead to a possible serious attack.
Be it the earlier mention to domain controller, active directory and pilot server. We have just seen an example last year where a company was breached and a huge amount of data was leaked and that can be clearly avoided. So my final slide, the mission summary, EXM cyber is a risk assessment. It models a tech passes towards critical assets and shows show and it provides you with a view which is absolutely unique with all the tools you have in place.
You cannot get this view all over your network with from the at attackers perspective, so to say we have a remediation prioritization, which means we start with the so-called low hanging fruits, which is usually the choke points. And we can link those recommendations to your ticketing system, which can be provided then to the respective IT teams. And last but not least, we improve the SOC operation because we increase situational awareness and improve the monitoring for E D R and zm.
We work very closely with all major E D R vendors and CM vendors.
We can actually detect, and we do this already in the POC phase, that there are EDR clients deployed but they are not active. And then the SOC team sees a possible attack passes which they would not detect with other techniques and it gives them the opportunity to mitigate those found issues immediately. And if a real attacker enters into your organization's network, he, she or it will not be able to reach any of your crown jewels in a way that they could compromise it and damage your reputation through this attack. That's it from my side. I think I'm still in time. Yeah. And on time.
So thank you very much. I hope you enjoyed the last day in in I see in Berlin. If you have any questions, please feel free to reach out to me now or to my colleague Christine, who's still present in our booth.
Yeah, in in the bcc.
Listen for minutes. Right. Thanks Vin.
Thank you.
Does anybody in the room have a question? We actually have one from the online audience or to kind of cut it down a little bit. Their network, they believe their network is changing every hour. So how can they be sure that with your tool they will keep up with the changes?
Yes, that's an excellent question. Because the sensor is actively looking into the data and sending ping requests with small packages, we see which communication waves have changed, what devices have changed. So I said earlier, user behavior for example, misconfiguration, all that will be detected immediately and can be recognized in a new possible tech scenario. So our tech scenarios are running 24 by seven and any changes will be reflected in in the outcome on the dashboard.
And can you actually automate the remediation
At At present we do not automate the remediation, but we are working towards this because there is a strong demand from our customers. At present we have the the reporting which you need to provide your IT teams with, but in the future there will be auto remediation as well.
Okay, great. Thank you very much. Any further questions?
Well, I guess we can just move on to our next present.
