Welcome. I'm Martin Ko our principle Analyst at Ko call Analyst. I'm here with rich, from SIFI and our topic today will be threat intelligence in a broader sense, and what you really need to do to successfully sort of defend yourself against the attacks and specifically defend yourself against the attack before they even occur. So welcome Ru, how are you?
I'm good Martin. And thank you very much for having me here.
Yeah,
Pleasure. And so maybe you can give a very quick intro about yourself and Sharma before we dive into the subject.
Sure. Sam founder and CEO of CMA CMA is a four and a half years old, external threat landscape management company. We kind of combine complete comprehensive view of external threats and risk towards organization. And we do that using our platform. We are like, you know, a company which just started in, in, in Singapore, but we have grown ourself globally.
Now we work with multiple companies in manufacturing to financial institution to critical infrastructure, government agencies. So, yeah. Super successful story.
Okay.
So, so when you say external threat landscape management, there are a lot of elements in external threats, the landscape of the threats, the management. So what do you see as the, or what, what has been when you started a company that's challenge you felt is hasn't been solved well yet. So what is your specialty?
Yeah, it's, it's a great question, Martin. And, and clearly this was a problem which I myself was facing before a starting site firm. So I used to be head of security for one of the largest resourcing company. And what used to happen back in those days, you had individual players who was doing threat intelligence. Some of them were doing external attack, surface management. Few of them were doing distal risk discovery.
And unfortunately, the problem was these were individual silos, which were being delivered, then a complete comprehensive view of how good or bad you look like from outside in perspective. And what we have gone about doing is we have gone about actually combining six foundation pillars of external threat landscape management, where we look at your external attack surface, which we generally call it as your dose and windows, which cybercriminals can use to get into your organization.
We then look at your know how post your attack surface looks like, how vulnerable you look like and how lucrative your dose and windows look like to, to cybercriminals. Then we give you a visibility, especially around your brand to, to sort of guide you.
Like, are you a lucrative asset for cybercriminals? Do you look very liquidity from outside perspective? Okay. We combined that with your distal footprint discovery, where we look at well, do you have any identity leaks? Do you have any data leaks? Do you have any, you know, sensitive files which has been thrown out there, which potentially cyber criminals can use to, to break into your organization.
And then we come to the fifth pillar, which is a situational awareness where we kind of give you a trend view of what is going on from cybercrime perspective in your industry, your technological stack and your geolocation from where you are operating from. And Martin plays a very important role because geo geopolitical differences, as you can see in world order today, yeah.
Is, is playing a very important role in cybercrime. And finally, we sort of tie all that up with our threat intelligence capability. So as you rightly said, we are way more than just threat intelligence. Yeah.
So, so, so at the end, it's a little take approach to reduce the sort of the species and the Sue of cybersecurity tools. By saying, we have a more integrated solution. When you talk about your points, the one thing is which I found still find very interesting is your claim is that you help organizations understand so to speak what happens at the attacker side. Yeah. So how do you do that?
So the whole thesis of our platform and the way we have gone about building this, right? So there are two guiding principles, which we always carry as, as a platform company.
One, how do we quickly give you a visibility of your, like how good or bad you look like from outside in perspective? Like, what are some of your assets, which you are carry, which are wonderful, how Polish your distal footprint looks like is your brand matter of interest for cybercriminals. So we kind of take that approach by giving you a very factual view of how sort of invasive you look like from outside in, and then combining that with adversaries interest. So looking at cybercriminals, what are they interested in? Are they looking at actually breaking into you?
Are they looking at actually exploiting your, your brand, your solution? And the way we go about doing this is we have, we have built what we call in our world as virtual agents.
So these are automated programs, which we have thrown out there in dark forum, in private communities, in languages, specific communities to deep web, to surface web. And we kind of monitor using our 900 virtual agents. The complete is schematics of internet. You can call it, okay. Now we understand almost 28 different languages on real time basis. And we collect some of these secretive sort of nuances.
You can say conversations from different parties and we bring them into our centralized platform. And we, we sort of give combining all other sort of, you know, information and we give clear insight to organization. Like these are cyber criminals who are looking at potentially attacking you.
So, so being from an attacker perspective, sort of a spy is, is aren't you then also a target of these attackers, because I think your tools are, are seen as a threat to the business model of the attackers.
You, you are so right there, Martin, like, you know, right now, if you look at it, we are monitoring almost 830 cybercriminal groups and almost 1900 cyber hacking campaigns. And we get to see a lot of love from cybercriminals as well, because of course, you know, we are busting their campaigns before they actually really realize their outcomes.
So we get to see a lot of love from them, but the way we have gone about actually building our platform, we have, we have used seven layers of defense. We have used various scattered de fragmented sort of architecture by which, you know, for somebody to actually break into our platform, it will be difficult. I wouldn't say that it's impossible. That nothing is impossible and in cyber, but yeah, it's, it's a little difficult. We have created all that resistance there.
So, so, so imagine, for instance, a customer, which is a large online retailer, so what is it, what, what you would bring to him. So would you, you would tell, okay, these credentials are out, these files have leaked, they are discussing you here, plan to do this attacks, run them against you. Is it what you deliver to them?
So let's, let's actually map this back to our six pillars. Yeah. So very first thing which will happen. Let's say we onboard a very large retail company and onboarding takes literally like 10 minutes. You're just punch in the name, you punching their domain.
The way our platform goes about sort of working is Fu first, it it'll go and create a profile of a customer. So it'll look at like which industry you're operating in, what sort of technological stack you're using, which your location you're operating from, who are the most important people in your organization. So we collect a lot of information from public sources to create your profile. Once we have created your profile, then the journey starts with a access discovery.
So we will look at what are some of the internet accessible assets, which we can see from outside in perspective, and are those assets actually vulnerable in nature?
And if they are vulnerable in nature, are there any exploits related to those vulnerabilities? Are we seeing any cybercriminal groups who are actively looking at potentially breaking into those, those vulnerabilities, then we come back to your brand, like how good or bad your brand looks like from outside in perspective? Yeah.
Then we look at your distal footprint, as you rightly said, looking at your identity, looking at any confidential file, any sensitive files, which, which is unintentionally thrown out there, or it is, it has been there out which cybercriminals can use. And finally wrapping that up with your sort of, of giving you ability to understand what is going on in your industry, your technological attack, your geolocation. And then finally, under our cyber intelligence capability, we very specifically tell you that these are cybercriminals who are looking at attacking you.
This is why they're looking at attacking you. These are the motives. What do they want from you?
Like, are they behind your intellectual property? Are they going behind your PII CII when they can attack, how ready are they to potentially attack and how are they gonna attack? Like what sort of tools and techniques or methods they're gonna use against you to come and attack you? So we give that complete visibility to organization on a beautiful looking dashboard.
So with all the insights firmer has on the attack landscape and the threat landscape, what, what is from your perspective, sort of the, the next big thread, the next big thing happening?
I think there are two points which I want to highlight here. We are seeing a very clear shift. So traditionally we have heard all the time fishing used to be one of the most important attack vector used by cybercriminals. We are clearly seeing now a shift where cyber criminals are looking at actually using defect. Defect is a new technique, which is being worked by cybercriminals.
We have seen in last four months, almost one 87% increase in charter within dark web commodities, where cybercriminals are looking at actually working towards building a new type of social engineering using using defects. Okay. Number two, what is, what is very, very interesting is now cyber crime has become investible asset model where you can actually invest now in our analysis in last 11 months, we have seen number of forums, which was launched in, in, in dark web communities, where if you would have invested $1 11 months back that would have translated today to $21,000.
So 21000% increase yeah. Or outcomes, which these assets are able to give. So our prediction is very, very clearly. Now you're gonna see normal public normal, you know, Surdis normal people getting involved into cyber crime, which means funding for cybercriminals might not be very difficult in coming days. They will get funded using virtual asset and FTS virtual currencies. You name it. So there's a lot of going on there. Yeah.
And closing question, where do you see the vision of Sharma? Where do you see Sharma standing in two years or three years from now?
See, when we started CMA, I think, you know, we called ourself as an external threat landscape management company.
And this was a brand new domain on its own because you had individual players, but we wanted to sort of bring a complete comprehensive view of how you can go about making decisions, how you can go about taking corrective actions in your cyber posture management, the way we, we see ourself couple of years from now, I think we will play a very important role in, in your cyber posture management as to how you will go about planning your, your cyber posture, what sort of tools you will require, what sort of infrastructure you will require, what sort of people capability you will require and processes based on understanding of your external threat landscape.
Okay. Got it.
Rich, thank you very much for giving these insights. I think this is a super, super interesting topic and it will keep us awake probably for a long time because cyber as hack cyber crime will not go away. So we need better tools. Thank you for provid these insights and thank you to everyone to listening to this talk. Thank you.
