We attended RSAC 2024 in San Francisco from May 6-8. Our days at the conference were packed with back-to-back briefings.
Here’s some notes on our briefing with David Ratner (CEO) of HYAS Infosec. The briefing was organized by Dan Chmielewski of Madison Alexander PR.
Key takeaways from our conversation and some subsequent research:
- David joined HYAS four years ago after the Series A funding round. David previously worked at several firms that we hadn’t heard of in 20 years – such as Software.com and Openwave. Wow, they were good days.
- As a principle for cybersecurity, David is more attracted to resilience than prevention. David said that all the major systems we rely on during daily life are built around resilence, while most cybersecurity strategies put prevention (stop and block) at the center. If resilience is embraced as the core principle in cybersecurity, then the consequential goal is minimizing the impact of any adversarial action. While David didn’t use the term (at least, according to our notes), the common sayings in cybersecurity of “assume breach” and “when not if” reflect the reality of the fundamental principle of resilience.
- HYAS offers three core offerings – Protect, Insight, and Confront.
- HYAS Protect is a protective DNS offering for the corporate environment, which leverages threat intelligence data in decisions on all DNS responses and queries. For example, if traffic to malicious domains, IP addresses or nameservers is detected – based on threat intelligence data – such traffic is blocked. This puts in place an internal defensive mechanism to stop users, devices and servers from interacting with known-bad infrastructure and thus preventing interaction with command and control infrastructure used by threat actors. If the infrastructure is atypical or abnormal based on usual DNS patterns, that too is highlighted – so decisions can be made on validity.
- HYAS Confront offers the same protections for production traffic, spanning data centers, cloud, multi-cloud, and hybrid environments. Based on continuous analysis of normal behavior, Confront detects when internal actors start acting badly or malicious external parties breach current security controls.
- HYAS Insight is different. It combines threat intelligence with investigation capabilities, so security and fraud investigation teams can identify where are attacks are coming from, map the threat actor’s infrastructure, and have better insight on how to respond. While security and fraud teams can run such a program themselves with HYAS Insight, HYAS also has a team of experts able to assist customers with investigations (HYAS Intelligence Services).
- HYAS is exploring how AI can be used by adversaries to power threat campaigns. They have released a proof of concept for AI-synthesized, polymorphic, and fully autonomous malware, along with another proof of concept for how LLMs can be exploited by a polymorphic keylogger that evades EDR detection. See EYESPY and BlackMamba for details.
For more, see HYAS Infosec.
Leave a Reply