Today we are talking about a very interesting solution, it is XM Cyber , a company founded by the top executives of the Israeli cyber intelligence community, a leader in hybrid cloud security, which with its solution is transforming the way organizations identify and solve risks of security in the hybrid cloud. The solution analyzes how attackers exploit and combine misconfigurations, vulnerabilities, identity exposures and more, in AWS, Azure, GCP environments.
Here Boaz Gorodissky Co-Founder and CTO XM Cyber will tell us about the solution.
Boaz Gorodissky is a 30-year veteran of the Israeli Intelligence Community, most recently serving as Head of the Technology. In this role, he re-organized and headed technology divisions, overseeing thousands of engineers and a large-scale budget. Mr. Gorodissky began his career as a software engineer and then founded the first offensive cyber department. Mr. Gorodissky holds a B.Sc. in mathematics and computer science and an M.Sc. in computer science from the university of Tel-Aviv.
How and when was XM Cyber born?
XM Cyber was born when my former colleagues from the Israeli intelligence community, Noam Erez and Tamir Pardo, and I understood that there was a gap within the cybersecurity tooling ecosystem – there were many tools that could show attacks once they already made their way inside networks but few that could show how attackers would move through systems before they even got a foothold. This led us to the concept of attack path modeling which helps organizations see their exposures that lead to critical assets well before attackers can leverage them. With this insight, these weak spots can be remediated proactively before any damage is incurred.
How did your experience in Israeli intelligence influence the conception of XM Cyber?
The Israeli Intelligence agencies, like any other strong intelligence organizations, deal with cyber security tasks, both defense and offense, and need to find creative ways to achieve their goals. This knowledge enabled us to better understand the gap between the attacker's state of mind and the defender's approach. This gap, which we call “the big disconnect”, is the main reason for so many successful attacks.
What are the main focal points to use a solution like yours? How can it help companies improve their cyber security?
Security teams are struggling to handle massive volumes of security issues and understand what exposures are putting critical assets at risk. XM Cyber combines toxic exposures such as CVEs (vulnerabilities), misconfigurations, identity exposures, security control gaps and more to get the attacker’s perspective of how hybrid cloud environments can be compromised.
By mapping all possible attack paths onto an attack graph, and doing smart analytics on the graph, organizations gain context of risk towards critical assets that helps teams understand what’s most at risk and needs fixing. And by understanding context, issues can be accurately prioritized, to focus on remediating the exposures where attack paths converge. This allows for productive remediation that reduces risk in the most cost-efficient manner.
How does your platform work? What are the main steps involved in simulating attacks and assessing systems resilience? What types of attacks can your solution simulate?
The XM Cyber platform works internally and automatically in several stages to create the best ROI for our customers.
- In the first stage we find all exposures (CVEs, Credentials, wrong permissions, misconfigurations…) in the environment.
- In the next stage, the platform can compute single lateral moves from different entities.
- The third stage is where the system combines the single lateral moves to form attack paths toward critical assets
- The fourth stage is where graph analytics is performed and choke points (places where many attack paths cross through), are determined.
- The fifth phase is to compute the best possible remediations that can be done in order to eliminate the choke points with clear step-by-step guidance to make it easy for teams to implement the fix that fits them best.
- The last stage validates that the fixes reduced risk, reports how security posture has improved and how this trends over time so it can be communicated to the board and operational teams.
In order to provide the most accurate results, our research team continually maintains a huge attack arsenal, containing all possible attacks that can be used. The types of attack techniques we cover range from those a less sophisticated attacker could perform to those that could be performed by the most sophisticated APT cyber criminals’ groups.
In terms of addressing system resilience, we zero-in on a 3-part program of continuous remediation, consisting of:
- Quick Wins – These are things that can be taken care of quickly but will make a significant impact on security posture.
- Medium Term Projects – For example, configuration audits, which take time to address properly.
- Mid-Long-Term Projects –These are holistic, root cause problems and organizational issues that create high risk. They take a significant amount of time to address but will make a very large impact on the security posture.
This approach, which we have been using for years, dovetails with Gartner's recently released Continuous Threat Exposure Management (CTEM) framework and has been instrumental in helping our customers become more resilient on a continuous basis.
What are the main threats that are countered by this solution?
We focus on reducing exposures that create risk. Many tools/approaches focus on CVEs and vulnerabilities, but this approach leaves many issues unaddressed. We look at credential issues, infrastructure and Active Directory misconfigurations, overly excessive permissions plus the traditional CVEs to understand the environment and the attack paths created by these issues. This way organizations can extend beyond issues that may be exploitable in the wild to understanding what actually exists on attack paths in their environment and needs solving.
How do your solutions integrate with companies' existing IT environments? Are there any special requirements or challenges you face during implementation? How does your support team address these challenges and support customers through the adoption process?
Deployment of the solution is very easy and we have a team that is there to support every step of the way. Our platform is a SaaS tool, so there is no need for any complex installation on customers' environments. To understand on premises environments, we use lightweight sensors, and we analyze cloud environments via API. We support Windows, Linux, MacOS, AD, AWS, AZURE & GCP. The platform works continually and can analyze the effects of any change in the environment, and is operationally quiet and safe.
We have a proven track record of working seamlessly with large-scale complex and prestigious organizations within hybrid environments.
What are your future plans for the improvement and development of XM Cyber? Are there any new features or features you are working on introducing?
We are always working towards continuous improvement and expanding capabilities. That may sound cliche but at XM Cyber, we really mean it – for example, less than a year ago we acquired Cyber Observer, a Cloud Security Posture Management vendor. And just a few months ago we acquired Confluera, a cloud extended detection and response (CxDR) vendor.
In general, we believe very much in the ability of the attack path management to dramatically improve the way organizations secure themselves, so we continually invest in improving our core technology and continue to be the leader in this market. But at the same time, we continuously add more capabilities to create a platform with more functionality that can be used for vulnerability assessment & management and be a complete cloud security platform.
How do you see the future of Cyber Security?
There’s no doubt that cyber security will continue to be one of the most important subjects. The world will continue to be more and more digitized and connected. It opens more opportunities for cybercrime, without a huge investment on the part of the attacker. At the same time, it can be used by nation-state backed groups to achieve their goals. The challenge facing the defenders will be bigger: huge and complex systems, rapid changes, lack of skilled human resources and more.
