The IT Nerd

StrikeReady, an AI-driven security company, has swept the Cyber Defense Magazine 11^th Annual Global InfoSec Awards during RSA Conference 2023 in the categories of:

• Most Innovative Applied Artificial Intelligence in Cybersecurity
• Hot Company Security Orchestration, Automation & Response (SOAR)
• Publisher’s Choice Threat Intelligence Management
• Editor’s Choice Virtual Assistant for Cybersecurity

The most recognized security product and service industry-wide with over 60 awards and honors, StrikeReady CARA stood out with its innovative AI-based Virtual Security Assistant, which provides context-based responses and actions by leveraging underlying embedded technologies, such as threat intelligence platform (TIP), breach and attack simulation (BAS), SOAR, and more. StrikeReady has always envisioned that conversational AI is the foundation for empowering cybersecurity analysts. With ChatGPT coming into the limelight, it has reinforced their belief that AI-based assistance will be the biggest disruption in cybersecurity. They are the only company offering this solution.

The judges are CISSP, FMDHS, CEH, certified security professionals who voted based on their independent review of the company submitted materials on the website of each submission including but not limited to data sheets, white papers, product literature and other market variables. CDM has a flexible philosophy to find more innovative players with new and unique technologies, than the one with the most customers or money in the bank. CDM is always asking “What’s Next?” and looking for best of breed, next generation InfoSec solutions.

StrikeReady, an AI-driven security company, has won the Business Intelligence Group’s Artificial Intelligence Excellence Award in the Natural Language Processing category for the second consecutive year. Out of 52 product winners, StrikeReady was the only company in the cybersecurity industry to be recognized for demonstrating excellence and innovation in using AI. 

The most recognized security product and service industry-wide with over 60 awards and honors, StrikeReady CARA stood out with its innovative AI-based Virtual Security Assistant, which provides context-based responses and actions by leveraging underlying embedded technologies, such as threat intelligence platform (TIP), breach and attack simulation (BAS), SOAR, and more. StrikeReady has always envisioned that conversational AI is the foundation for empowering cybersecurity analysts. With ChatGPT coming into the limelight, it has reinforced their belief that AI-based assistance will be the biggest disruption in cybersecurity. They are the only company offering this solution.

The Artificial Intelligence Excellence Awards honor companies that have demonstrated excellence, innovation, and leadership in using AI to improve their products and services. Winners are selected by an independent panel of judges who evaluate the nominees based on their AI technologies and their contributions to the AI industry.

An AI-driven security company, StrikeReady today announced it has been named a winner of the Security Today Product of the Year Award in the Risk Management Software category.

StrikeReady was selected for outstanding product development achievement considered to be particularly noteworthy in its ability to improve security. In the 14th successful year of the independently juried contest, winners were honored in 47 product award categories.

StrikeReady Inc. is a cybersecurity startup based out of California. The company was founded in 2019 and offers the industry’s first cloud-based security operations and management platform that enables organizations to increase the effectiveness, efficiency, and affordability of their security operations, while empowering and augmenting cybersecurity teams with institutional knowledge and automation. I’ve covered this really cool offering previously here.

StrikeReady is backed by several Bay Area VC firms, along with executives from FireEye, CrowdStrike, Zscalar, and others.

StrikeReady has won numerous awards and mentions in the short time that it has been in existence, including Security Today’s Product of the Year Award 2022, CRN 2022 Emerging Security Vendors, Global InfoSec Awards 2022, Intellyx 2022 Digital Innovator Award, 2022 Govies Awards, 2022 CODiE Finalist Best Emerging Technology, 2022 Artificial Intelligence Excellence Awards, 2022 Cyber Security Global Excellence Awards, 2022 Cybersecurity Excellence Awards, 2021 CyberSecured Awards, American Security Today ‘ASTORS’ Homeland Security Award 2021, Security Today’s Product of the Year Award 2021, Globee’s Disruptor Award 2021, and CB Insights 2021 Cyber Defender.

Last week, I had a chance to get a briefing from a company called StrikeReady about a product called CARA which stands for Cyber Awareness And Response Analyst. Before I get to what CARA is, let me define the problem so that you can understand why CARA will make such a difference.

Right now it’s insanely difficult to get people to work as part of cybersecurity teams. And even if you get the staff, chances are that they are going to be on the junior side where experience may become the difference between catching a threat before it becomes a problem and not. On top of that, they have a ton of tools to work with and manage. In other words, cybersecurity teams have a lot of balls to keep in the air and that is difficult at times, if not impossible.

This is why CARA can make such a difference. CARA can:

• Allow team member to ask questions in a conversational style like “what is Emotet?”
• CARA will then answer the question within the context of cybersecurity rather than the context of Google and will include the latest information that is relevant to you and your environment. And on top of that, CARA can also check a variety of tools within your environment to see if your question is one that perhaps affects your attack surface. For example if the check of your tools reveals that you are open to being pwned by Emotet, it will let you know.
• The next thing that CARA will do is help you to secure your environment using the tools that you have by offering remedies and mitigations that it can apply with your permission. I should note that CARA comes out of the box with a large number of integrations with popular cybersecurity tools such as Crowdstrike, IBM Qradar, and FireEye. And if you are using something that isn’t in the list of integrations, StrikeReady can help you get that tool supported by CARA within a two week or more timeline depending on the tool in question.
• CARA can also independently monitor for threats and report on that in ways that ensures that you will action the most important info first.

In short, CARA is part of your cybersecurity team. Only CARA is working 24 hours a day to keep you safe.

This will make life much easier for cybersecurity teams. And I the demo that I got on it by Anurag Gurtu, who is the CPO of StrikeReady impressed me. For starters, he showed me how CARA processed conversations by having a debug menu on the screen the entire time. Typically, we in the media don’t get to see how the sausage is made so to speak, so the fact that he was willing to show that to me was pretty cool. Second, seeing him walking through a workflow of a cybersecurity analyst looking for information on Emotet by asking CARA about Emotet, and then having CARA show information on Emotet as well as the attack surface that existed in his demonstration environment was impressive. Then being able to reduce the attack surface with a few clicks via the tools that you already own and CARA is set up to use was equally as impressive. I can see how companies who use CARA are going to be in a much better position to respond to cyber threats than those who don’t.

CARA is a Software As Service offering that is aimed at companies that are a few thousand employees in size or bigger. That’s because companies of that size are often more mature when it comes to cybersecurity because they have tools like Crowdstrike, Radar, and FireEye at their disposal. Smaller companies typically don’t, and I would suggest that this should be a message for smaller businesses to up their cybersecurity game as I believe that they could benefit from CARA.

I’ve scratched the surface as to what CARA can do. I encourage you to look at StrikeReady’s use cases and case studies to really go in depth as to why CARA is a potential game changer for cybersecurity.

StrikeReady, a cloud-based security operations and management company, announced today that it was named a 2021 ‘ASTORS’ Homeland Security Award for Best Threat Intelligence Solution by American Security Today.

The Annual ‘ASTORS’ Awards, now in its sixth year, is the preeminent U.S. Homeland Security Awards Program, highlighting the most cutting-edge and forward-thinking security solutions coming onto the market today. The program is specifically designed to honor distinguished government and vendor solutions that deliver enhanced value, benefit and intelligence to end users in a variety of government, homeland security, enterprise and public safety vertical markets.

American Security Today (AST), the ‘New Face in Homeland SecurityTM’, is the premier digital media platform in the U.S. Homeland Security and Public Safety Industry, focused on breaking news and in-depth coverage of the newest initiatives and hottest technologies in physical & IT security on the market today. AST highlights the most cutting-edge and forward-thinking security solutions across a wide variety of media products delivered daily, weekly and monthly to over 75,000 qualified government and security industry readers, essential to meeting today’s growing security challenges to ‘Secure our Nation, One City at a Time™’. To learn more visit www.americansecuritytoday.com, or contact AST by email at mmadsen@americansecuritytoday.com or phone 646-450-6027.

StrikeReady Inc. is a cybersecurity startup based out of California. The company was founded in 2019 and offers the industry’s first cloud-based security operations and management platform that enables organizations to increase the effectiveness, efficiency, and affordability of their security operations, while empowering and augmenting cybersecurity teams with institutional knowledge and automation.

StrikeReady is backed by several Bay Area VC firms, along with executives from FireEye, CrowdStrike, Zscalar, and others.

StrikeReady has won numerous awards and mentions in the short time that it has been in existence, including American Security Today ‘ASTORS’ Homeland Security Award 2021, Security Today’s Product of the Year Award 2021, Globee’s Disruptor Award 2021, CB Insights 2021 Cyber Defender, and 2020 Red Herring’s Top 100 North America Award. Connect with them at www.strikeready.co.

By Anurag Gurtu, CPO of StrikeReady 

As we foray into the second decade of the 21st century, it’s worth looking at what cyber-security might be in 2022. What are some possible predictions? How will this industry evolve and change to keep up with more sophisticated hackers and cybercriminals?

Over the years, the rise in cyberattacks’ sophistication has become more significant. We all know that in 2021, one of the worst things was when Colonial Pipeline suffered a cyber attack that caused fuel shortages across much of their East Coast. This event had significant consequences for America and its people. Microsoft Exchange also got hacked last December, resulting in denial-of-service attacks that paralyzed many operations around North America (and even Europe). There were some more types of attacks leaving some negative impact, and this is inevitable.

I believe that in 2022 the hackers will become more sophisticated and take advantage of the current geopolitical climate. My biggest concern is that hackers have speedier access to newer technologies and organization won’t be able to keep up with them. And if things continue this way in the coming years, it’s definitely going to disrupt several normal business flows – if not a total business ruin. Hence, it is now important to stay ahead of such threats. By being proactive, every organization stands a better chance against cybercriminals seeking to take advantage of loopholes. In this regard, here are my top cybersecurity predictions for 2022 that every business needs to be aware of. 

• Digital Cyber Analyst

The coming year is expected to be most challenging concerning the ongoing cybersecurity talent crunch. Among the factors responsible include digital transformation initiative, accelerated adoption of hybrid cloud, and post-pandemic projects ramping up. There is a need to augment cybersecurity workforce using Digital Cybersecurity Analysts. These Digital Analysts will learn in real-time from the experiences and knowledge of other cyber experts all over the world, then use this information to guide junior analyst with their decision-making processes when it comes time for resolving threats or proactively protecting their organization. A digital analyst is the newest trend and will grow in number even more through 2022 and beyond.

• Deep Fake Tech

Deep fake content – manipulation of video or other digital material designed to make someone else look like they’re saying something when it’s not them is gaining popularity with each passing day. Also, machine-learning algorithms can create realistic-looking videos without human input whatsoever. Several open sources have noted how threat actors have utilized manipulated media to bypass multi-factor authentication (MFA) security protocols. The same approach has been used successfully against Know Your Customer (KYC) identity verification. I believe that deep fake technology will become more readily available in 2022, while criminal espionage actors will increasingly utilize manipulated media to achieve their objectives.

• Automotive Hacking

As we can see, the automotive industry is going through a massive transition, not only shifting from an oil based fuel source to a totally electric source, but also seeing a massive overhaul of technology – autonomous driving. Assuring that these vehicles are secure from hackers will be one of its biggest challenges. In the event of an attacker taking control of a self-driving car, they would endanger not only themselves but those around them as well.

• Increased Aggressiveness with Cyber Warfare

In this case, four prominent nation-state actors, including Russia, Iran, China, and North Korea, are expected to show enhanced aggressiveness with cyberwarfare. This is especially for Russia as several recent incidents, such as the manipulation of UNC2452 authentication methods, have shown that the country possesses a high level of sophistication when it comes to cyberwarfare. Also, Iran is likely to consider creating more power balance towards its own interest, with more emphasis on region promotions. As for China, the country is expected to continue supporting the Belt and Road initiative with the use of cyber-espionage while North Korea is willing to take the risk, if need be, and continue funding nuclear ambitions and strategic intelligence with the North Korean cyber apparatus. And as these nations use “cyber operations as a low-cost tool of statecraft” as part of their malpractices, I do not see any slowdown for these nations, while some more may also join in 2022. 

• Increased risk to US infrastructure

With cyber-attacker now intensifying and data breaches rising, there is an expectation that many US infrastructures would be at increased risk. This is already in play as a US insurance giant had to pay $40 million in ransom to hackers in May 2021. It is expected that the ransom demand from attackers will also increase in the coming year. 

• Accelerated use of Ransomware as a Service

One of these troubling trends is Ransomware-as-a-Service (RaaS). As cyber criminals lease ready-made malware tools to buyers, increasing accessibility makes this threat more relevant than ever before because anyone can perform attacks with little technical expertise no matter what level they are at in criminal endeavor.

• Larger Extortion Payouts with a Rise in Bitcoin Prices and Crypto Hacking

In 2021 we saw most of the extortionists threatened companies to pay large sums of money in Bitcoin. This has a lot to do with the rise in Bitcoin-to-USD price and as these prices are expected to rise again, I believe that a larger wave of an extortion payout may not be farfetched. And with cybercriminals using various techniques including “mixing” – where funds from different users are mixed together so as to break any traceable trail, making them less likely to get caught thing are just going to get worse. 

Hacking also plagues the world of crypto currencies. In a world where money becomes pure software, hackers will have a blast. In the coming year and years to come, I anticipate them becoming more aggressive with stealing bitcoins and altcoins.

• A New Wave of Attacks Targeting Cloud Services

The continual rise of the cloud-based technologies and infrastructure does not show any sign or indication of slowing down. In fact, organizations are expected to keep relying on cloud or cloud-hosted third-party providers for fundamental business tasks. Cloud vulnerabilities are no longer an exception, especially with the adoption of remote work following pandemics have made them a necessity. Thus I see them as a prime target of compromise due to its high-value nature.
 

• Let’s Confuse the Market with another Buzz Word – XDR

XDR is the future of cybersecurity according to almost every analyst firm and security vendor. It is the magic bullet that can detect new threats and protect enterprises that have needs we have yet to imagine, such as in a hybrid-work environment. I view it as another promise SIEM made and couldn’t keep. So who am I to disagree with industry experts who have already agreed on XDR being the next big thing? 

StrikeReady, a cloud-based security operations and management company, announced today that it was named a Technology Innovator in Advance VAs by 2021 Gartner “Emerging Technologies: Tech Innovators in Advanced Virtual Assistants” report. According to Gartner, “this report highlights technology providers that advance and accelerate the use of virtual assistant technology. Technology providers were selected based on the observed ability to market and sell AI-based or AI-enabling technologies with proven capabilities for optimization and/or transformation.“

The Gartner report further states that, “By converging AI, data, automation and assist capabilities, software and business application providers within security and targeting other industries can help organizations to make more intelligent decisions faster with advanced VxAs. Domain-specific VAs can analyze data, automate processes, make order or supply chain adjustments, and enforce countermeasures in security or provide advice, while continuing to learn in real time, thus increasing their usefulness for employees and organizations.”

StrikeReady Inc. is a cybersecurity startup based out of California. The company was founded in 2019 and offers the industry’s first cloud-based security operations and management platform that enables organizations to increase the effectiveness, efficiency, and affordability of their security operations, while empowering and augmenting cybersecurity teams with institutional knowledge and automation.

StrikeReady is backed by several Bay Area VC firms, along with executives from FireEye, CrowdStrike, Zscalar, and others.

StrikeReady has won numerous awards and mentions in the short time that it has been in existence, including Security Today’s Product of the Year Award 2021, Globee’s Disruptor Award 2021, CB Insights 2021 Cyber Defender, and 2020 Red Herring’s Top 100 North America Award.

Connect with them at www.strikeready.co 

*Gartner, “Emerging Technologies: Tech Innovators in Advanced Virtual Assistants”, Annette Jump, Danielle Casey, Adrian Lee, September 22, 2021.