Gilad Peleg, CEO of SecBI, interviewed at California Israel Business Summit
Gilad Peleg, CEO of SecBI, interviewed at California Israel Business Summit
Jacques: My pleasure to welcome Gilad Peleg who is the CEO of SecBI. Is that the company’s name?
Gilad Peleg: Yes
Jacques: Yet another Israeli company in the security space, I think this one with a very interesting positioning with respect to where they intervene in the detection and remediation of issues, and so a lot of us in this place have always seen Mandiant as the precursor of you know what we sometimes joke about is who would you call ghostbusters, right. Let me give the microphone to you and say you know, who do you call SecBI and why and how?
Gilad Peleg: Thanks Jacques, thanks CICC for a great event and a great week. It’s actually a pleasure to be here again. I spent a few years in the Silicon Valley and I attended events at CICC and it’s great to be here as an entrepreneur and CEO of SecBI. So, we do automatic Cyber Security Investigation and that’s in contrast to what is done today in most corporations, in most businesses which is manual Cyber Security Investigation. We read the news and I won’t start to mention the US government and Ashley Madison although some of the more interesting stories but the fact is that organizations are getting breached and they are suffering losses both in reputation, monetary, even personal, jobs and so on. Cyber security is not easy, it’s complex and because it’s manual it’s taking so much time to actually find and detect these breaches.
More or less fifty percent (50%) of the budget is going on services, is going on manpower and still there’s a shortage and here the numbers are all over the place. I’ll give you one number or two, shortage of about 1 million cybersecurity profession worldwide and that there’s the number of 300,000 in the US. You can pick a number, doesn’t matter exactly what is the number but it’s huge. Move manual investigation shifted to automatic investigation and you get the advantages that we’ve seen in other industries that moved from manual to automatic. I’ll give just two examples, one is the automotive or automobile production industry the production line, the assembly line that’s obvious what that, what that resulted in. The other one is airline and flight, think of a world without automatic pilot and automatic navigation probably most of us wouldn’t be here right now because it would be too expensive and their wouldn’t be enough flights and so on. The next big step is automating cyber security investigation and that’s a long answer to when you would call us.
Jacques: Excellent, so I’ve been breached I know I’ve been breached because of somebody else and then you come in?
Gilad Peleg: Oh no no no no, so first of all we’re not a service okay. SecBI is a technology company, we sell our systems, we deploy our solutions and then they’re, they’re either on Prem or in the Cloud it’s up to the, the organization. They run in the background, in the foreground, they’re being used by the SOC personnel either the Tier 1 or the Security Operators as they called or Security Analyst or Tier 3. The, it’s an ongoing process cyber security investigation. You get alerts, there’s a flood of alerts daily the numbers are huge we all talk about the noise, we all talk about finding the needle in the haystack, separating the wheat from the from the chaff . We automate that process so you don’t have to drill down, slice and dice, we already show that, that analyst, here this is an incident.
I need two hands it’s possible. Israelis, they talk with their hands you know.
Gilad Peleg: We show you the incident we, we already cluster all the information together in such a way that investigation is very, very fast. If you need to investigate your whole database, your whole and you know find what you’re actually looking for, it might take you hours and it might take you days. If I give you now and when I say I, “it’s the system”. If you’re in front of the system and you see one clear incident or one clear cluster with all the information there, you can either quickly understand what is there or actually what SecBI provides is the next step of automation. We do automatic classifications so the system already takes into account input from external sources as well as internal sources in the, in the company and we classify and prioritize those incidents providing you a very clear definition and classification of the, of the attack.
Jacques: Makes a lot of sense. What’s the status? You have customers that are users?
Gilad Peleg: So its customers, it won’t be easy.
Jacques: You think?
Gilad Peleg: Yeah, but we have several pilots and PLC’s running in large organizations in, in Israel. They’re running in production, generating very good results, they’re very happy and the same thing goes to US and Europe. We’re in process of several deployments there. The interesting thing is what, you know we’re part of this cyber labs, JVP cyber labs incubator in Beer Sheva. If you haven’t been there you have to, it’s an amazing place, middle of the desert and Beer Sheva used to be called the capital of the desert. Today, it’s the capital of cybersecurity in Israel, maybe the world so there’s two high tech building buildings in the middle of nowhere and the amount of delegations and I’m talking about any high-level corporate in the US in Europe, banks, financial institutions, big consumer conglomerates you name it they’re all coming there. If they’re interested in security they come there and we the small startups which you know if we had to do it on our own it would be very, very difficult to get to these high-level executives. We get to pitch to them and the results are amazing. We get PLC’s requests almost by a hundred percent (100%) of these people so that’s where we are. We don’t have yet paying customers, but pretty soon.
Jacques: U.S operations?
Gilad Peleg: Not yet, but let’s say this way as I said where we got our seed funding from JVP. We, because of this great market pool that we’re feeling we’re going after additional funding right now in order to scale our operation in US and Europe as well as continue development.
Jacques: So a good outcome of this conference would be to find investors, employees, customers?
Gilad Peleg: If you want to invest that’s fine, we’re happy. But, but yeah absolutely where were we are looking for investors and customers and maybe I should say customers and then investors. No offense.
Jacques: No, none taken we actually like it that way. They do due diligence, we get to invest. Wonderful so if, if you had the absolutely most striking example of something that your system was able to achieve you know the one story of when customer XYZ did this they found that would that be?
Gilad Peleg: So in one of our, I’ll tell you know from, from one of our POC.
Jacques: Try to do it with your hand in your pocket.
Gilad Peleg: I’ll rip my pocket. So, one of our POC is a large organization in Israel deployed our solution and we ran our POC for about a month. We cluster about a month of data, hundreds of millions of events we broke them down into just a you know very few clusters and even less malicious incidents that we were able to classify and then we sat with, with the team there to analyze the results. So, first thing that they said “look, you found these things here it took us days or hours at the best case to do this same kind of detection classification manually”. What was more interesting is that they came back and said you know what when we look at the data that you’re supplying, actually you found three times more infected users and, and communication to CNC (Command and Control) that we didn’t find manually. What this means is that when they investigated it manually and they thought they contained the incident, actually they didn’t, it was still alive and doing whatever it was doing in their network.
Jacques: And so we all know that the big breaches, you know the Anthem, the Experian the, maybe not the Ashley Madison but a lot of the breaches people knew that there were alerts. It’s not like they woke up one day and said “oh we’ve been breached” how could that have happened? They knew they had alerts, they knew they had red lights, it just had too many of them to do anything and what to do anything meaningful and so any in the system that automates I think is poised to have a lot of market traction.
Gilad Peleg: And you mentioned those and I think one of the most important things is that you need to have a system that is data-driven with a continuous evolution, meaning that once a as long as additional data comes in the incidence continue to develop. You don’t need or you don’t want to have a long training period to baseline the network and so on, but you do want a system that continuously evolves because data continues to come in. Incidence change they might grow, like you mentioned some cases they might split up to two separate and unique incidents that need to be investigated separately.
Jacques: So I’ll conclude with, with a discussion that I had the pleasure to have a couple of weeks ago with some really interesting people which said, for companies like you is the mode you know the protection in the data or in the algorithms?, and the argument was going back and forth whether it was the data or the algorithms and the formula we settled on and I’ll check it with you says “It starts with the data and the data is temporarily protection but eventually everybody can get the data, but if you get the data first then you can build algorithms that you can take advantage of having had the data early better anybody else and then you build a bigger protection”. How do you like that one?
Gilad Peleg: I, what, what I’ll do is I, I will defer to my CTO
Jacques: Smartest thing
Gilad Peleg: Smart thing to do at this point but seriously I do want to mention the two founders.
Jacques: She’s not your wife
Gilad Peleg: Not this time, not this time the two founders of SecBI, Alex is the CTO here and machine learning for RSA, he’s the right guy to answer part one of your question and the other guy is Doron, here and professional services and deployed many SOC’s in Europe and globally. He’s the one to answer the second part of what should come first, so but not to fully escape that I do think it’s the algorithm just to be to give a clear answer.
Jacques: Thank you, I’ll let everybody ponder on that. Thank you!