BitDam cybersecurity blocks advanced content-borne attacks across all enterprise collaboration channels. Protecting email, cloud storage, and Instant messaging.
Recognized by Frost & Sullivan for its technology leadership, and utilized by hundreds of thousands of end-users, BitDam’s Advanced Threat Protection is deployed by leading organizations in Europe and the US, with a proven record of detecting threats that other security solutions fail to uncover. In this interview, BitDam Co-founder and CEO Liron Barak explains why a non-data-driven approach to cybersecurity is the way forward, and how organizations can adopt it to tighten their security posture.
Please describe the story behind BitDam and it’s evolution so far.
BitDam was founded 4 years ago by me and my co-founder Maor, who is now the company CTO. We both come from a technical background, having spent 7 years together in the intelligence forces. We were officers, we served on the offensive side of the defense, dealing with very interesting stuff. We finished our service a bit more than 5 years ago. To cut a long story short, we now have 30 people in the company and sell to enterprises in Europe and the US. Most of our team is located here in Tel Aviv, but we also have offices in the US with teams working on biz dev and sales on the ground.
When we started the company we realized there was a huge gap in cybersecurity, specifically in the email vector but not only. When it comes to content like files and links that are being sent to users, this area is very exposed and breached due to the characteristics of the current solutions. What I mean by that is that most solutions in the industry, specifically when it comes to email but in other channels as well, tend to be data-driven. They base their detection mechanism, which affects their prevention, on the knowledge that they have about the threats. They are collecting lots of data about repeated tracks, patterns, and behaviors. In the past it was signatures, but today it’s more advanced. They have machine learning algorithms etc, but essentially they are all data-driven, meaning it’s based on data that they have about the threats.
The problem is that the attackers are massively using automation these days and we can see this is growing with time. In 2019 there was a hype around it. Practically, it means an attacker can take a threat, which is known to all of us, including the solutions themselves, and with a short automation script, he is able to create hundreds of new variants of the same threat, that look different. This enables attackers to go below the radar of current security solutions and bypass defenses within organizations. This is exactly the pain point we came to solve.
Here’s a quick preview of some of BitDam’s capabilities:
How does BitDam interact with third-party software applications such as IM, cloud storage, and collaboration platforms?
In terms of integration, we have integrated with all the collaboration channels that organizations are using today, including Office365, Gsuite, OneDrive, Dropbox, Box, and other storage drives, as well as instant messaging platforms like zoom, Microsoft Teams, and others. We have a cloud-based solution that integrates via the API of those different channels and captures all the content sent through those channels. It scans the content pre-delivery to detect malicious code and block it from reaching the end-user. So if you get an email with a malicious file, BitDam will scan it within a few seconds, and you will not get that email.
With so many attack vectors, how can organizations unify their threat detection and response capabilities?
I would say that at the end of the day, we see that more organizations are now working remotely and more collaboration tools are being adopted within enterprises. The challenge is undoubtedly growing. Organizations need to deal with that and make sure those channels are secure. So I would answer that in two ways.
Firstly, organizations, as we’ve learned from our customers, need to perform ongoing tests in order to ensure they are protected via all the different channels. There are different tools like BAS, breach and attack simulation, which we provide for free on our website. Organizations can use it to get an ongoing assessment of how exposed the different channels are.
Another thing that is important these days is to have solutions that offer more than one optional protection, meaning not only email or cloud drives. It would be very difficult to adopt different tools for each one of your channels in such a short period of time. People need to work, so they will use Zoom and Microsoft teams no matter what, because they need to generate business and the protection has to come with that. Otherwise, they will remain exposed.
Lastly, I see more and more in the last 2 months that attackers are taking advantage of the global situation. They are trying to penetrate into organizations via the different attack vectors. Additionally, people are more interested in getting more information about the Coronavirus, so even emails that pretend to provide more info about that are bypassing all the regular instincts that people usually follow in order to mask those emails.
Which trends and technologies do you expect to see more of in the coming years, and why?
I touched this earlier when I spoke about the increased use of automation by attackers. I think that we will see more solutions that are using non-data-driven approaches in order to be able to detect and deal with the new variants of the threats and make sure those organizations are protected against those threats. This is something that we do. We use a non-data driven approach in order to learn the legitimate behavior of apps like Word, Excel, Chrome, etc, and make sure the threat will not bypass our defenses.
This is unique because most of the solutions are data-driven, but I think this trend is going to change. We recently published a robust study that we’ve been performing for over 6 months, scanning our customer traffic. We’re talking about millions or dozens of millions of files and links that are being sent through these channels. We realized that the leading data-driven solutions today, like the most advanced packages by Proofpoint and Microsoft are missing more than 20% of the threats that are being sent to organizations on a daily basis. This is a very significant gap that nobody can ignore. So given this data that is now publicly available, there will be more adoption and more need for non-data-driven solutions.
I also believe we’ll see more options and solutions for protecting collaboration channels that currently are not being protected: from Salesforce to Microsoft Teams to Zoom, Skype, WhatsApp, Slack, and others. All of these tools have been gaining popularity for some time now, but given the current times, with the need to work remotely from home, adoption is increasing even more. We see this among our customer base and partners we are in touch with, and it’s a very significant change.