December 4, 2017 Issue
Q&A with Mike Simon, President and CEO of CryptoniteNXT a Defensive Security Platform that Prevents all Cyber Attacker Reconnaissance and Lateral Movement stopping the Spread of a Ransomware Attack throughout an Entire Network or Organization
President and Chief Executive Officer
Interview conducted by:
Lynn Fosse, Senior Editor, CEOCFO Magazine, December 4, 2017
CEOCFO: Mr. Simon, what is the concept behind Cryptonite?
Mr. Simon: Cryptonite, specifically CryptoniteNXT, our defensive security platform enables any network to actively shield itself form cyber attacks by preventing all attacker reconnaissance and lateral movement.
CEOCFO: How does your approach work?
Mr. Simon: If you are in a corporation or government agency and you click on a malicious email link or file, it could trigger an attack such as ransomware. The program will execute on either your office computer, phone, or wireless laptop. It is then going to see what you are connected to on the network and enumerate connected devices. This process is called reconnaissance and is the first step towards the breach of a network. What our product does uniquely is stop the compromised system, whether it has malicious code or is an insider threat from performing reconnaissance on the network or attempting to gain privileges to move laterally through the network such as ransomware. Reconnaissance is a necessary step by hackers to capture information regarding those computers, printers, IoT, and embedded devices to plan and execute an attack. By stopping the leakage of actionable information, we are also stopping our adversaries from exploiting the vulnerabilities in medical devices in hospitals for example. A secondary and equally important capability within CryptoniteNXT is its ability to stop the spread of attacks to neighboring systems or devices. This is done with a technology called fine-grained micro-segmentation.
CEOCFO: Could they still do something to the one computer they are with or is it just not worth the effort to hackers?
Mr. Simon: We are protecting that one computer or device from being a launching point for an attack on a network. We are not preventing a human from downloading malicious emails or going to an unadvised Web site and being an unsuspecting victim of a drive by download. However, once the malware tries to go beyond the privileges of that user on that computer or device or access IP addresses on the network, we immediately stop the attack, and then notify the security team that violations have occurred and potential attacks have been stopped. There are many other products that are designed to figure out malicious activity on a specific computer or device.
CEOCFO: What is the technology for stopping the reconnaissance?
I talked about fine-grained micro-segmentation being a technology that stops
lateral movement. The technology behind stopping reconnaissance is moving
target cyber defense (MTD). Briefly, the way we describe this is we are
dynamically moving the different pieces of the network so that our
adversaries cannot identify the location of highly vulnerable systems such
as legacy printers, medical devices, IoT devices, mobile phones, legacy
manufacturing systems, embedded processors in financial systems, and then
exploit their vulnerabilities. The attacker cannot enumerate these devices
because we are constantly changing their IP addresses.
CEOCFO: Is it accepted by the technology community that there are ways to do this, or is it a newer idea?
Mr. Simon: Let me talk about the origins of this. This company was established by spinning it out of a defense contractor in the summer of 2015. Dating back to early 2010, Intelligent Automation, Incorporated, received money from the Department of Defense that identified MTD as an enabling technology to defend against the kind of attacks we just discussed, network based attacks. A couple of years into the funding, the Department of Homeland Security established a program specifically around MTD and how to protect networks with this technology, and they provided funding as well. The Department of Defense and the Department of Homeland Security are proponents of MTD and to date are still funding initiatives for the technology to protect against network based attacks.
CEOCFO: What is the challenge in the technologĐs Đs €Er PCr 8s đs @ đs margin-bottom: 0"> Mr. Simon: The most important challenge to overcome is scale. We are a relatively young company talking to Fortune 5000 corporations with significant concerns about the vulnerabilities within their networks. Some of these organizations have over 100,000 devices that require our protection. To mitigate the concerns about scale, we are constantly testing our ability to support large networks.
CEOCFO: Are people using Cryptonite today?
Mr. Simon: We have paid customers that are using our product in production. Examples include financial credit card processing companies, public affairs firms, defense contractors and Government agencies.
CEOCFO: Who are you reaching out to and how are you getting a foot in the door with these companies?
Mr. Simon: Probably the best answer to that is our experienced team. Our sales and pre-sales engineering team members have an average of over 10 years of experience with security solutions and were drawn to our company to help their prior customers solve important security problems that are currently not being addressed by other solutions. We have investors making introductions like Ron Gula, who was the founder of Tenable Security.
Mr. Simon: We are a piece of a very complex puzzle. I am not going to get into what someone can get rid of, but I can tell you what a security framework looks like when we are installed. We are going to reduce the amount of false positives that are created from the endpoints to the network, which in turn will reduce the back end in human involvement for investigations and remediations. However, legitimate traffic needs to be analyzed by companies such as Palo Alto Networks for example. We highly recommend secure wireless protection using a product such as HPE Aruba’s Clearpass. A repository for alert information such as SPLUNK is typically installed. Other product categories that are important include web filtering, endpoint detection, and vulnerability scanning.
CEOCFO: When you are speaking with the right person at an organization, do they understand what you are doing, why you are doing it and how it works?
Mr. Simon: Absolutely. The more technical the better, because when you tell someone that we stop adversary based reconnaissance, their first reaction is that it is impossible. Reconnaissance is how our adversaries steal actionable information, uncover vulnerabilities and then proceed with attack planning.
CEOCFO: What is your plan for the next year or so for Cryponite?
Mr. Simon: Our plan is to first and foremost, establish our target markets. Those target markets include manufacturing, healthcare, finance and critical infrastructure in both business and government. Get footholds in those key markets and at the same time develop both channel and technology partnerships. Then we are going to expand our product foot print. The CryptoniteNXT platform is a great building block for other future products.
CEOCFO: Would you give us an example?
Mr. Simon: One example is that CryptoniteNXT currently protects networks within the confines of companies and government agencies. In the future, we will protect enterprise access to services such as Salesforce.com, or applications that reside on either private or public clouds.
CEOCFO: Where does cost come into play? How do you decide how to price your product?
It is a thought provoking question that we have spent a lot of time
researching. We have two models. A customer can either buy a perpetual
license and then just renew maintenance to get upgrades and support after
the first year or subscribe to our offering as a service and pay a yearly
fee for the license and support. The subscription model enables a customer
to spend less money in the short term to benefit from our unique security
CEOCFO: Have similar approaches been attempted?
Mr. Simon: Not for our base technology, moving target cyber defense (MTD), at a network level. We are trailblazing some new ground. There are products that advertise MTD running on an endpoint but they are limited in their protection.
CEOCFO: Are you funded for your next steps or seeking partnerships or investors?
Mr. Simon: To date, we have raised two rounds of investment. The first was back in the fourth quarter of 2015. The second was earlier this year and we are anticipating an A round towards the summer of 2018.
CEOCFO: Why does Cryptonite standout?
Mr. Simon: The cyber security problem has not been solved. The cyber security industry needs a new defensive based approach that makes it extremely difficult for hackers to take the next step in their attacks. To date, we are primarily reacting to our adversaries and conceding the assumption that they will get into our networks. Security professional have become hunters that are tracking down cyber criminals after they have committed a crime. We need to change the paradigm to stop attacks and not allow the spread of malware in corporate or government networks. CryptoniteNXT can enable that paradigm shift.
“The cyber security industry needs a new defensive based approach that makes it extremely difficult for hackers to take the next step in their attacks.”- Mike Simon
Moving Target Defense, CryptoniteNXT, Critical Infrastructure Security, Mike Simon, Defensive Security Platform that Prevents all Cyber Attacker Reconnaissance and Lateral Movement stopping the Spread of a Ransomware Attack throughout an Entire Network or Organization, CEO Interviews 2017, Technology Companies, MTD, Micro-segmentation, Software Defined Networking, Ransomware, Access Controls, Insider Threats, IoT Security, Medical Device Security, ICS Security, Reconnaissance, CryptoniteNXT Press Releases, News