GreatHorn, Inc.


CEOCFO-Members Login


January 25, 2016 Issue

The Most Powerful Name In Corporate News and Information


Cloud Security Platform that Protects Organizations from Most Common Sources of Data Breaches: Email Attacks, Spear Phishing, Wire Fraud, and Credential Theft



Kevin O'Brien

CEO and Co-Founder


GreatHorn, Inc.


Interview conducted by:

Lynn Fosse, Senior Editor, CEOCFO Magazine, Published – January 25, 2016


CEOCFO: Mr. O’Brien, would you tell us about the security approach at GreatHorn?

Mr. O’Brien: We’re building a new kind of cybersecurity platform with GreatHorn, based on our long backgrounds in the industry, which for most of the team started back in the 1990s. The problem today is that we are at an inflection point between the old world of on-premise systems, with perimeter security systems that focused on keeping the “bad guys” out, and a cloud-first world in which companies and employees are always online, and where the majority of communication is driven through email, chat, and other cloud-based systems.


We started by looking at why huge data breaches – the kind that you have seen seen in the news over the past couple of years – keep happening. The majority of them begin not because somebody hacked into a network or installed some highly customized piece of malware on a computer, but rather because that they used these newer types of communication platforms to trick a regular user into doing something they should not have: giving up their username and password to corporate systems, authorizing fraudulent wire transfers or financial transaction, or even sending intellectual property or regulated data to hackers directly.


Most of the time, this kind of deception occurs over email, because it’s still fairly easy to pretend to be someone you aren’t when using these systems, especially in modern cloud email platforms. Of course, this problem has plagued us since at least the early 2000s; the problem here is that we’ve reached a critical moment where we can point at hundreds of millions of dollars of financial damage from a successful breach, and as a result this is now a boardroom level problem.


GreatHorn has taken the perspective that, in much the same way that the rest of the security market has taken the position that real time detection and remediation is more effective than perimeter defense systems, we have deal with these kinds of trust-based communication attacks in the same way. We are the first post-deliverability email security solution, and we are focused on cloud systems. With our technology, we can continuously and nearly instantly identify threats that land in users’ inboxes or chat channels, and in that critical moment, prevent them from leading to a data breach. We are challenging the status quo around communication and email security, based on the assumption that as necessary and effective as perimeter tools can be, threats will still make it past them and reach users. That is the moment when we come in.


CEOCFO: How do you automatically detect and prevent email based threats?

Mr. O’Brien: We are directly integrated into the primary platforms that most businesses rely upon for email. We have built deep integrations into both email systems like Google Apps and Office 365, as well as newer platforms like the chat program Slack, and in doing so we have created a mechanism by which we can detect threats at the very moment of deliverability.


And, because we can also compare every message against a data set over tens of millions of messages that we have previously analyzed since coming to market, we’re in the unique position where we have the world’s largest intelligence database around this kind of threat. We can use that data to make highly accurate decisions about whether a particular message is a threat, no matter how well crafted it is.


And finally, because we are integrated into the platforms themselves, we do not require that companies change their mail servers, or route their communications through our systems. While those are historically valid approaches and can offer a lot, by definition can’t address post-delivery threats – the very kind which lead to most real world breaches today.


CEOCFO: Suppose you decide there is a threat, how do you alert people and how would it compare to their junk mail or spam folders?

Mr. O’Brien: That’s a great analogy. Think for a moment about how you interact with your spam or junk mail folder: when you receive a message and it is identified as some kind of generic spam message, it’s put into a folder that you most likely rarely look at. Users know they shouldn’t pull out a credit card, click on a spam email link, and start handing out their financial information to the scammers who wrote those message.


This same model is what’s needed to effectively protect organizations from highly targeted communication fraud attacks. The stakes are obviously higher if you can trick a CFO into authorizing a wire transfer – once that money is out the door, it’s gone. We’ve seen companies lose $50 million out of the company accounts in an afternoon this way. It’s a boardroom issue now: how can a company ensure that this doesn’t happen to them?


The answer is to make your security system an ambient one. Although the sophistication and ramifications of this type attack are higher, we already know how a user expects to see inbox-level threats addressed: by removing them from view automatically. GreatHorn does exactly this: we identify and remove malicious emails and messages, alert the information security team that something is amiss, and monitor for subsequent indicators of an on-going credential theft or message-based attack.


CEOCFO: How do you evaluate what an average person would think is a problem?

Mr. O’Brien: The kinds of emails that you or I as individuals receive are generally crudely constructed – these are your basic phishing attacks. Phishing attacks are generally poorly worded, rife with grammatical and spelling errors, and try to convince you to click on a link, give up personal information, or install some kind of malware.


When a criminal group targets a business, however, they typically put more effort into making it believable than what we see as consumers. If the goal for an attack is to authorize a wire transfer that might yield $40 or $50 million, criminals can afford to be very sophisticated and accurate in their approach. For example, in April of this year we saw a major technology based telecommunications company authorize four consecutive and ultimately fraudulent wire transfers, losing $47 million in a very short period of time. The criminals had targeted this particular company and individual. They monitored the tradeshows which the CEO and CFO attended, they followed their social media presence, and they knew exactly when and how to impersonate them to the finance team.


When they executed the attack, the messages they used looked exactly like they were coming from the CEO. They referenced events from that company’s business operations, companies they had spoken with, and so on.


With GreatHorn in place, we could have stopped this attack. We have deep insight into both the metadata of cloud-based messages as well as content analysis capabilities to zero in on these kind of attacks in particular. Coupled with our proprietary data assets, we can disrupt this kind of exploit before someone authorizes a financial transaction.


CEOCFO: Playing devil’s advocate, why wouldn’t a company set up some type of safeguard before sending an email?

Mr. O’Brien: Security failures are almost always exceptional cases.


You should absolutely have a formal policy that says no one can authorize out a wire transfer unless it has had two officers of the company sign off, that you have to have a voice-based authorization, and so on. However, human nature is such that we often see people bypass policies like this.


It typically happens for the sake of convenience, or expediency. People are often terrible at judging risk; we see this kind of cognitive bias in all kinds of circumstances. There’s even a name for it: the Dunning–Kruger effect. It means that individuals tend to overestimate their own capabilities, especially when it comes to areas outside of their field of expertise. Most financial staff are tremendously effective at managing money, but they are not experts in cybersecurity. When ad-hoc decisions are made that bypass security policy, they’re often wrong.


The net effect is not that policies are useless or that they should be abandoned, but rather that these kinds of safeguards are insufficient on their own. Organizations that want to avoid being the next victim of a communication based attack need to be able to automatically detect and defend against these attacks as they happen.


CEOCFO: What types of companies are using your services?

Mr. O’Brien: We work with organizations that range from HMOs who use our technology to protect against the theft of highly sensitive personally identifiable information to leading companies in the cloud infrastructure space, and everything in between.


This is not a vertical specific problem. Consider the most notable data breaches in 2015; across all industries and in both the public and private sectors, we’ve seen failure after failure in protecting regulated and sensitive data, or avoiding massive financial loss through fraud. CIOs, CISOs, and CFPs know that they need to do something different.


Our customers tend to have mandates from their boards of directors to prevent it from occurring to them. There are different focuses, of course; one of our customers is one of the largest hotel management, investment, and development firms in the world. They know that hackers will use communication-based attacks, especially in cloud technologies like Google or Office 365, to steal PCI data from hotel guests. They also know that because of their development activities, wire fraud is a huge risk.


The third large bucket for us are companies that deal in technology where they have all kinds of sensitive intellectual property that is patentable or has been patented. They are very concerned that their competitors might be executing spear phishing attacks especially internationally and using it to get access to those systems. We have seen this happen in the business world over the past few years and we have seen that companies are very concerned about having their IP stolen. When you dig into how those attacks happen, protecting credentials is as important to them as prevent financial theft is, and we are a critical component for those companies in building out a defense in depth approach to data security.


With GreatHorn in place, companies can have a completely automated, highly effective defense against even the most sophisticated spear phishing attacks – and they can be up and running in minutes, not days or weeks.


CEOCFO: Do you find much pushback? Are people skeptical?

Mr. O’Brien: We  are in an interesting moment. When I started working in cybersecurity back in the 1990s, we spent a lot of our time doing software and source code level analysis.


We were seeing that the criminals who were targeting early internet adopters were doing so by exploiting a window of trust – companies ran code that was poorly secured, which could be exploited and manipulated to gain illegitimate access to all kinds of lucrative data. Of course, what happened is that we introduced new checks and balances to ensure that a rogue program or piece of malware could not move around inside a corporate environment and do things it should not.


Cloud adoption has followed a similar path. Our initial beliefs that the cloud vendors would take care of everything for us are gradually – albeit too slowly – being replaced with a more nuanced understanding that there is a shared responsibility model when using cloud technology. Simply moving your servers out of a server room and put them into the cloud doesn’t remove your responsibility to protect the data you store on them.


The next frontier is around communication. Now that businesses are trusting that they can “go cloud”, they’re moving their core infrastructure to it – and email has been arguably one of the most fundamental business systems for over a decade now. And new systems are on the rise that will complement if not supplant email as a form of business communication.


Yesterday’s anti-spam, anti-malware, and gateway based solutions can’t keep up on their own. Sometimes, we’ll run into companies that are earlier in the cloud adoption curve, and they’ll still be thinking through how to build an effective shared security model. The broad set of organizations today, however, know that they are vulnerable, have seen that this is a problem with massive implications, and are ready to address it.


CEOCFO: How are you reaching potential clients?

Mr. O’Brien: We have a couple of different ways that we do that.


First and foremost, we’re a very seasoned team of cybersecurity veterans. We’ve been working in this industry for over 15 years, and our clients can see that we’re not simply another “hot startup” vying for a piece of the growing security market. Security is a market ripe for innovation, and I am fundamentally a believer in the power of the startup ecosystem, but speed and passion need to be tempered with experience and credibility. We offer both.


We are also fortunate to have tremendous technology partners. On stage at Techstars in New York City in December 2015, we announced our alignment with Microsoft, meaning that anyone who is using Office 365 can directly integrate GreatHorn through the Azure marketplace. We are similarly integrated into Google Apps, and excited to be one of the first major security vendors focused on Slack as well.


We look forward to announcing additional partnership news in the near future, as well.


CEOCFO: What have you learned from your previous ventures that have been helpful at GreatHorn?

Mr. O’Brien: Be open to change, but have conviction about what you do well. One of the most important lessons that I have taken away from my time in building companies is learning how to say no.


There is tremendous power in that word; used judiciously, “no” means avoiding misadventure, or distracting your team from what will truly be of value to your customers. We have an obligation to execute cleanly and crisply against our core vision, which is protecting companies using cloud-based communications from highly cyberattack.


Anything that is distracting from that, especially in the early days, need to be set aside. It can be difficult in practice, but there are never any shortcuts, and having a true north and communicating it to your team – and being willing to stick with it – is so vital. If you build a team that is topnotch, surround yourself with people who are smarter than you are, and execute consistently on your vision and values, you can make a difference in the market and ultimately in the world.


CEOCFO: Why is GreatHorn an important company?

Mr. O’Brien: The threat represented by data breaches is getting larger, not smaller, and we’re all affected. Companies who fail to protect against breach lose not just money, but trust; the implications are tremendous. Companies fail when they do not take adequate measures to protect their assets. Executives have been convicted, customers are lost, and ultimately we all pay the price.


GreatHorn is making it simple to stop the single most common cause of these breaches, despite the complexity and sophistication of the attacks themselves. We believe that security is fundamental; in today’s world, personally identifiable information, healthcare records, and stolen capital fuel for even more serious crimes.


We believe that is unique, meaningful, and vital.


“With GreatHorn in place, companies can have a completely automated, highly effective defense against even the most sophisticated spear phishing attacks – and they can be up and running in minutes, not days or weeks.”- Kevin O'Brien


GreatHorn, Inc.



Kevin O’Brien

(800) 604-2566







Any reproduction or further distribution of this article without the express written consent of is prohibited.



Cybersecurity Platform, GreatHorn, Inc., CEO Interviews 2016, Kevin O'Brien, Cloud Security Platform that Protects Organizations from Most Common Sources of Data Breaches: Email Attacks, Spear Phishing, Wire Fraud, and Credential Theft, spear phishing, spear phishing prevention, business email compromise, wire transfer fraud, credential theft, google apps security, office 365 security, ceo scam, cyber security, secure cloud communications, prevent credential theft, prevent spear phishing attacks, secure cloud based chat tools, Technology Companies, Recent CEO Interviews, Platform, GreatHorn, Inc. Press Releases, News, Tech Stock, Companies looking for venture capital, Angel Investors, private companies looking for investors, technology companies seeking investors, cybersecurity companies needing investment capital does not purchase or make
recommendation on stocks based on the interviews published.