In an exclusive interview, Fadi Sharaf, Regional Sales Director at LinkShadow, tells Anita Joseph how the company’s next-generation cybersecurity analytics platform automates the detection of sophisticated attacks with analytics-driven visibility.
In a world where the threat landscape is rapidly evolving, the need for new approaches to cyber security are becoming extremely important. How does LinkShadow approach this scenario?
Cyber-attacks are rising at an exponential rate, and we are experiencing varying trends that are highly strategic and meticulously planned. It is becoming imperative for enterprises to implement newer and robust approaches to building a resilient infrastructure. The crucial question here is – Are we better protected today than yesterday? CISOs and security teams must up their game and work in-tandem to ensure consistent control over multiple factors such as tackling the biggest cybersecurity risks, protecting the business operations, identifying where lies the vulnerabilities and most importantly what returns are they receiving from their IT investments.
Whilst racing to keep cybercrime in check, identifying and investing in the right security tools has never been an easy task for the cybersecurity community. Deploying too many technologies does not mean it is the best strategy to prevent breaches. Traditional technologies may be inadequate to deal with more sophisticated cyber-attacks. Therefore, enhancing infrastructure with a modern methodology that helps organisations stay secure, vigilant, and resilient at the same time is much in demand.
What LinkShadow Next-Generation Cybersecurity Analytics offers is enhanced defences against advanced cyberattacks. The solution architecture is designed to manage threats in real-time with user and entity behavioural analytics (UEBA) and extensive machine learning (ML) capabilities to detect both insider and external threats. With these capabilities, organisations would be equipped to address zero-day malware, ransomware and simultaneously have a rapid insight into the effectiveness of the security infrastructure and risk posture.
Tell us about LinkShadow’s threat detection capabilities.
Staying 100% protected from a cyber-attack can be a far-fetched vision. However, organisation can protect their infrastructure with security tools that can help detect and mitigate threats before they cause serious damage. It is a known fact that attacks involving compromised users and entities are extremely complicated to detect because adversaries can evade perimeter defences by using legitimate credentials to access data.
Implementing advanced threat detection techniques that can address unknown threats, reduce alert fatigue, and integrate security tools is key and though it sounds like a big task, it is possible with the right mix of threat detection and response processes.
LinkShadow’s next-generation cybersecurity analytics platform automates the detection of these attacks with analytics-driven visibility. The advanced techniques include supervised and unsupervised machine learning which are applied to data from the network and security infrastructure (e.g., packets, flows, logs, alerts). This information is used to create threat scores for all users and entities and distinct security events are observed & correlated over time. These advanced attacks that might appear to be legitimate user activity which could be an attacker posing as a legitimate insider are identified by measuring the changes and/or the anomalies associated with each entity. It takes smart correlation of the orphan alerts, over a period to detect such anomalies. Moreover, the platform also provides one-click access to the historic data to gain perspective whilst investigating the attacks.
LinkShadow delivers a differentiated analytics solution by combining machine learning with layered forensics, which automates attack detection and incident investigation without rules, configuration, and signatures.
LinkShadow has a unique Solution Architecture. Tell us more about it.
LinkShadow’s solutions architecture is a full-fledged behavioural analytics and extended threat hunting platform covering network, assets and users that is designed to hunt, detect, and prevent known or unknown threats using advanced machine learning algorithms. It provides rapid insights to cut through the noise of daily alerts and helps in drastically curbing response times. It comprises three main modules – Insights, Behavioural Analytics and Threat Hunting that essentially assists security teams with:
- Network Detection and Response
- User and Entity Behaviour Analytics
- Network Threat Hunting
- CXO Dashboards and Reporting
- Threat Intel
These enhanced threat intelligence and advanced analytics capabilities combined enables an enterprise-wide security program that is proactive and predictive.
One of the core modules which is the Threat Hunting Module that is powered by an AI-powered engine that helps detect the most sophisticated attacks and visually map them to the Cyber Kill Chain and MITRE ATT&CK frameworks to combat ransomware, security breaches and advanced persistent attacks (APTs) whilst giving end-to-end visibility and control over the ML algorithms from Data Collection to Detection to Visualisation.
Why is LinkShadow unique? – Because of its capabilities to seamlessly integrated with multiple solutions – be it SIEM solutions or other cloud security providers that can be deployed from an in-house API plugin store which has most of the known technologies, at no additional cost. Thus, empowering customers build a highly resilient cybersecurity infrastructure with this holistic solutions approach. It can be positioned on-cloud or on-prem with a one-time buy or subscription-based licensing model. Thus, making it an easy choice for organisations to conveniently adapted into their existing IT Infrastructure.
Cloud Security is huge today and it requires a specialised, expert approach. How is LinkShadow helping clients with Cloud security?
Cloud adoption has become integral to modernising the IT environment for large enterprises as well as SMBs and with this implementation a huge amount of data is being stored in the cloud. All that data is a top target for cyber criminals who can intercept an organisation’s security system within minutes or even seconds, to steal sensitive data and by the time the security teams discover the breach, it could take hours, sometimes even days or weeks – by then irreversible damage is already done.
Multiple platforms like the public, private and hybrid cloud are deployed which makes it difficult to monitor data, detect anomalies and control unauthorised access. Protecting the cloud environment from cyber-attacks is highly dependent on the type of security controls and analytics tools an organisation has in place that helps analyse the data to obtain actionable insights and prevent future attacks.
Linkshadow’s next-generation cybersecurity analytics platform interacts seamlessly with cloud applications, allowing user interactions to be processed and monitored in real time, whether they originate inside the network or from remote locations. LinkShadow’s AI-powered engine simplifies the complexity of Machine Learning and AI-based tools by empowering security teams to have full control over the entire threat hunt process and helps them stay ahead of threat adversaries. Moreover, it curates threat intelligence and applies advanced Machine Learning models to provide rapid insights, refines meaningless information enabling drastic reduction in response times and facilitates periodic access reviews to detect anomalies proactively and avoid breaches.
How has LinkShadow established its presence in the Middle East and what expansion plans are in the pipeline?
LinkShadow emerged from a compelling dream that a team of highly skilled and passionate experts envisioned – which was to enhance organisations defences against advanced cyber-attacks, helping them stay one step ahead of the increasingly evolving threat adversaries as well as ensure that they can maximise their security investments. Right from the beginning our focus was to innovate and cater to our customers unique cybersecurity requirements. Our growth trajectory is due to the innovation that we bring to the technology, especially with our R & D teams based out of this region that helps us develop cutting-edge cybersecurity solutions.
The company kick-started expansion plans in this region with the launch of the Dubai office, our innovation hub that will accommodate up to 100 plus R & D experts. So, in terms of space and resources LinkShadow would be one of the largest cybersecurity vendors based out of the UAE. However, our META hub would be in Riyadh, KSA, which we will be launching shortly.
No doubt, LinkShadow is growing exponentially, and is all set to establish its presence in this region with the aim of establishing closer partnerships with the channel community as well as ensure quicker turnaround and faster implementation to customers.
GITEX being one of the largest technology shows in the META region, how do you plan to leverage from this in exclusive platform? What new offerings does LinkShadow have for the customers and the channel community?
Organisations are adopting digital transformation, which has raised the capabilities of attackers and increased their appetite to exploit organisations, systems, infrastructure, and applications. Therefore, it is crucial to continuously monitor and classify every asset and their related threats and vulnerabilities, to understand and anticipate adversaries’ entry points to the organisation and defend against malicious activities.
At LinkShadow, we are constantly on the pursuit of enhancing our solutions architecture so organisations can keep their IT infrastructure secure and enable them to focus on business operations, uninterrupted.
This GITEX, we have launched a new feature called ‘Attack Surface powered by Metaverse’. With this feature, LinkShadow aims to empower organisations monitor, discover, and recommend security best practices for various infrastructure components to provide defenders with a complete understanding of their attack surface of all assets at any given time.
Moreover, security and compliance teams will have a complete toolset to understand and mitigate risks across their associated attack surface. It enables organisations to see the blind spots visible to adversaries and move the advantage back to security teams to eliminate any expected attack on their infrastructure whilst actively interacting with resources, threats, and prospect attackers through a reliably rich virtual space.