CYFIRMA is an external threat landscape management platform. We combine cyber intelligence with attack surface discovery and digital risk protection to deliver early warning, personalized, contextual, outside-in, and multi-layered insights. Our cloud-based AI and ML-powered analytics platform provides the hacker’s view with deep insights into the external cyber landscape,helping clients prepare for impending attacks. CYFIRMA is headquartered in Singapore with presence across APAC, EMEA, and the USA. The company is funded by Goldman Sachs, Zodius Capital, Z3 Partners, NTT Finance, OurCrowd and L&T Innovation Fund.
Please take us through your journey and what led Mr. Kumar Ritesh to start the company?
The unabated tide of cyberattacks and data breaches have continued, and in fact, escalated, in recent times. And this is in spite of the vast number of security controls, software, and solutions that are abundantly available in the market.
The threat landscape is fast evolving and cybercriminals are moving quickly to take advantage of global events. The traditional approach to cybersecurity without quality cyber-intelligence and comprehensive view of the external threat landscape have resulted in cyber adversaries gaining the upper hand.
With a wealth of experience of over two decades across various facets of cybersecurity, CYFIRMA Founder & CEO, Kumar Ritesh, had identified important gaps in the global cyber threat intelligence market and set up CYFIRMA to offer the following solutions:
Cyber intelligence companies were operational-intelligence-focused. Strategic and management intelligence were being overlooked, and they are equally important to manage evolving cyber threats and risks.
The industry has been groomed and coached to pay attention to cybersecurity alerts, incidents and breaches. These are what we refer to as “cyber events” where we react en masse, when an actual cyber incident has already occurred. To effectively reduce the number of cyber intrusions, a radical mindset shift is needed. Cyber threat intelligence and insights should provide proactive cyber posture management by identifying threats at the early planning stage of cyberattacks.
To strengthen cyber posture and to effectively prevent data breaches and cyberattacks, companies need to have a complete view of their external threat landscape and this means the ability to correlate and attribute hackers to campaigns, motives, and methods in order to accurate predict attacks and be armed with accurate and actionable intel. This requires a comprehensive view across attack surfaces, digital risk and cyber-intelligence.
CYFIRMA assists organizations to understand their evolving threat landscape, receive actionable intelligence that is prioritized to help remediate security gaps across people process and technology. This includes insights on threat actors, threat signals and indicators, new emerging threats and digital risks, situational awareness of global and local cyber events, and apply intelligence into cyber posture management.
Our unique approach of decoding threats for our clients entails that we provide personalized intelligence for every customer to eliminate noise and help optimize resources to focus on what’s critical. Our platform’s predictive capability has resulted in customers avoiding costly financial and reputational impact from cyberattacks. By combining attack surface discovery and digital risk monitoring with cyber-intelligence, CYFIRMA has developed one for world’s first external threat landscape management platform,
Company’s vision and how do you aim to achieve the same?
CYFIRMA’s vision is to help government, businesses and communities decode threats and neutralize cyberattacks using external threat landscape management intelligence so that communities can thrive in the age of digital and AI.
We achieve our goals through our core platform, DeCYFIR, which we bring to both public and private sector customers and helping them monitor their external threat landscape so they are always kept abreast of impending attacks and equipped with the insights to take proactive measures.
What is the USP of the company and what makes CYFIRMA stand out amongst its peers?
- Built the platform with 6 threat views from the ground up. Thes 6 threat views are Attack Surface Discovery, Vulnerability Intelligence, Brand Intelligence, Digital Risk Monitoring, Situational Awraeness and Cyber-Intelligence. Proprietary algorithms that show threat actor attribution, correlating hacker, motive, campaign and method
- Proprietary IP on how data is collected from dark web, hacker forums, closed forums, language specific forums, and more
- Best-in-class team spanning across many facets of technology and cybersecurity
- Strategic alliances with technology vendors including governance, protection, detection, monitoring, orchestration tools and other providers such as OT protection and response.
- Extensive partnership and alliances with distributors, resellers, MSSPs, GSIs
- Continual research and innovation
Please brief us about the products/services you provide to your customers and how they get value out of it.
CYFIRMA is defining a new category in cybersecurity called ‘ETLM’ (external threat landscape management) and has developed the world’s first external threat landscape management platform called DeCYFIR.
DeCYFIR arms governments and businesses with personalized intelligence where insights are tailored to their industry, geography and technology. DeCYFIR provides clients with multi-layered intelligence covering strategic, management and operational insights. DeCYFIR’s ability to combine cyber-intelligence with attack surface discovery, vulnerability intelligence, brand intelligence, situational awareness and digital risk protection on a single pane of glass sets it apart from the competition. Clients receive insights that enable them to conduct effective intelligence hunting and attribution, connecting the dots between hacker, motive, campaign and method to gain a comprehensive view of their threat landscape. With DeCYFIR, clients receive alerts on their third-party risk as well as early warnings of impending cyberattacks so they can act quickly to avoid a breach. DeCYFIR is designed to meet the stringent demands of CISOs, CROs, and Security Operations teams.
The company is also behind the cutting-edge digital risk protection platform, DeTCT. DeTCT helps clients uncover their attack surfaces, know their vulnerabilities, quickly gain awareness of any data breach or leak as well as third-party risk. DeTCT also helps clients protect their brand and reputation by unraveling any copyright infringement and executive impersonation.
One of our largest customers is in the manufacturing industry. We help monitor their external threat landscape across their business units and subsidiaries. This global manufacturer invests heavily in R&D in many domains – including high tech manufacturing, power, industrial, elevators, electronic components, semiconductors, harddisk, facial recognition technology, quantum technology, and many more. They subscribe to DeCYFIR platform to help them monitor for digital risk and threats ranging from corporate espionage to geopolitical competition. They rely on the early warning capabilities of DeCYFIR to give them deep insights to cyberattacks targeting them so they are armed with actionable intelligence to thwart these attacks.
Another customer, RICONS, one of the leading building and construction company in Vietnam has deployed DeCYFIR to help them monitor for third-party risk, ransomware attacks, and emerging cyber threats. Having just been awarded the US$400M contract to build Vietnam’s Terminal 3 of Tan Son Nhat International Airport, the company needed to ensure its suppliers, partners and employees are in full compliance with security policies and standards. DeCYFIR is the 24/7 monitoring platform that will provide RICONS’ leadership team full visibiity of their threat landscape and give them immediate alerts should new threat emerge.
Please name the sectors you cater the most, also the sectors which are facing threat attacks alarmingly, your advice for them.
CYFIRMA serves all industries with a particular focus on CII sectors.
Critical Information Infrastructures (CII) are sectors or industries that are deemed essential to the functioning of a nation’s economy, security, and overall well-being. The specific sectors classified as critical information infrastructures can vary from country to country, but they generally include:
- Energy: This includes power generation, transmission, and distribution systems, as well as oil and gas infrastructure.
- Water: The provision of clean and potable water supply and wastewater treatment facilities.
- Transportation: This involves transportation systems such as airports, seaports, railways, highways, and public transit systems.
- Telecommunications: Communication networks and infrastructure, including internet service providers, telecommunications companies, and data centers.
- Finance: The financial sector, including banks, stock exchanges, and payment systems.
- Healthcare: Hospitals, clinics, and healthcare information systems.
- Emergency Services: Services like police, fire departments, and emergency medical services.
- Government: Government agencies and systems responsible for national security, defense, and public administration.
- Food and Agriculture: This includes food supply chains, agriculture, and food processing facilities.
- Manufacturing: Critical manufacturing sectors that produce essential goods and materials.
- Chemical: Facilities involved in the production and storage of hazardous chemicals.
- Defense: Military infrastructure and defense-related facilities.
- Information Technology: The information technology sector, including critical software and hardware suppliers.
CYFIRMA’s core platform is designed to equip these industries with valuable external threat landscape visibility so that they stay ahead of threat actors and cyber risk. The protection and resilience of these sectors are a top priority for governments and organizations to ensure the stability and security of a nation’s critical systems and services, and CYFIRMA’s insights give defenders the much needed time advantage to mount effective strategies to keep attackers at bay.
Generative AI is being massively used by threat attackers, please share your views on the same and what measures one should take as a common man, especially vulnerable populations like senior citizens?
Hackers and cybercriminals can potentially leverage generative AI, like the technology used in large language models such as GPT-3, to their advantage in several ways:
- Automated Phishing Attacks: Generative AI can be used to craft highly convincing phishing emails and messages. It can generate text that mimics official communications from trusted entities, making it more likely for recipients to fall for phishing attempts.
- Social Engineering: Cybercriminals can use AI to generate highly personalized social engineering attacks. AI can analyze publicly available data to create convincing personas, making it easier to trick individuals into divulging sensitive information.
- Malware Generation: AI can be used to generate variants of malware, making it more challenging for traditional antivirus solutions to detect and defend against these threats. AI-powered malware can adapt and evolve in real-time to bypass security measures.
- Automated Password Attacks: AI can enhance brute-force attacks by generating and testing an extensive range of password combinations rapidly. This can help cybercriminals gain unauthorized access to accounts and systems.
- Deepfake and Voice Spoofing: Generative AI can create convincing deepfake videos and audio recordings. This technology can be used to impersonate individuals, potentially damaging reputations or spreading disinformation.
- Content Generation for Social Engineering: Hackers can use AI to generate fake social media posts, reviews, or comments to manipulate public opinion or deceive users.
- Scalability: AI allows cybercriminals to scale their attacks efficiently. They can automate various aspects of their operations, allowing them to target a broader range of potential victims simultaneously.
- Data Manipulation: Generative AI can be used to manipulate data, such as altering financial records or other sensitive information. This can have significant repercussions for organizations and individuals.
- Evading Behavioral Analytics: AI-driven attacks can mimic legitimate user behavior, making it more challenging for security systems that rely on behavioral analytics to identify anomalies.
- Generating Malicious Code: AI can assist in generating code for exploiting vulnerabilities or developing custom malware tailored to specific targets or weaknesses.
To counter these emerging threats, organizations and cybersecurity professionals must adapt their defenses. This includes employing AI-driven security solutions to detect and respond to AI-generated threats, continuously updating and patching systems, enhancing employee training on cybersecurity best practices, and staying informed about evolving cyber threats and tactics. Additionally, regulatory bodies and law enforcement agencies are working to develop strategies to combat AI-enabled cybercrime.
Common individuals can take several actions to protect themselves from various cyber threats and attacks:
Use Strong, Unique Passwords: Create strong and unique passwords for each online account. Consider using a reputable password manager to generate and store passwords securely.
- Enable Two-Factor Authentication (2FA): Whenever possible, enable 2FA or multi-factor authentication for your online accounts. This provides an extra layer of security by requiring something you know (password) and something you have (e.g., a mobile device).
- Keep Software Updated: Regularly update your operating system, software applications, and antivirus programs. These updates often include security patches to address known vulnerabilities.
- Exercise Caution with Email: Be cautious when opening email attachments or clicking on links, especially if the email is unexpected or from an unknown sender. Verify the sender’s identity if you have doubts.
- Beware of Phishing: Be vigilant about phishing attempts. Verify the authenticity of requests for sensitive information and avoid providing personal or financial information via email or phone unless you are certain of the recipient’s identity.
- Stay Informed: Stay informed about current cybersecurity threats and scams. Government agencies, cybersecurity organizations, and news outlets regularly provide information about emerging threats.
- Use Secure Wi-Fi: Secure your home Wi-Fi network with a strong password and encryption. Avoid using public Wi-Fi networks for sensitive transactions or use a VPN when necessary.
- Regularly Backup Data: Backup your important data regularly to an external device or cloud storage. This can help you recover your data in case of ransomware or data loss.
- Be Cautious on Social Media: Limit the amount of personal information you share on social media platforms. Cybercriminals often use information from social media for social engineering attacks.
- Install Reputable Security Software: Install reputable antivirus and anti-malware software on your devices. Keep these programs updated, and perform regular scans.
- Secure Your Devices: Use device security features like biometric authentication (fingerprint or facial recognition) and screen lock codes on your smartphones and tablets.
- Verify Downloads: Only download software or apps from trusted sources, such as official app stores. Be cautious about sideloading apps from unverified sources.
- Check Financial Statements: Regularly review your bank and credit card statements for unauthorized transactions. Report any suspicious activity immediately.
- Educate Yourself: Stay informed about common cyber threats and scams, and educate yourself on how to recognize them. Be skeptical of unsolicited offers or requests for money.
Report Suspicious Activity: If you encounter a cyber threat or believe you’ve been targeted, report it to your local law enforcement agency and relevant authorities.
By following these best practices and maintaining a cautious and informed approach to online activities, individuals can significantly reduce their risk of falling victim to cyber threats and attacks. Remember that cybersecurity is an ongoing effort, and staying vigilant is key to staying safe online.
CYFIRMA has developed Industry first ETLM model which gives clients a comprehensive view of the threat landscape, can you elaborate on the product and who can make the most of this product.
CYFIRMA has developed Industry first ETLM model – The Neuro centre for cyber defense that combines cyber intelligence with attack surface discovery, vulnerability intelligence, brand intelligence, situational awareness, and digital risk protection to give organizations a comprehensive view of their entire threat landscape.
These insights enable security teams to conduct threat hunting, malware analysis, and deep research on threat actors, motives, campaigns, and methods. Providing a “Hacker’s view” of their organization.
CYFIRMA’s ETLM model provides actionable insights at every level of the organization, from senior leadership to operation teams to facilitate key activities from strategic planning to tactical execution.
Insights provided by CYFIRMA’s threat intelligence platform, are categorized in to 3
1| STRATEGIC : Focuses on long-term implications for an organization. For instance, it provides the ability to effect change in a company’s risk registry and regulatory framework to ensure compliance.
2| MANAGEMENT : Uncovers trends and approaches to support cybersecurity planning.
3| OPERATIONAL : Allows teams to focus on tactics, techniques, and procedures (TTPs) of the adversary and examines IOCs to carry out immediate remediation steps and tactical execution.
The company’s unique perspective lies in its systematic approach of discovering threats and producing personalized and predictive insights, intelligence to 360 degree view of external threat landscape where six threat landscape pillars are presented on a single pane of glass.
Here are 6 threat views in details:
External Attack Surface Discovery
- Discover external-facing assets, process and people weakness exploitable by hackers
- Provide insights on redundant & shadow IT, cloud instances, configurational weakness, third-party attack surfaces
- Threat-led vulnerability enrichment based on changing external cyber environment. Reprioritization of identified vulnerabilities based on cybercriminals interest, attribution and association
- Help clients take proactive actions by prioritizing remediations and strengthening controls
- Monitor brand, product & service, executive infringement and connect with ongoing cybercrime campaigns
- Provide real-time third-party risk assessment & ensures brand integrity, closing all the blind spots
Digital Risk Discovery and Protection
- Round-the-clock dark web, deep web, surface web and social media monitoring for data and identities leaks, confidential files, source code, sensitive information exposure, impersonation of domain, assets and information, phishing and malware campaigns
- Reveal digital profile exposures, & proactively uncover risks associated to data leaks, breaches
- Understand cyber trends & threats specific to client’s industry, technology & geo
- Provide insights on cyber threats to help clients to realign their cyber posture
- Predictive, personalized, contextual, actionable outside-In and multi-layered cyber intelligence (strategic, management and tactical intelligence)
- Insights address the who, why, what, when & how of the attacks
CYFIRMA’s platform can be used by both business and technology leaders.
What has been Revenue, traction and growth from the date of inception till now?
Cyfirma has raised close to $18-20 million in funding till date.
We’ve raised our seed fund and Series A a few years back and we have used the fund to expand our engineering resource to build our products and support our expansion.
We are raising funds to support our expansion plans and drive even more innovation across our products. The new funds will be used, broadly in 2 ways, to grow our sales and marketing teams and build a wider ecosystem to accelerate our to-to-market strategy, and to continue to drive innovation across our platforms.
What are your growth plans for the next 12 months?
We are now at a stage where we are ready to expand geographically into all key markets. The new funds will be used, broadly in 2 ways, to grow our sales and marketing teams and build a wider ecosystem so we can go to market faster, and to continue to drive innovation across our platforms by ensuring our AI technology remain cutting edge, adding more features and functions that would help our clients get the insights and intel needed to stay ahead of cyberthreats. The goal would always be to ensure customers consistently obtain the best value from their investment in our platforms.