Idan Gazal, Verint - Businesses should rely on automated solutions to combat APTs
August 2016 by Marc Jacob
Verint, founded in 2002, is today a multinational company with headquarters located in the United States and its R&D center in Israel. This company has created a cyber security division that provides a Threat Protection System, an automated solution to combat APTs. According to Idan Gazal, Verint’s Product Manager and former analyst himself, companies should rely on automated investigation solutions to combat APTs.
GS Mag: can you present your business to us?
Idan Gazal: Verint was founded in 2002 in Israel, but from virtually its creation its headquarters has been located in the United States, however, R&D is based in Israel. Verint has already been listed on the NASDAQ for several years. We currently have more than 5000 employees worldwide. The majority of the Fortune 500 makes up our customers. We have over 10,000 customers in 180 countries worldwide.
Verint® is a global leader in Actionable Intelligence® solutions for customer engagement optimization, security intelligence, and fraud, risk and compliance. Verint has our cyber intelligence unit that one its product lines specializes in cyber security. Our challenge is to change the investigation strategy that continuously gathers evidence, generates intelligence, and provides the insights to stop APT cyber attacks.
GS Mag: How does your solution work?
Idan Gazal: Our primary solution is called the Threat Protection System (TPS). It is the first unified platform for detecting threats. In fact, it is able to trace all stages of the hacker attacks. In actuality, we have several sensors on the network, the end-points and the entire NW. Our solution automatically recognizes patterns of attacks of hackers and through these sensors it can send alerts. As our sensors are integrated, it permits to perform a genuine analysis of the events in an automated manner. TPS works with different technologies such as machine learning to detect C&C communication, a lateral movement detection of malicious behavior, for the files, it includes dynamic and static analysis. In addition, we use forensic technologies to do the post-mortem research. We are able with our unified platform to collect all of the information. Our system also provides automatic "Proactive Hunting" to find the APTs utilizing evidence coming from our sensors.
GS Mag: What is your business strategy?
Idan Gazal: We have several target segments. We target, the MSSPs, in particular the MDRs (as Gartner calls them). In addition, for the MSSPs, our platform permits hosting of several different customers at the same time, whatever may be the size of the companies. With TPS, they have a global vision of all of their customers on the same user interface.
Another targeted segment are mature companies that already have a SOC. For large accounts, we can integrate other different security products that normally use as the SIEM, Firewalls, IDSs, IPSs... TPS can perform the investigation automatically concerning these solutions to provide information on events and provide remedial solutions when an attack is confirmed. In addition, it provides analysis of the logs coming from the SIEM and proposes remedial solutions.
For companies that do not have SOC yet, TPS is a great fit as it brings a whole SOC solution including automatic investigation and forensics capabilities.
We already have customers in different countries all over the globe. We are working with partners, but also operate directly.
GS Mag: What is your message to our readers?
Idan Gazal: As a former analyst myself, I recommend to discontinue manual analysis and to use automated tools, so that security teams may focus on pure analyst work.