In a world where cyber threats continue to evolve at an alarming pace, the need for innovative and effective cybersecurity solutions has never been greater. Illuminate Security, a trailblazing company founded by former banking and cloud security experts, is at the forefront of a groundbreaking approach to cybersecurity. Their community-driven threat detection platform, known as Bluehat, is poised to redefine how organizations defend against cyber threats.
In this exclusive interview, we sit down with Illuminate Security‘s co-founder to delve into the origins of their game-changing idea, the incorporation of their past experiences into the platform’s design, and how they address the pressing concerns of trust, cost-effectiveness, and expertise in the cybersecurity landscape. Learn how the Bluehat platform is not only reducing the burden on security professionals but also enhancing the effectiveness of threat detection through a community-driven model. Discover why Illuminate Security believes in “Lower cost, better security” and how their platform is poised to revolutionize the world of cybersecurity.
1. How did Illuminate Security come up with the idea for a community-driven threat detection platform?
After nearly two decades working in our field, our idea was born out of frustration and the challenges we observed. To put it succinctly, there are three key points to highlight:
Origins of the Idea: The idea stems from years of experience in our industry and our growing frustration with the conventional approach that had been in use for almost 20 years. When we examined the transformative impact of bounty programs on offensive security, it became evident that a similar approach should exist for the defensive side. However, it had not materialized. My co-founder and I had spent a significant amount of time in this field, and we came to the realization that the issue was not about introducing new technology, processes, or relying on AI and ML. Instead, it was a fundamental problem with the business model and approach to cybersecurity defense.
Fundamental Problem: At the core of the issue, we found that the traditional cybersecurity defense model was flawed. We were burdened with expensive and hard-to-maintain technologies, struggled to attract and retain essential talent, and failed to clearly demonstrate the return on investment or the effectiveness of our security capabilities. This problem wasn’t about the technology or processes; it was about the way we delivered and managed security controls.
Our Solution: This is why we conceived our idea. Fortunately, organizations like Bugcrowd and Hackerone had already paved the way for crowdsourcing security expertise. We took this concept to its logical conclusion and applied it to the realm of cybersecurity defense.
In essence, our idea was born from the need to address the longstanding challenges in cybersecurity defense, particularly the inability to adapt to a changing threat landscape and the shortcomings in our traditional approaches.
2. As former banking and cloud security experts, what experiences from your past roles did you incorporate into the design and functionality of the Bluehat platform?
We have developed scalable, reliable, and data-driven security solutions for internet scale problems.
We’ve successfully implemented complex technology and process solutions for some of the world’s most prominent and heavily regulated organizations. When we consider what we bring to the table, it’s a perspective based on our extensive experience. We believe that overly complex solutions aren’t necessary to address exceedingly complex problems. In the world of organizations and businesses, especially when it comes to defending against threats, simpler solutions consistently prove to be more effective over time.
That’s why at Illuminate Security, our approach focuses on simplifying complexity and enhancing defense controls. When it comes to the longevity of solutions, it’s a no-brainer whether you’re comparing our approach to the status quo, be it a legacy approach of an MSSP/MXDR or an internal do-it-yourself SOC. Many times, organizations end up facing the challenge of migrating from such approaches after just a few years due to the inherent issues of the broken model as outlined below.
3. With the traditional approach to cyber threat detection being deemed as ‘broken’, how does the Bluehat platform ensure that companies can trust the community-driven model?
We strip away all the unnecessary complexities and empower experts to excel at what they do best, while addressing our three main high-level concerns:
- Costly Technology: Both in terms of financial expenses and operational complexities.
- Expert Retention and Acquisition: Preventing burnout among experts and ensuring the ability to attract and retain top talent.
- ROI and Effectiveness Measurement: The capability to calculate return on investment and gauge the effectiveness of our solutions.
When we consider the approach for threat detection, as mentioned earlier, we are essentially addressing these three fundamental issues. Instead of pouring resources into an ineffective approach and hoping for better results, we recognize the importance of addressing the high turnover rate in the industry. The job market is continuously competitive, with analysts frequently lured away by opportunities offering higher pay, which reflects their market value. Unfortunately, organizations struggle to keep pace due to HR policies and bureaucratic constraints.
So, how do we ensure that companies can trust our model? We employ rigorous background checks, trust level assessments, and expertise evaluations. This sets us apart from traditional MSSP (Managed Security Service Provider) or MXDR (Managed Extended Detection and Response) approaches. With our model, your organization has full visibility into the analysts who meet the criteria to assist your specific needs. Moreover, we provide multiple access mechanisms to tailor our services to your organization’s risk profile.
4. You emphasize a “pay-for-results” model. Can you explain how this pricing structure works and why it’s beneficial for both companies and analysts?
Today, companies are shifting towards paying for results rather than just sunk costs and time.
Here’s how our approach works: Organizations have two fundamental costs. First, there’s the coverage subscription, which covers the platform and related operational expenses. Beyond that, you pay for findings directly to the analysts. This payment serves as a reward for their expertise and the work they put into maintaining the rules and systems that identify compromises in your network.
Our payment structure is structured around the MITRE ATT&CK framework, which classifies incidents. Each tactic within this framework corresponds to a range of rewards, whether in the form of financial incentives, reputational benefits, or hierarchical points that determine your position on a leaderboard.
While I can’t provide specific prices today, as the cost of finding a malware compromise within the first hour versus days later can vary, market dynamics and supply and demand will naturally determine these prices over time.
Analysts have their own expenses and value their expertise and research, so a time-based perspective will be applied based on the criticality of the findings for an organization and the data they provide. In the future, I envision a scenario where organizations are willing to pay thousands of dollars for timely detection of specific threats, even before they escalate into major breaches. This approach is an exciting development in the industry.
Our approach encompasses three key elements:
- Technical Means: We employ our proprietary log processing technology to process data, manage access mechanisms, and ensure data security.
- Procedural Methods: Our data engineering strategies ensure data handling adheres to best practices and procedures.
- Access Criteria: Companies have explicit control over how they grant access.
With our log processing technology, every log entry undergoes a rigorous six-step process:
- Accurate Identification: Each log entry is accurately identified.
- Customer-Specific Redaction Rules: We apply customer-specific rules to reduce the data.
- PII and Privacy Scrubbing: Agnostic PII and privacy-related scrubbing rules are applied.
- Tokenization: Every username, system name, etc., is tokenized on a log-type basis.
- Quality Checks: We implement innovative quality checks to ensure the accuracy and effectiveness of the process.
- Reference Data Integration: Finally, reference data is applied in real-time, providing necessary contextual information for threat detection while maintaining data anonymity, if desired by the customer.
Combining this technical approach with a procedural one, companies retain control over access criteria. They can specify how analysts access and receive data, ensuring that their data is distributed as they prefer.
This approach carries minimal risk when compared to the immense reward of having access to world-class talent that specializes in pinpointing security compromises and threats, ultimately strengthening your organization’s security posture. It makes perfect sense to us every time we explain it.
6. What are the criteria for becoming a “Bluehatter” or security expert on your platform? How do you vet these individuals for trustworthiness and expertise?
We provide opportunities for individuals at all levels of expertise, aiming to give those early in their careers practical experience.
On our platform, anyone can become a “blue hatter,” regardless of whether they have a decade of industry experience or are still in university. The key distinguishing factors are what you know, what you think you know, and how you approach identifying compromises.
Successful individuals on our platform tend to be the ones who specialize. Rather than simply seeking out open-source rule sets and installing them in tools like Splunk to inundate themselves with false positives and data maintenance burdens, they invest time in researching and developing efficient, automated analysis pipelines. This proactive and logical approach is the key to success on our platform and stands in contrast to the less effective industry approach seen today.
7. How do you address concerns from companies that may be hesitant to forward their log data, fearing breaches or misuse?
Our platform offers the unique combination of complete anonymity and non-advertised campaigns, along with explicit control over the analysts.
Surprisingly, we’ve encountered less resistance from organizations than we initially expected when explaining how we address their risk concerns. Once we outline the value and rewards our approach offers, any initial hesitance tends to disappear. We enable organizations to implement this model in a way that aligns with their specific risk profiles, making it adaptable and tailored to their needs.
Our primary goal is to communicate this message more effectively so that we can engage in honest discussions about how our system works and how it can revolutionize security threat detection. Furthermore, we want to address the fact that many MSSPs and MXDRs currently have this data in clear text. While they have security controls in place, the data remains vulnerable in the event of a breach, which has happened and will continue to happen. Our approach to securing the data represents a fundamental shift in the model, de-risking third parties, be they “blue hatters” or other third-party security cloud providers. This approach, which no one else is currently adopting at our scale, is a game-changer in the industry.
8. What types of organizations would benefit the most from using the Bluehat platform?
Our model and platform offer value to a wide range of organizations, including:
- Companies with a Single Security Professional Trying to Handle Everything: If you have a lone security professional attempting to manage all aspects of security, our platform can provide dedicated expertise and assistance.
- Regulated Industries: Industries with strict regulatory requirements can benefit from our approach to improve compliance and security.
- Companies Seeking Better ROI on Security Investment: For organizations looking to make the most of their security investments and maximize ROI, our platform can be highly effective.
- Companies Aiming for World-Class Threat Detection Coverage: Organizations aspiring to achieve world-class threat detection coverage can leverage our specialized expertise.
In fact, we believe that every organization, regardless of its size or industry, can find value in our model and platform. Whether you have a large security team in need of specialized focus or are a smaller startup with limited security resources, our platform is adaptable to your specific needs. We’re eager to engage with organizations of all sizes and help them enhance their security posture.
We had an early customer where we aided in the identification of an APT (Advanced Persistent Threat) actor, which taught us valuable lessons:
- Expertise Access is Critical: Our customer didn’t initially have access to the expertise they needed to address the APT threat.
- Use Case-Driven Detection Tools Excel: Our platform showed the power of use case-driven detection tools.
In this specific case, our first customer was a small organization. They brought us in, and once we got them configured and onboarded, I attempted to apply the usual approach. I installed Splunk, downloaded a Sigma rule set, connected the logs, and began hunting for malicious activity. However, I soon realized that this method was inefficient in terms of time, cost, and outcomes. It was both expensive, incurring substantial Amazon EC2 charges, and generated numerous false positives. Although I did uncover a few minor issues, the critical threats that were highly likely in their industry remained undetected.
Recognizing the need for a more focused approach, I took a step back and created a single rule for after-hours authentication. I implemented this rule using a simple AWS Lambda function. The result was remarkable: my costs dropped from $50 a week to just five cents a month. Moreover, on the very first night after implementation, I successfully detected a breach.
This experience taught us two valuable lessons. First, organizations need access to the expertise required to address threats effectively. Second, as an analyst, concentrating on specific threat categories yields far better results than the broad and less efficient methods often employed in the industry.
They would never have access to my expertise if not for our approach to this problem.
10. How does the reward management system work in terms of deciding the value of identifying specific threats or compromises?
Our scoring system assesses security findings based on three key factors:
- Accuracy: The precision and correctness of the finding.
- Completeness: The comprehensiveness of the finding, ensuring that all relevant information is included.
- Timeliness: The speed at which the finding is reported and acted upon.
Taking these factors into account, we then determine the value of the reward in terms of monetary compensation, as well as assign a status and award points to recognize the significance and quality of the security finding.
11. How do you see the Bluehat platform evolving in the next few years, given the rapidly changing landscape of cyber threats?
We envision our platform becoming the definitive ecosystem where theories about effective security threat detection are put to the test and either confirmed or debunked. Creating detection rules is relatively straightforward; however, what truly sets apart true practitioners from mere talkers and pundits is the ability to efficiently manage and maintain these rules.
We aim to establish ourselves as the ecosystem where real-world practice and data-driven results will separate the best from the rest. In this environment, it will be easy to distinguish those who talk about security from those who actually practice and excel in it.
12. How do you handle situations where a Bluehatter may falsely identify threats to earn rewards?
Our approach to quality assurance and validation of submitted findings is comprehensive and has been designed with scalability in mind, considering what we call the “Champaign problem.”
This means we are prepared to handle the substantial volume of findings and activities on the platform that come from thousands of customers and analysts. Our processes ensure the quality and accuracy of these findings at scale.
Our approach to the preparation of data as well as the accurate tracking of logs ensures that we cater for the attempts of fabricating compromise in log data and attempting to fraudulently claim rewards. (it is a very cool approach and something we have patented as part of our wider set of inventions here)
13. What makes Illuminate Security stand out in a market that’s saturated with cybersecurity solutions?
We are pioneers in adopting this approach, and we do it with a no-nonsense mindset.
What sets us apart is our commitment to accurate, data-driven measurements, and this is the core of our approach.
We are a “do more, talk less” bunch of folks that we hope over time results will speak for themselves! We see those results coming from happy customers AND participating detection experts who become advocates for the approach through the fact they are making lots of money for their efforts.
14. With the emphasis on reducing burnout for security experts, how does the Bluehat platform promote a healthy work-life balance for its analysts?
Burnout often stems from having unrealistic expectations. The notion that analysts should understand every log type, every threat group, and how their activities manifest in the logs is fundamentally flawed.
Our approach allows analysts to be recognized and rewarded for their expertise within a narrower scope of responsibilities, rather than trying to cover and manage everything. This not only reduces burnout but also leads to more effective threat detection and response.
I see a world where, much the same on the offensive bug bounty side of the fence, we have detection engineers that do this full time working for themselves.
15. For businesses considering your platform, what would be your top reasons they should choose the Bluehat platform over other threat detection solutions?
Our approach can be summed up in four simple words: “Lower cost, better security.” It’s as straightforward as that.
We provide the most effective threat detection results available, and we do so at a cost that’s significantly lower than what’s typically seen in the industry. Our aim is not to be cheap but to be realistic and fair to both organizations and the experts who contribute their expertise. We believe in delivering security that is both cost-effective and enduring.
Looking to promote your brand to a targeted audience of startup founders, investors, and C-level executives? Check out our advertising opportunities and sponsored articles at StartupBubble.news! Reach out to us at [email protected] to discuss how we can help amplify your brand’s visibility and drive results. Don’t miss out on this opportunity to connect with our engaged readership. Contact us today!
