Brian McMahon on the Growing Need for Threat Intelligence

Brian McMahon Cybernews Interview headshot

As seen on CyberNews

Even though cyberattacks are rampant, many organizations are still equipped with security measures set to go off only after an incident has occurred.

While the recent data breaches and ransomware attacks surely made companies more concerned about their own cybersecurity, the fact that cybercriminals are still successful proves that there is still room for improvement. Our guest today believes that organizations should take a more proactive approach, gather threat intelligence, and be aware of their own vulnerabilities rather than depend on reactive solutions.

To discuss how threat intelligence is used to ensure network security, Cybernews invited Brian McMahon, the CEO of Threater – a company mitigating threats before they even reach their intended target.

Tell us the story behind Threater. What has the journey been like?

In an ever-changing cyber landscape, companies can no longer protect against real-time data threats with legacy solutions and reactivity. Relentless cyberattacks require real-time intelligence that draws from the very best sources and automated protection that actively defends every moment of every day.

Security-conscious organizations seeking to increase the level of threat intelligence protection face the difficult challenge of effectively integrating dozens of threat intelligence tools into their security stack and making sense of the data within their unique context.

We’ve recently rebranded from Bandura Cyber to Threater to continue our commitment to provide cyber intelligence and active defense against modern-day threats. Today’s threat landscape is immense, making active defense cybersecurity more important than ever and emphasizing the need for our flagship product.

This is why we built Threater – to make the very best threat intelligence actionable and available for every enterprise defender.

Can you introduce us to your Threater platform? What are its key features?

While most cyber products are reactive, identifying threats that have already entered a network and alerting a human of the threat, Threater takes a different approach by blocking known bad traffic before it hits the network. Our solution also focuses on blocking both inbound and outbound actions. 

Threater works to:

  • Enable an ideal protected network while improving firewall efficiency.
  • Seamlessly integrate into and enhance your existing security stack. 
  • Mitigate false positives quickly and intuitively using automation, saving time and resources.

What we do is simple: We block known bad traffic in both the inbound and outbound directions before it impacts your network while ensuring that known good traffic will always be allowed. Everything on the Internet comes down to an IP address. Our 50+ partners (with many more to come) are working 24/7 to identify the millions of known bad IP addresses on the Internet, yet traditional security controls are limited to 150,000 externally configured third-party IP addresses. This makes no sense and it’s why we exist. We can support over 150M (1000x more than traditional security controls) – all in real time and without adding any latency.

What technology do you use to analyze large amounts of threat data?

Threater uses more than 50 world-class cyber intelligence feeds to inspect, block, and log every known threat from impacting your network. Enterprises use Threater to gain instant network protection without expensive upgrades to expensive products or needing to add new, complex systems that just add to the noise. Our customers don’t need to change a thing in their existing stack – just plug the holes with Threater and rest easy knowing that every threat is blocked in real time.

Have you noticed any new threats arise as a result of the current global events?

Yes. Criminal and nation-state-sponsored cyberattacks from Russia are a common occurrence. In the days before the physical invasion of Ukraine, Russia’s cyberattacks on Ukrainian government websites and related organizations ramped up in an effort to sow disorganization and confusion. 

Here’s an example: a mass distributed denial of service (DDoS) attack from Russia on Wednesday, February 23rd targeted both Ukrainian government websites and national banks. To help mitigate the damage, the affected government agencies were forced to route traffic elsewhere, as Russian cybercriminals flooded their network with illegitimate traffic to stop the normal operations of these services. Simultaneously, dangerous wiper malware was activated in an attempt to destroy or disable essential data.

We expect to see these types of attacks continue in tandem with what’s happening on the ground in Ukraine. Bad actors outside of the Russia/Ukraine conflict may also see a window of opportunity and increase attacks as uncertainties increase across the globe.

With so many cybersecurity solutions available, why do you think certain companies and individuals are hesitant to try out new technologies and upgrade their cybersecurity posture?

There are a few reasons we often hear when we’re talking to our existing or prospective clients.

Often, executives and other leadership team members simply don’t know about today’s available options and are unaware that their cybersecurity posture may be lacking. Similarly, they might think that whatever tools they have in place are good enough.

As with any industry, there’s also a hesitation to try something radically new and different – even if the technology is proven to be more effective than legacy solutions. 

Why do you think certain organizations are unaware of the threats hiding in their brown networks? What warning signs can indicate that the network has been compromised?

If there were enough clear warning signs, you wouldn’t be hearing about massive breaches from top Fortune companies. The best indicator would be to do an analysis of current traffic or understand potential areas of weakness – those include both systems and humans. You could say that Threater is somewhat of a warning system – we have a massive amount of known threats and can show you if your organization was in fact vulnerable to a specific threat that you hadn’t prepared for and you’re just lucky the hackers hadn’t gotten to you yet.

What problems can organizations run into if proper threat intelligence solutions are not in place?

  • Data exfiltration
  • Ransomware demands
  • Costly downtime
  • RCA (root cause analysis) exercises and man-hours spent trying to figure out what went wrong and how to ensure it doesn’t happen again
  • Negative PR and Brand Identity (think of what Target went through a few years ago). Customer loyalty and trust are at the backbone of many companies. With competitive marketing across all landscapes, it’s easy for companies to profit off of others’ mistakes

Besides threat intelligence solutions, what other security best practices do you think are essential for modern companies?

It’s always been true that some of the simplest things you can do to stay protected are the same things that people tend to have a hard time doing – even when they know better. Specifically, simple things like:

  • Make sure you are using strong, unique passwords and rotating them regularly,
  • Use multi-factor authentication whenever and wherever possible,
  • Update your software regularly, automatically where feasible.

If every organization did those things religiously, the bad guys would have a much more difficult time compromising networks, since those three pathways (simple/repeated-use passwords, no MFA, and unpatched software) are rampant.

But what’s interesting is the realization that even with those things in place (which the industry has learned is a very hard thing to achieve and police in the first place), you’re still vulnerable, especially to zero-day attacks. Many of the high-profile attacks you read about in the media stem from these – the Solarwinds zero-days with a supply-chain attack vector strewn in, Microsoft Exchange attacks, and so on.

And the combination of those facts really brings to light the importance of a robust, scalable threat-intelligence-driven backstop that Threater brings to the table. When people don’t follow the rules and when zero-days are circulating (and they always are), only a solution like Threater can give you a fighting chance at staying secure. We’re very proud of that.

And finally, what’s next for Threater?

We continue to have big plans for Threater – both on the product side and the people side. 

In addition to our recent rebrand, Threater has recently added a few new team members. George Just recently joined as our Chief Revenue Officer, bringing over 20 years of experience in Network and Security startups (including experiences with Oracle, Nokia, and Alcatel), and Courtney Brady joined us as VP of Marketing with 15 years of Cybersecurity marketing experience (including experiences with Imperva, Source Defense, and NoFraud). Adding George and Courtney to the team is already making us better and we’re excited to see them continue to grow into their roles and make a huge impact at Threater!

Our team will continue to grow and we have some incredible things in store for the product. Our job is to make our customers safer and their day-to-day lives easier. We’ll be focused on both of those things.