The best hackers are able to stay hidden in a system, looking like legitimate users, and it is these hackers whom cyber-security startup XM Cyber is aiming to expose with its HaXM platform.
XM Cyber announced HaXM on March 20, describing it as an automated advanced persistent threat (APT) platform. The company, which is now emerging from stealth, has raised $15 million to date and includes an executive team that has its roots in the Israeli intelligence community.
“We established XM Cyber two years ago with veterans of the Israeli intelligence community. Our chairman and president is Tamir Pardo, who is the former head of the Mossad,” Noam Erez, CEO of XM Cyber, told eWEEK. “Our vision came from our unique experience in the field, where we have seen many times that even when companies have protective measures, organized cyber-criminals still have success in penetrating defenses.”
Erez noted that attackers are able to operate “under the radar” of many organizations’ existing defenses for a number of reasons. APT attackers have a whole host of tactics that allow them to mimic legitimate users and as such are able move laterally within an organization, often without detection, he said.
Finding holes used by APT hackers can be a cumbersome process that involves skilled cyber-security security professionals acting as a red team. Erez said that the idea behind XM Cyber is to automate the process of finding the paths used by APT hackers in a continuous manner. The HaXM platform also provides recommendations for remediation, which is something that is often done by blue team responders within an organization.
“HaXM is a purple team machine, providing a combination of the red team that finds attacks from the perspective of the hacker and at the same time it provides a very focused blue team report on how to fix issues in a very precise way,” Erez said.
Artificial Intelligence
Helping to power the HaXM platform are artificial intelligence elements that aid in the automatic attack process.
“Basically everything it [HaXM] does is AI,” Adi Ashkenazy, vice president of product at XM Cyber, told eWEEK. “It starts with decision systems and includes more advanced machine learning algorithms.”
Ashkenazy explained that XM Cyber developers have learned all the different tactics used by cyber-attackers. The AI capabilities enable the HaXM platform to determine what the most valuable targets are and decide what path an attack should take. HaXM can be deployed on-premises on an organization’s servers and also includes endpoint sensors.
“The reason why we deploy on endpoints is that, in our experience, much of the ‘juice’ of an attack, including misconfigurations and credential misuse, are on production endpoints,” Ashkenazy said.
Ashkenazy added that the HaXM platform has capabilities to safely simulate attacks on a production environment without endangering the actual business services.
Competition
There are multiple vendors in the market aiming to help organizations improve cyber-security with simulation platforms, including SafeBreach and Cymulate, among others.
Ashkenazy said XM Cyber differentiates from other vendors by trying to help organizations understand if there is any way that an attack can reach critical assets. Erez added that there are a lot of great cyber-security technologies in the market today and yet attackers are still finding ways in. He added that XM Cyber’s goal is to show companies where the problems are and how they can fix them.
Looking forward, Erez said XM Cyber is continuously updating and improving its technology to detect new and emerging threat vectors.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.