Israeli security startup firm Hexadite automates cyber incident response

The company claims its product reduces cyber incident response times by up to 95 percent

Technology developed by an Israeli security firm called Hexadite promises to help companies reduce cyber incident response times by automating security breach investigation and remediation.

The company's product, called the Hexadite Automated Incident Response Solution (AIRS), is currently being tested by several U.S. and Israeli-based companies and is expected to be launched around October.

However, companies interested in the technology can request a demo starting Tuesday and then potentially join the beta program, said Hexadite's co-founder and CEO, Eran Barak.

Large enterprises have a wide range of security products running on their endpoint systems or networks, including anti-malware programs, data loss prevention (DLP) systems, firewalls and intrusion detection systems (IDS). These are further complemented by security information and event management (SIEM) products that analyze data from various applications and systems inside the organization and generate alerts.

Traditional approaches to cyber incident response involve a lot of manual intervention from enterprise IT security teams who have to look at every alert, decide whether they're valid security breaches and take steps to remediate them, if necessary. However, the increasingly large number of cyber attacks and the systems deployed to detect them often leave security teams with the task of dealing with hundreds or even thousands of alerts on a daily basis.

According to Barak, this typically results in backlogs causing the average security breach response times of many organizations to range from several days to weeks.

Bloomberg Businessweek reported in March that the data breach at retailer Target data that resulted in the compromise of 40 million credit and debit cards could have been limited if the company's security team in Minneapolis would have reacted in a timely manner to a malware alert from a detection system installed on the company's network.

Hexadite's goal is to reduce cyber incident response times by using proprietary algorithms to automatically respond to security alerts generated by various detections systems. AIRS can investigate, contain and remediate security breaches, as well as rule out false alarms, reducing the time required to resolve an incident by up to 95 percent, the company says.

The product will be made available as a virtual appliance that can be installed on existing hardware. Once it is up and running it is able to perform administrative tasks on the network and endpoints using protocols that already exist and specialized proprietary tools, Barak said.

As an example of how AIRS works, Barak described how it handled a security incident on the network of one of the companies that are currently testing the product. The incident involved an employee from the human resources department opening a malicious PDF file from a phishing email that installed a malware program on his computer.

AIRS received an alert from a detection system about a connection to a suspicious IP address originating from that computer and took the necessary actions to block it, Barak said. It then connected to the computer and identified the malicious process that opened the connection, determined that the PDF file was the source of the infection and removed all the malware components. It then generated a report for the security team to review, he said.

The system was designed to be able to handle sophisticated malware infections, especially on endpoint systems, but it can respond and contain other types of security incidents as well, for example data leak attempts by insiders, Barak said. The company organized the different types of incidents into several categories and created special algorithms and rules to handle them, he said.

Organizations that like to have more control over their incident response processes can set up AIRS to run in a semi-automated mode instead of fully automatic. While in this mode the system investigates alerts on its own, but then prompts security team members to approve the necessary remediation steps.

Hexadite was founded in early 2014 by Eran Barak, Barak Klinghofer and Idan Levin, three former intelligence officers in the Israeli Defense Forces. The company is based in Tel Aviv and received $2.5 million in seed funding from YL Ventures and former Microsoft Corporate Vice President Moshe Lichtman.

Join the CSO newsletter!

Error: Please check your email address.

Tags TargetsecurityHexadite

More about BloombergDLPMicrosoftTechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Lucian Constantin

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts