Sydney-based entrepreneur Carlo Minassian has returned to the cybersecurity startup scene with his new venture LMNTRIX and an adaptive threat response (ATR) platform that goes after attackers from the inside and fills the void left by other vendors focused on malware detection.
The LMNTRIX platform comprises detection, response, deception, hunting, intelligence, reconnaissance, and data, with Minassian telling ZDNet that the seven technologies and methods found in ATR have never been brought together in one place before.
"What we are doing is going on the offensive, but we're not only doing that -- this is multi-dimensional," he explained. "It's about bringing together a range of disparate, highly effective technologies, deconstructing the cybersecurity-as-appliance model, and harnessing fiercely creative methods in a war of attrition against network threats."
In 2013, Minassian sold his managed security services baby Earthwave to Dimension Data for "tens of millions of dollars". As part of the deal, Minassian took up a gig as the general manager for managed security services within the global giant.
During his three-year stint at Dimension Data, Minassian said he noticed a few trends in the greater security landscape that become more predominant outside of Australia, where companies get larger.
"I'm not an alarmist who thinks there's a hacker hiding under every bed, but what I saw was truly disturbing," Minassian said. "As I toured institutional cybersecurity facilities, I was shocked by the lack of sophistication and just how ineffective the tools and technologies were. So much of the bright shiny expensive kit was being used so poorly."
While he had a general idea what was going on in the outside world, Minassian needed solid evidence and testimonials from those on the ground before injecting a bucketload of time and money into a project that wasn't validated outside of his own gut.
"I had assumed that cybersecurity had progressed to meet the challenges, but I found that progress has been far too lopsided with vendors pushing solutions that only added to the problem," he said "There were a lot of people making a lot of money from things that just didn't work, and at the same time a sense of desperation among executives and administrators that things should be working but somehow they weren't."
Minassian left Dimension Data in February last year and started his new venture by visiting 25 security managers, posing questions to each in a bid to validate his assumptions. He then surveyed another 350 security managers and collated that data over a period of about three months. After that, he said he was content that the issues he had predicted were in fact real.
"The issues that I found were the reasons why I started LMNTRIX," he told ZDNet.
First of all, Minassian said he witnessed companies investing significant amounts of money into security, particularly into the likes of security operation centres and detection tools.
"All of these gadgets but they still had no ability to detect and respond to advance threats," he said. "It was really an eye opener for me because millions was invested in tech solutions, but their ability to detect and respond to a threat was either minimal or non-existent."
The second issue Minassian came across was "alert fatigue", where organisations were overwhelmed with alerts they had no ability to validate.
Another concern of Minassian's was that no service providers in the market had the ability to detect a human attacker on a customer's network, as they so casually mimic another employee.
"None of them were able to detect because all of the tools they were using were focused on detecting malware," he said. "My solution had to address that as well."
Similarly, in conducting his research, Minassian was told that many organisations were concerned that once they experienced a breach that they had no evidence, no forensic capability, and they didn't know how an attacker got in and where they went once they were on the network.
"These were fundamental issues that I tried to solve," Minassian explained.
"The way the industry has grown it hasn't matured fast enough to keep up with the way that adversaries and hackers work, and that is why it is so easy for them to get around."
When Minassian founded Earthwave, he was only 27. Now at 43, he said he is doing it methodically, with his execution vastly different to what it was 16 years ago.
"Back then I was a real virgin if you like. I had no idea what I was doing I was just testing, trying everything until something worked -- now I know exactly what works," he said in jest.
LMNTRIX also comes with its own modus operandi: Be the hunter not the prey.
"We're turning the tables on the attackers and changing the economics of cyber defence by shifting the cost to the attacker by weaving a deceptive layer over the entire network so every component gets coated with deceptions," he explained.