theCUBE + NYSE Wired: Zero Trust Cyber Series | Jon Murchison, Blackpoint

Clips
More from theCUBE + NYSE Wired: Zero Trust Cyber Series

Jon Murchison

Founder & CEO

Blackpoint

play_circle_outline Need for live detection and response models for cloud and on-prem environments

play_circle_outline Lateral movement detection and context-based monitoring as key features, seamlessly integrated on-prem and in the cloud

play_circle_outline Growth and hiring at Blackpoint Cyber, focus on platformization, exposure management, and AI integration

Info
Transcript

Jon Murchison, Blackpoint

Jon Murchison

Founder & CEO Blackpoint

TheCUBE is showcasing discussions at the NYSE for Media Week focusing on the AI Summit, cybersecurity events, and AI innovators like Jon Murchison, CEO of Blackpoint Cyber. Jon, with a background at the NSA, emphasizes the importance of integrating AI data and cybersecurity. Blackpoint Cyber offers MDR, cloud protection, app control, threat intel, and exposure management, with a focus on detecting privileged identity misuse. They are rapidly growing, with a focus on platformization, exposure management, and AI integration. Jon stresses the need for a more eff... Read more

explore Keep Exploring

What are some challenges that organizations, specifically large enterprises, are facing in regards to catching hackers, especially with the shift towards cloud technology? add

What are some of the things that are going on in offensive hacking that people may or may not be paying attention to, and how are companies like the NSA reacting on behalf of their customers in terms of defense strategies? add

What area has had a secretly huge AI effort going on internally and is going to fundamentally revolutionize what they do, particularly in relation to intersection AI and cyber? add

bolt Powered by CUBE AI

Jon Murchison, Blackpoint

search

>> Hello, welcome to theCUBE here. We're back at the NYSE for Media Week. I'm John Furrier with Dave Vellante, alternating in and out this week for three full days. You got the AI Summit going on in New York. Of course, the cyber security events happening here at the NYSE. And of course, AI innovators featured throughout this mix. Jon Murchison, CEO, Blackpoint Cyber is here. Jon, great to see you. Thanks for coming in theCUBE. Got a nice backdrop here. Pretty good, huh?

Jon Murchison

>> Yeah. Can't beat it. I really appreciate the invite.

>> You got all the big cubes they call them. I call them the big boards. But we're really here just doing deep dives around the cyber security and really the AI data integration. Starting to see that AI innovators and cyber that kind of go hand in hand. You're CEO of Blackpoint Cyber. Before we get started, just give a quick background on the company and some of the roots and what you guys do.

Jon Murchison

>> On the root side, we were talking about it off camera, I was an athlete, probably didn't know what I wanted to do for a living. And I was fortunate enough to get introduced to networking. And so I started that way, and I quickly ended up with the Nash Security Agency. So I was a offensive counter proliferation cyber expert there for 12 years, amongst a bunch of other stuff. And when I-

>> 12 years?

Jon Murchison

>> Yeah, yeah. And when I left, actually another injury, I hurt my knee skiing and couldn't work for a while. So I had an opportunity to build what, having been an offensive guy, what I would want to use to do defense. We looked at the market at the time. And after a lot of years of building, we're a software company at our core, we really got into building a platform that allows us to wrap it in a security operations center and deliver match detection response.

>> So, I love the history of the NSA because it really kind of gets your mindset. And you've been on both sides of the ball, so to speak, offense and defense. How has that transition, first of all, from the NSA into doing your own thing, but also the offense-defense perspective? You've kind of been on both sides of the table, so to speak.

Jon Murchison

>> For sure. So funny, transition, hardest one was actually learning how to go to market. No question. I mean by far, the hardest transition. Actually making the technology while very difficult in itself, I think what you learn is the world can get so wrapped up on the next exploit and back door. But the reality is, most of hacking happens by stealing identities, privilege identities, becoming the admin. And I think that's something we were able to bring to the market that the market hadn't seen before, the ability to put that in context in real time. And so, we found the efficacy absolutely worked and it worked really well. Obviously, there's all the other parts of running a business you have to learn.

>> What was the year you guys founded?

Jon Murchison

>> So, I would say it was a transition because the company's still doing some government work. But we really hit the market mid 2019.

>> And when you look at today's market, you got a lot more... I mean there's some enforcement going on. I see some of these crime units being actually taken out, not just disrupted 'cause they'll reconstitute. On the threat intelligence side, you're seeing advancements with AI. But the average enterprises have been blocking and tackling IT. There, we've been unprepared. And then COVID comes. What's the state of the art right now, if you had to scope companies, where they are in the progress? I mean everyone's still fighting day. And we covered this all the time on SiliconANGLE and theCUBE, every day it just does not stop, this inbound pressure. Where are we on the current state of the art? Are you happy where we are? Are there progress being made?

Jon Murchison

>> I'm happy where we are today. What I'm not happy-

>> You as a company or the industry?

Jon Murchison

>> Us as a company. As far as an industry, I think one of the challenges I think we ran into, and for the longest time, catching hackers was all about collecting terabytes of logs and sorting through that. And I think unfortunately, most organizations, specifically large enterprises, have put a tremendous spend... I mean, look at MGM. Right? On a stack that when you really break it down, it's about as good as your endpoint detection response tool is. And we integrate with all those products in the orchestrator, the agent. And what we've learned is they're missing 65% of the time. So, that's on-prem. The bigger gap that really concerns me is COVID drove a huge push to the cloud. We invented MDR for Microsoft 365 and added Google and Induo. And our attacks are now almost 30 to 1. So for every one on-premise attack, most of the time you're preventing it from turning into mass ransom, we're responding to between 26 and 30 cloud attacks.

>> So, cloud's less secure in your mind, or more attacked.

Jon Murchison

>> I think what's happened is the cliff notes catching hackers is wherever that authentication system and authorization sit, they're going to want to control that. It's moved to the cloud and a lot more workflows are there too. So, I am uncomfortable with the state of enterprise security as it relates to cloud infrastructure. It's just there's a lot of new techniques to hack and the defense industry has to catch up.

>> Sounds like a great market opportunity for you guys then because-

Jon Murchison

>> Huge.

>> So again, I love how you brought the access piece because I think as they say, the keys to the kingdom are there. That's where they want to get, that's the access to the money or wherever the assets they want to infiltrate out. What's the business model for you guys? Take us through the solution you guys do. What's the offering? How do you manage it? What are some examples of use cases?

Jon Murchison

>> So, where we have really moved to is a platform play.

>> Yeah. You have to be.

Jon Murchison

>> Everyone's going to a platform play. At the end of the day, we go to market through channels, and specifically IT service providers or MSPs. If you think about an MSP, they're managing 40, 50 different products. Now, layer on having to try and piecemeal your own security stack together. So-

>> And a lot of different identities too.

Jon Murchison

>> A lot of identities. And you're doing it for 40, 50 or hundreds of end customers who tend to be a little bit smaller segment, so less mature on the security side. So I think for us, in 2019, we did MDR just on-prem. We've added cloud, we have app control, we have a full-time thread intel and reversing team. We've had an exposure management moving to posture management, things like that. So the whole point is, how can we get the most cost-effective, efficient stack, simplify it? And then basically our SOC, if we see a bad guy, we take them out before they do damage.

>> Jon, I got to ask you, because first of all, you must love playing defense because you don't want to let anyone get a touchdown, if you're saying use a football analogy. But being on the offensive side, you got to think like the bad guy. And you've been on the offense side, at least with the NSA from that side. What are some of the things that's going on in the offense that you think that people may or may not be paying attention to? And what are the things that you guys are doing on the defense that's reacting on behalf of your customers?

Jon Murchison

>> So, I would say hacking on-prem networks hasn't really changed in 12 years. Techniques change a little bit here and there. I still think-

>> Pretty locked down then.

Jon Murchison

>> Yeah. Well-

>> Or...

Jon Murchison

>> I think the big difference is there are very few companies that can see when a privileged account is being used, then put in context what it's doing. Because when you follow that model, the decision tree is very binary. It's either an IT admin or it's a bad guy masquerading as one. And that's something that happened at MGM. And so what we brought on that side specifically is, we invented real live lateral movement detection and the patents around that. And so when we layer an anti-malware and app control and everything, it becomes pretty good. Where I think this industry has a lot of work to do, we're working as hard as we can, is specifically on the cloud side. People have consolidated so much of their workloads in the cloud. And then if you think about it, okay, so all the keys to my business kingdom are now mostly running in the cloud for a lot of companies. Now I want to use AI, I want to use Copilot for Microsoft, you need to be AI ready. There's data governance, tagging. And if you get all the efficiencies out of AI and that system's hijacked or taken down, you can imagine there's a pretty big .

>> All right. So, pretend you and I are getting a little Bitcoin funding from Korea, North Korea. And we say, "Hey, let's go take down some of these multi cloud, multinational." 'Cause they're all doing multi cloud, but they're not connected. It's just siloed stats. What do we do? What do we go after? How do we attack that?

Jon Murchison

>> Almost all the cloud attacks start with stealing privilege identity. We've all heard MFA, MFA. You need it, but probably a third of our saves are MFA bypass attacks these days. So you're going to start essentially get on LinkedIn, make a social network map of all the key IT professionals in a large enterprise. Figure out what they do, comb their social media, and craft what we'd call spearfishing campaigns to steal their credentials. And leverage that to create new credentials once you get in.

>> And that's target, you can do that over just whatever capture the flag kind of mission.

Jon Murchison

>> Yeah. Yeah, yeah, yeah. It's a classic red team or offensive operation.

>> All right, so we do that, we identify the target, they're vulnerable through some sort of social interaction, social engineering, we get their stuff. What happens next? How do you guys come in, manage, and detect and respond to that?

Jon Murchison

>> Yeah, so specifically on the cloud side, now ours is all integrated on a live network map. But on the cloud side, we have to monitor all these authentications. And then we have an entire enrichment tool to give us context where we can kind of unearth the other side. Because what hackers do all the time is they redirect through proxies and VPN services. And a common tactic we see now is they like to actually spin up an Azure machine in Microsoft and log into Microsoft from Microsoft. So, we've had to build a lot of detections there. And then we look for follow on what we call indicators of behavior. For example, creating new passwords, registering enterprise apps, things like that.

>> One of the things that on an interview I just did this morning with the companies in cyber, they do a lot of the discovery, discover all the devices and getting an inventory-

Jon Murchison

>> Of course....

>> lay it all out. When you look at some of your clients that have, whether it's multi-stacks across multiple environments with a lot of identity, 'cause you have different identity for the environments, are the things that the customers discover that like, oh, shit moments? Can you share what you've found and where people just by, I won't say by being incompetent, but by not paying attention or not seeing something? What are some of the blind spots that have that oh, shit moment where it's like, "Oh my God, we're exposed. Let's jump on that now."? And then how would you monitor that going forward?

Jon Murchison

>> Yeah. So, I got a stat and example. So, the stat first is 20% of every end customer we onboard to our cloud detection response service has an active business email compromise they don't know about. So, that's step one. So, you can imagine there's a lot of companies sitting out there with an exposure they don't realize. I think a cool story, and this is why if you're going to be a lead at MDR, you have to have a cloud and on-prem all integrated. We are seeing attacks now where you attack the cloud, let's say Microsoft's infrastructure, to go back on-prem. So, they can hit you on the cloud side. So a real world example is, we had a customer. They were paying for it but they didn't turn on the cloud protection. We detected malware on-prem, a ransomware or password stealer basically, to tee up for ransomware. And we realized it was Microsoft Intune that installed it. We had them turn on the cloud MDR right away.

>> Microsoft what?

Jon Murchison

>> Intune. It's a way you can deploy-

>> Okay. . Yeah....

Jon Murchison

>> applications for an enterprise. So, the thing hackers always do is they co-op the IT tools and then they can hide in .

>> So, Intune was passing the malware around.

Jon Murchison

>> It was. And it wasn't Microsoft's fault at all on this one. But once we onboarded our MDR for 365, takes a few minutes, five global admin accounts were compromised. They were completely owned. And so, I think that's-

>> That's how fast it can go down.

Jon Murchison

>> Absolutely. It's not a luxury anymore to have some sort of live detection response model on 365 and Azure, which called Entra now. The vast majority of all companies operating out there do not have that coverage and they're just bringing .

>> What's your killer secret sauce and what's your patents around the IP? Explain some of the IP that you guys have. What makes you different?

Jon Murchison

>> So first on the identity side, it's really lateral movement detection. And in the cloud it's a little different, but it's all around, how can you see what a privileged identity is doing and then put it in context? So you're not worried about the malware as much, right? You hope the anti-malware tools catch it, but you have to plan for them, not because... What hackers have done is moved to using IT tools to deploy software, and that's how you beat endpoint detection response.

>> Yeah. They're not pulling the trigger.

Jon Murchison

>> Yeah. So the secret sauce is we're able to put to catch malware, malicious tool sets, all the tradecraft. But we've also added in live disability into high consequence .

>> And you can take out people right there.

Jon Murchison

>> Yeah, we take them out right away. Click a button. So, that's one thing. The second thing is, we're one of the few, if only, companies that do live network mapping on top of it, so it gives us context. So we can tell when someone has exploited a VPN appliance, which is a huge trend these days. And so, we get extra context and then the ability to respond real quick.

>> All right. What strategies should your cyber customers take? What do you recommend for good strategies to be safe with you guys?

Jon Murchison

>> So step one, I personally would stay away from security incident and event management platforms as they've been traditionally deployed. It's not that it's bad technology, but the cost for the efficacy is really, really low. I think about logging just what's required. I think about, how do I lock down applications that are allowed to run, and specifically the IT tools? Because normal users shouldn't use that. And then the third is, you have to integrate an ability to detect malware. There's lots of great companies out there, Microsoft, CrowdStrike, SentinelOne, and others doing that. That all has to come together in one puzzle. And then the last piece, you touched on it earlier, with a company that is doing network inventory. You have to know what you have to protect it, and then you have to know the exposure on it, so vulnerabilities.

>> Talk about the company. What are you guys looking for right now? Put a plug in for what you're working on, hiring customer success, milestones, give a plug.

Jon Murchison

>> We're probably one of the fastest growing cybersecurity companies out there right now, so hiring is nonstop. I think I onboarded 40 employees the other day when I was-

>> Those all hands must be fun.

Jon Murchison

>> Yeah, yeah. It's changed a lot. We're going to attempt to do an all hands in person early next year. But where are we going? Hardcore platformization, exposure management. The thing I haven't really talked about much lately is, we've secretly had a huge AI effort going on internally. So to your point on intersection AI and cyber, it is going to fundamentally revolutionize what we do. And we've already pushed some of it into production. And I think when you think about the identity piece, all the integrations with EDRs, we have the best data set out there to learn on. And AI is finally ready. It wasn't years ago, but it is now.

>> And really, you guys focus really around the identity most. That's a big part of what you do, or is that one small part? It's a critical part.

Jon Murchison

>> Yeah, it's a very key part. And then you layer everything else in, applications-

>> Context....

Jon Murchison

>> that are being launched, the context, having that all come to the SOC too, so human can look at it. So I think for us, you have to have a beautiful marriage of malware detection and what I'd say tradecraft, which is how identities are used in context.

>> Sometimes people lose the craft side of things, especially in the era of iterate and metrics, getting so focused on things that might not actually be common sense. I'd love to get your thoughts on how you see that, because if you look at what you're doing, you're essentially creating the ability to identify assets when they're in motion or critical assets in context to is that in the right place? And that's a really kind of just common sense thing.

Jon Murchison

>> It is.

>> It's like, "Hey, that person's on his cell phone in the building. Why is he showing up as a physical plant over here?"

Jon Murchison

>> Yeah. If you really think about it, and this is, I want to be very clear, not a knock on software engineering. We're a software company. But the vast majority of cybersecurity tools were invented by software engineers. Software engineers would be the guys on the offensive side to make malware. I think our background's a little different because we have an analyst and an operator background. And so you have to beg, borrow, steal, use whatever you can to get the mission done. It's not just software.

>> Jon, I got to tell you, I've been vocal. I've been a hawk in the security business. I've been saying it from day one, we've been in cyber war. I said this over a decade ago. People are like, "Why are you so negative?" Negative? It's reality. With cyber war, now everyone talks about it, but it's warfare. This is not about just software attack that... Save the appliance, nice something shield that... No, no, no. It's a system game. Beachhead, flank. What's on the back end? What resources you have available? Resource-based advantage.

Jon Murchison

>> Yeah, down market, it's livelihoods. A lot of companies can't withstand these attacks and stay in business. I think the scariest thing I have seen that I've been worried about for a really long time is the hacking in U.S. telecom infrastructure, all the routing switching infrastructure. And Salt Typhoon, which you've read about. There is nothing more scary to me than that. Because we can have all the cloud assets in the world, and if you can't get to the cloud, what do you have? You have nothing. So that to me, our government has to, I assume they are quadruple down on upping the security for that infrastructure.

>> So, critical infrastructure in U.S. needs an upgrade.

Jon Murchison

>> Critical infrastructure... And a lot of people think like attacks. Those are actually hard to pull off. I'm talking critical infrastructure as in the things that move packets around, our voice calls or internet traffic. Absolutely.

>> Yeah, absolutely. Jon, great to have you on. We'll certainly have you back on. I love what you guys do. Love your background, offense and defense at the NSA. Not for the faint of heart to be at the NSA. Must be fun to work there. What was it like there? Keith Alexander said to me once in a meeting... I showed him some software build. He goes, "Did you work at the NSA?" I go, "Why?" He goes, "You got a surveillance mindset."

Jon Murchison

>> I'm very proud of my time there. Worked with some of the best, most dedicated people there. And yeah, you foul a lot, but when you have those wins, they're epic. And I wouldn't have given up that part of my career for my life. It was amazing.

>> Well, congratulations on your success and thanks for coming on theCUBE.

Jon Murchison

>> Thank you very much.

>> Really appreciate you.

Jon Murchison

>> Really appreciate it.

>> Cyber security, it's a national security challenge, it's a human challenge. It's about safety. Companies have been going to go out of business and affects lives. Again, the trickle-down effect and the impact of cyber security, if we don't get it right, it's impactful. Of course, we're bringing all the action here to media week. I'm John Furrier here with theCUBE. We're talking about cyber security, the future of AI, and data. Thanks for watching.