Bleeping Computer cyber security experts: The cybercrime gang specifies excluded targets, but the others are hit by a tailored malware and the threat to post stolen data online.
Yoroi joins Cybaze, consolidating the birth of the cyber security center of excellence in Italy. Marco Ramilli and Pierluigi Paganini will lead the federation, composed of over 140 experts
The Italian cyber security hub of excellence is born. Yoroi, established last month through a merger between Emaze and Cse Cybsec, has joined the Cybase Federation in recent days. Cyber experts Pierluigi Paganini and Marco Ramilli will lead these “Three Musketeers” of cyber security in our country. The first objective will be to consolidate the federation, which is composed of more than 140 elements, creating a unique portfolio of offers for all customers in our country. Then, a process of internationalization will start. Ramilli, founder of Yoroi, explained to Defence and Security the meaning of this operation and the benefits it will bring. Both in the defence against increasingly evolved cyber threats and in an industrial and competitive environment. “We aim to create a point of convergence capable of dialoguing on an equal footing with large international companies, and to give the Italian system a center of excellence in the field of Cyber Security,” he anticipated.
Ramilli: Yoroi joined Cybaze to bring along technologies and the way to work with them
As Ramilli explained, “there are several organizations operating in the ‘Security’ field in Italy. Some of them have been active for many years, while others are brand-new. The former ones express an idea on the market and a classic modus operandi inherited from ‘network security’. The latter ones, on the contrary, act toward the present challenge of cyber security through last-generation methods and tools. They remain, however, small organizations struggling to aspire to a primacy on an international scale. As the cyber expert underlined, Yoroi has joined Cybaze to bring along the technologies, the Cyber Security Defence Center (CSDC), very different from a Security Operation Center (SOC), and the way of working with them. The group brings along a lot of experience, valuable experts, project management skills and many certified professionals, which few in Italy have.”
The cyber expert: Combining the skills of Yoroi with those of Cybaze is essential to build the leading Italian Cyber Security group. A group able to ‘make its voice heard’, first at European level and then worldwide
“We believe that, in order to build the leading Italian Cyber Security group, it is crucial to bring together our respective competences. A group able to ‘raise its voice’, first at European level and then worldwide,” Ramilli said. Moreover, “some cyber threats identified at the national level (Taxololo, MalHide, MartyMcFly, etc.) indicate that we Italians too have what it takes to play on an equal footing with the great international players,” said Yoroi’s founder, whose mantra is “Defence belongs to human.” This belief – he explained – “is as valid today as it ever was. Cyber threats are increasingly complex and evasive, as they are able to evade protection systems with extreme ease. A human mind, ‘amplified’ by the right technology, is the only source of resolution to unknown threats.”
The advantages of cyber defence
What are the advantages of cyber defence? “Some people, even those who have been working in this field for years, do not pay adequate attention to the difference between Protection and Defence – explained the founder of Yoroi -. These two concepts, although adjacent, are profoundly different in terms of both modus operandi and conceptual posture. Those who work in the protection sector do not have plans or instruments outside the usual technological means to respond to the threat. Those who work in the defence field are well aware that an attack can successfully hit its target and, for this reason, they develop specific methods, processes and technologies that extend the usual concept of Protection.”
The example of the cyclist and the bike explains the difference between a SOC and a CSIRT (which later became Defence Center)
“To better understand the difference – Ramilli explained -, let’s think of a cyclist who, after hours of activity, arrives at a refreshment point and secures his bike with a padlock. Those who think in terms of ‘protection’ are sure that, given those circumstances, an attacker cannot be able to break the padlock and steal the bike. If this happens, there is an incident to be managed. This is typically mapped by a Security Operation Center (we are talking about the years 1990 – 2000). On the contrary, whoever thinks with a defensive mind – added the cyber expert – is sure that in that context there is someone capable of breaking the padlock to steal the bike. Therefore, he adopts a number of processes, methods and technologies to manage the event as it starts to unfold. This is typical of a CSIRT (years 2000 – 2010), which then evolved into a Defence Center (since 2015) thanks to an ad-hoc technology.
Why Cybaze and Yoroi chose each other: Technology
There are essentially three differences between Yoroi and the other players in the Italian cyber security market regarding the macro areas of Technology, Business and Process. Ramilli explained that, as for the first area, “we have developed a system of identification, attribution and management of threats entirely made in Italy. We are talking about the first Italian Defence Center, not about IDS, Firewall or SIEM+, but about a parallel system designed to facilitate the analysis of threats. Typically, Yoroi’s competitors (those who offer similar services) buy software licenses from third parties and then use them on their customers.”
Why Cybaze and Yoroi chose each other: the Business
Concerning the second area, we have a type of hybrid business: Product and Service on our own product. This methodology allows us to create the best software for the service applied. Only at a later stage, competitor organizations (those who develop similar products) have purchased or created service organizations (FireEye with Mandiant, Cisco with Talos, PaloAlto with Unit46, etc. …). However, this happened after the product was already manufactured and several customers had it installed. This detail makes the service dependent on the product. On the contrary, – added the cyber expert – Yoroi creates the product according to the service. We believe that the service is the only way to defend a victim. An automatic system cannot defend a victim in complete autonomy. That is the reason why we say that the Yoroi Defence Center was created by analysts for analysts.
Why Cybaze and Yoroi chose each other: the Process
“Our Cyber Security Analysts are not SOC Operators, they have Malware Analysis and Reverse Engineering capabilities (which are not usual in the SOC environment) and they use a system (the Defence Center) – Ramilli specified -. This system is able to suggest, through Machine Learning algorithms (which our developers created in collaboration with some of our partner universities), indicators of compromise and respective actions taken in the past, in order to better reach resolution. All this with the aim of increasing the value of the service. Thanks to these new processes, – concluded Ramilli – a Yoroi Cyber Security Analyst is able to identify complex threats such as MartyMcFly and/or Malhide.”
Photo Credits: Cybaze