StrikeReady’s Chief Product Officer, Anurag Gurtu, discusses AI virtual assistants, the younger generation’s AI optimism, the problems of incident response, and the automation possibilities of artificial intelligence. Anurag and Paul explore how virtual assistants will disrupt cybersecurity, orchestration, SIEM, SOAR, and managed services. Building and training virtual assistants is more complex than it appears, emerging products may need to deliver an ecosystem of familiar tools for bots to affect their environment.
Find StrikeReady.com on Twitter @strike_ready. Anurag Gurtu can be found @AnuragGurtu and on LinkedIn.com/in/gurtu. Send feedback to host, Paul Shomo @ShomoBits or LinkedIn.com/in/paulshomo. Read Paul’s end-of-year startup wrapup at DarkReading.
StrikeReady’s Chief Product Officer, Anurag Gurtu, discusses AI virtual assistants, the younger generation’s AI optimism, the problems of incident response, and the automation possibilities of artificial intelligence. Anurag and Paul explore how virtual assistants will disrupt cybersecurity, orchestration, SIEM, SOAR, and managed services. Building and training virtual assistants is more complex than it appears, emerging products may need to deliver an ecosystem of familiar tools for bots to affect their environment.
Find StrikeReady.com on Twitter @strike_ready. Anurag Gurtu can be found @AnuragGurtu and on LinkedIn.com/in/gurtu. Send feedback to host, Paul Shomo @ShomoBits or LinkedIn.com/in/paulshomo. Read Paul’s end-of-year startup wrapup at DarkReading.
Genealogy of innovation is a new kind of cybersecurity podcast focusing on emerging tech. We'll interview top entrepreneurs, startup advising cisos, analysts, and more. Our topic, what's wrong with cybersecurity? The security arm strength is full of hype, but when you focus on the inception point of innovation, you encounter the brightest minds who have a better feel for what's important in cybersecurity. Welcome to the genealogy of innovation. Cybersecurity startup and emerging tech podcast. I'm Paul shomo. This is an exciting episode. I wanted my first three interviews to be really strong visionaries that are having profound conversations about the future. And today I brought in honor of Gertrude, the chief product officer from strike ready. This interview is actually recorded last fall as I wrote my end of your wrap up of startup innovations for dark reading, which was called coming to a sock near you, new browsers, posture management, virtual assistants. In case you want to read it, I'll put a link in the show notes. Strike rating was one of the more unique automation solutions I had seen, but I can tell you for sure there are more AI assistant startups coming very shortly. If you think this interview sounds particularly cutting edge, keep in mind, it was recorded before chat GPT took the world by storm. So it was even more so last fall. Now, listen very carefully because this is a different kind of AI than chat GPT. They're actually doing incident response. This care of virtual assistants is actually required to affect the environment around it. And not just read things and relay them back to you. Thanks for a time. So a little bit about our background. So most of I would say 80 90% of the team is all timers of fire. And we used to run we used to run different functions at fire. Some of us were part of the zero day discovery center, some of us were part of R&D, some of us were part of the threat intelligence team, engineering team, products team, marketing team, sales team, sales engineering team, and so on. So we all sort of came together to form this company and launch at three and a half years ago. Our background during the far I days had been very extensively on the detection side of the house. We had over 25 patents on detection. Active patents deployed in the products and deployed in different aspects of products. Some were on the network side, some of them were the email side. Some of them were on the file analysis, some of them were on the endpoint side and so on. Because far as you know how to multiple products, which offered their defense. So when starting strike ready, the decision we had to make was, do we, again, become a detection and prevention company just because we had a very strong background in it, or to be doing something different. And our decision was to do something different and we started looking at the space, seeing what is the next wave of technologies that we have to or what is the next market segment that is interesting enough? And it was pretty obvious that automation was a big revolutionary aspect that would transform industries. And then we looked at the automation. There were a lot of companies and automation at that time. I mean, we had resilient, which was our bought by IBM, as you know, back in 2014. We had mister round. We had phantom. And these were all emerging companies, right? But what we quickly realized that the way that these companies were approaching automation is just not going to scale. And the reason that we felt it's not going to scale was they were expecting very highly skilled people to build automation. And they were going after the skill talent gap that existed in cyborg. With the solution that will solve it, but it required much more amount of expertise to build that out. So we said, well, this might give this definitely not work for masses. This might work for fortune ten, fortune 50 companies. So now we will clear that automation is the area that we have to go with. The second thing that we started looking at is we started looking at what is the next tech, which is going to have massive game changer or transformation and reports AI. We double down on AI meaning that AI is going to make a difference. So now we have to leverage AI and we have to go about doing something with regards to automation. But when we started talking about AI with the current workforce, it was pretty evident that a lot of old timers were pretty much air doesn't work. It's all it's all smoke and mirrors and stuff like that. But when we were talking to a very much more younger crowd, they were embracing yeah. They never had that feeling that you know what AI is like smoke and mirrors. They said, yeah, I mean, show me what you can do. And then if they liked something, then they embraced it. And it was very evident with AI being leveraged in other technology aspects. So we knew that the next gen workforce would be millennials or would be like not Richard guys like us. And they will embrace AI. And when we started looking at the behavioral patterns, like how would they communicate with technology? And it was very that voice and text would be the way of communication. So now you have three different things. We have the next gen workforce millennial. We know that their communication mechanism is text and voice. They are open to AI. And we have to do something with automation because that's the way that people solve the skill talent gap. So it could pretty much converge. We knew what we had to build and we started building. So what we build was we built, we can call it its industries first digital cybersecurity analyst. We call it Kara. We said we can build a digital analyst. And this racial analyst will be trained with skills by observing the best of the best cyber defender or analyst in the industry. It will learn from it. And then it will democratize that intelligence. So not only will it offer automation capabilities, which will help regular analysts with speed scale and productivity enhancements. But what this digital analyst will do in addition, it will give them knowledge and the third thing that it will do is it will enhance their skill. And to enhance their skill, this racial analyst will bring technology tools and technologies or capabilities, which may not exist in an organization. So I'm going to show you here I have enabled my debug mode too so you can see in real time how we break about sentences and figure it out. So as you can see, when I said hi, Kara. She sort of have to run through classifiers to figure out what type of conversation it is. So she understands the small talk and then she said, it looks like a greeting message to me and then she will say signal the message and respond to the EU from, again, in this case, you would see that she will still say it's a small talk, I shall conversation. This is the intent and then it will respond. But if I start asking about something like, what is our dark side? Over here, you will see that she understands when I say that, that this is not a small talk. It's a knowledge seeking intent that I'm going for. I've been able to debug. It's a knowledge seeking intent, right? It has to come from knowledge. She looks at dark side. She can immediately know that she runs away, right? So now she knows it's ransomware, knowledge seeking. She extracted the intent and then she pulls information, right? Structured information about that threat actor. When Cara comes in into your organization to augment your team, and it can be any team it can be IR team, it can be soc team, it can be a threat and tell team, threat hunting team, one of the management team, red team, IT team, but when she comes in, she can not she sort of it. That's fine. She can not expect that you would have all the tools and technologies that are required for her to perform the job. So she will bring with herself a lot of tools and technologies. If you have tools and technologies which are required for how to do the job, she will leverage them. But she can not just make an assumption that you have it. Now, the beauty of it that or that is that an organization which is very less mature on the security curve when they onboard Cara, they get two benefits. First, the security maturity increases because suddenly they get access to tools and technologies which not only care I can use, but their team can also use. And secondly, they get the skill set, so the struggle that they are facing with not being able to hire highly skilled people also goes away. At the same time, when you are conversing with her, she's observing each and every conversation because she's doing a couple of things. She's profiling you to understand the level of knowledge you have, the level of skill you have because she can give suggestions to you. Secondly, she's also observing you not only learn from what are your areas of interest. Maybe she's observing me and saying, you know what? Keeps talking about keep searching about different type of ransomware. And when he's dealing with these ransomware, he is basically he's trying to hold hunt for some IOCs and then once he finds us IOCC blocks that. So now I know I know that other ride is more inclined towards ransomware and there are maybe certain type of ransomware that he's going after and stuff like that. So she sort of profiling every user to do a couple of things, right, to understand what they do, understand the level of skill they have, and understand the behaviors of interest that they have. So you can be very granular in saying who you should learn from, of observability, as she is going to observe everyone. Is Kara like how is she sit between you and what you're doing in the environment? It's a SaaS based service, and you log into that service. And it basically launches a conversational interface for you. So there are two modes to communicate one is you can go in a conversational route where you can start delegating tasks to her. And she would perform those tasks in real time and the second mode is where she would you based on the roles and permissions that you have assigned to Kara. She will start performing tasks in an autonomous way. So Kara lives on your cloud platform and it's delivered as a SaaS application. So what integrations or customer data then is being pulled into your cloud for care to work on? Are we talking like endpoint telemetry, sim, cloud alerts? Yeah, we pull in a lot of I'm going to show you. We put in a lot of type of intelligence, right? So we are so if you have EDR technologies, we're pulling in metadata and alerts of the ETR products, right? If you have same, we are pulling in the same information. If you have any incident management, we are just reading through your case management systems and then pulling information from them, right? All of it may be, right? They are writing text and it took me a parsing it through NLP mechanisms. If you have vulnerability management systems, we are just looking at what the scan data is from them. If you have thread intelligence feeds, we are interested in pretty much whatever the threat interface is bumping inside, but when we are analyzing them relabeling them and stuff like that, right? If you have email security products, we are just looking at every email that is passing through those systems. Patch management systems, we are looking at what is what is being patched, what has not been patched. So it's basically it's sort of like a simple plus, right? It's like a it's like a data Lake that we just want you to keep pumping data because we have to look at exactly what is going on in the organization. The more we see, the much better she will perform because she has very holistic and understanding of what it really is going on in your organization. That makes sense. And then you said she brings tools in that you don't have. Are you talking about open-source tools or more complicated pen testing tools? Yeah, she brings a lot of open-source tools. She also brings a lot of tools that we are we have written ground up. And these tools can be like a tip platform, right? A thread intelligence platform, which helps with operationalizing IOCs. So instead of, let's say you don't have to add metrics or threat portions or something like that. We can't expect you to have it or to have chiral operationally performed to its fullest capability. So we have written that it will ground up. She can use it. Let's say you don't have a proper sort of no problem. She will bring automation total, but with ourselves and do the stuff. Maybe you don't have breach and attack simulation to no problem. She will bring that to maybe you don't have risk based quality prioritization tool. No problem she will bring that tool. Maybe you don't have a tool which can discover assets in real time and identify which assets are more critical in your organization. No problem. She can bring that tool. So you're mainly bringing stuff that obviously you're not buying on the site because I would be difficult profitability wise. But stuff that's open-source, stuff that you do that she's specialized and has learned how to use and as an expert at kind of doctor is open-source and some of these tools that I've mentioned, we have written them ground up. We wrote them ourselves. So they were not open-source, but we had to write those tools ourselves. And the reason was like I said, right? We want Cara to embody a certain persona when she comes to an organization. So let's say you have a challenge with your soc team. We will say, okay, you can hire Carol, you can buy Cara. Actually, but not higher. You can buy Cara, and then she will come in and she will embody a persona of a soft tier one analyst or you have a challenge. And then what will software analysts do? I mean, when a lot comes in, they have to basically assess them for a true positive or false positive. And then they have to contextualize it and enrich it. And then they have to punt it to an IR person to handle it. To do that job to do perform that skill if any tool is needed, we just can't make a blanket assumption that that exists in your organization. So when you have to analyze IOCs, while total is one of them, Carol will bring virus total, but there are 60, 70 different analysis engines that Cara will bring along with that. And you as an analyst may not even know that they are 50 60 other analysis engines are the best of the best folks in the industry rely on, right? Because you're not that season, and even if you're seasoned, there is no way I can pretty much every analysis engine under the sun that most of the best defenders use, right? Yeah. And what are some of the analysis engines give contradictory information than what do you do? So that level of complexity is what we had worked on. Just out of curiosity, I'm really asking to get a feel for your business and where you're allocating resources. Like what percentage of the tools she brings are open-source versus what you write? So the only thing that she does she brings open-source or the analysis engine tools. So for example, and I can show you in the product, these tools are different analysis engines that we would rely on. To analyze an IOC, she will bring on open-source sandboxes for her to analyze to do that stuff. But everything else, if you don't have threat Intel, she's bringing that. If you don't have patient relationships, she's making that a few times. I'm sorry. She's bringing that. If you don't have risk based, one key management, she's bringing that. If you don't have asset discovery. So those I mean, those are companies by themselves. Yeah, yeah. But we don't think they should make companies by themselves. They should be just features. But that seems like an outrageously ambitious engineering project, but one thing that occurs to me is you're writing them for Kara, who's your user who you have right in front of you. I would imagine that makes your development of your internal tools a little more economical to develop. Is that true? Yeah, it makes us it makes it very economical as part of to develop secondly, our entire foundation, Paul has been threat intelligence, right? So we have been in the cyberspace on the Intel side for like 20 years. So there was no learning curve for engineering team. They had been writing products like for years and years. So our rap time, I mean, it was it was a pretty ambitious thing when we were even raising, right? People can not believe that you can pull out multiple product lines and on top of that, you can leverage AI. And you said, yeah, I mean, trust us. We have the team is exceptionally strong. We are like 70, 80 people right now, right? So you may feel it's not doable, but it is actually doable. It may take us about a year and a half to build it two years to build it. And it took us to almost two years, two and a half years to build it. But we are in three and three and a half year Mark. So a lot of us has already built so back to the work you're doing to build internally. So it kind of sounds like because your team is so strong, you're kind of building your team's intelligence into both into AI, but also into the tools she uses external toy AI. Is that kind of the tools which are on the platform? The platform exposes looks capabilities out, yes. Is that kind of the essence of how you're monetizing your engineering capital? Or am I reaching on that? So we don't sell tools like. We don't have a Facebook list to sell tools. Based on the team that wants to use it and the number of analysts that will get empowered using care of. So if you have a soft team of 5 people, we are sending you the platform and saying, Gary is going to come with 5 seat of licenses where every Anders can leverage Cara. And that's how we sell. Go back to the analysis engines. Is she learning from what your internal analysts would take would think based on what all those analysts come back as or are you actually like doing supervised machine learning with her or you're building some kind of like decision tree, knowledge graph with that? What does that look like? Yeah, we are building a knowledge graph. And we are building a decision tree on that. So here are I'll show you now, and I'm going to minimize this. So you can see a lot more in one shot. There are all the feed sources that she is looking at and analyzing in real time on what is going on, right? I mean, I mean, there are hundreds of resources. There's not even a single individual on the planet who can actually name all of them. But she has learned this from the best of the best defenders. Similarly, if you look at analysis engines, they are like 30, 40 different analysis engines, engines, right? Abuse IP, shorter, or torn or green eyes, threat mine or URL loss, et cetera, et cetera, right? So she's looking at all these analysis. So when she has when she are giving any artifact to her, she is looking at all these analysis engines and then seeing what is the outcome from that. She is looking at strike pretty straight intelligence seeing what is the outcome of that. And then she runs different ML algorithms like one of the most. One of the most apparent algorithms that's running on top of its ensemble. So she's running on top and on top of it and then based on actually making a decision in real time to look at that artifact and say, is this really a true positive or a false positive, right? Right. So she does that. Now, based on this is exactly what the best of the best defenders and industry do. Because we have learned from them. But not everyone knows how to do it. And that's where she would come and assist. Real quick, what category does Gardner say you're in or what are they calling this? So Gartner did a paper. In November of 21, where they work where they wrote about conversational AI. And they identified as the only technology innovator in conversational AI in cybersecurity. There was nobody else. It's still not figured out which category because there are so many categories we are playing in, right? Because when they look at the capabilities or features, individually, they're seeing that all we are playing in baz. That they are guessing we are playing in sword. We are playing in tech. We are playing in RBVM. We are playing an asset discovery. And conversational AI like Cara doesn't the category doesn't even exist, right? So they still can't place our places correctly in which category we really are. And that's not just with gardeners but forester and IDC, like everyone says, well, we haven't seen anything like this. This conceptually is very different because you are hiring Cara and then Kara's coming with whatever tools and technologies and this will do the job. And we don't know which category IUN. So and I think that is why we are sort of so different. But we are the category of the next gen cybersecurity operations industry would look like. It will be humans and AI based assistance that will do the job. I was going to say it's almost like you're a service category, but you're building out an AI, basically. It's a full blown product. There's no services PS that we have in our team. I mean, I'm just using an analogy like your closer to a service team because you're putting forward an AI bot. Like instead of putting forward one of your experts to do the work for them, but it's like you're right, you're right. Yeah. It's something like an MDR. It's sort of an MDR because you're sort of managing the entire threat management, volunteer management, aspect of an industry. But without an MDR, it is being done in-house, but with AI. From an analyst perspective, I think Gartner is the only one that has written. There are a few who are still writing because they still are trying to define what the space and this sort of little maybe a little ahead of its time. So they really start writing when they see you a lot of players doing it. But when you're talking about pure innovation, you usually don't have followers for many years, right? Of course. And that's why I'm trying to write about I'm trying to write about that space before all that stuff happens for sure. We will actually go into that. Awesome. Very cool stuff. You kind of wowed and surprised me. So yeah. Thank you. Thank you so much for having all the time for us. Some AI assistants like Grammarly or Google's assistant watch your communications and help you write. Some chat with you like technical support bots. But there's a different kind of virtual assistant which imposes its intelligence and your desires on the environment, like Siri. Siri can be tasked to do things that require a phone messaging map or search app. She needs that ecosystem of tools around her to affect the environment. Now I hadn't thought of this before this interview, but when companies of the future deliver AI assistance to their customers, they may be on the hook to also deliver an ecosystem of tools around that assistant so that it can affect the environment. Strike gradient is developing an ecosystem of tools along with the Cara, AI assistant. Are they taking on too much? That was my first reaction. You could probably tell from the interview, but the more I think about it, I'm not actually sure. Take breach and attack simulation tools. They deliver one of those tools with Chara. But what they're really talking about is an internal good enough tool built for their specific controlled cloud environment and to be used very predictably by their own AI assistant. Now, does that require less engineering costs to build than a full blown commercial breach and attack simulation tool that's developed for a customer base of wildly unpredictable human users? It probably is. Like most people, I've never developed an application for a virtual assistant. I just don't know. But I'm going to be very curious to watch strike ready as it plays out over the years to see what happens. And then my fourth and final thought, I want to point out that four years from now, you're going to be able to re listen to this interview and it's going to still sound cutting edge. That's what the genealogy of innovation is all about. This incubation space around startups typically is operating about four years in the future, at least at this moment. You can find strike ready online at strike ready dot com or on Twitter at at strike ready. This has been the genealogy of innovation with Paul shomo. Before you do anything else, go to Apple, Google, Spotify or your favorite podcast app and hit follow to get this show delivered automatically. Support the show and give us a review if it's a 5 star, I'll give the early adopters a shout out on the show. I also love to hear feedback. Samuel message on Twitter. I'm at shomo bits. Thank you for listening. Go forth and innovate.