CIO Bulletin

Resecurity is a cyber security company that delivers a unified platform

The world is now more reliant on technology than ever before. The emergence and growth of technology has had a positive impact on human life, but the convenience has, however, come with the risk of cyber attacks. If you use a tech device for whatever reason, then you’re highly likely to be exposed to a cyber attack. You’ll need to be protected, and that’s where cyber security comes in.

Cyber security is the protection of electronic data and information. It’s the defense of electronic systems on devices, like computers, cell phones, servers, and networks, from malicious attacks. Regardless of who you are, it’s important to keep your data safe from unauthorized access.

Resecurity provides intelligence, risk management and security capabilities. Their mission is to enable enterprises, national security and law enforcement agencies to combat cyber threats regardless of how sophisticated they are.

Resecurity is focused on intelligence-driven solutions. They invest in big data, artificial intelligence, and data science. These bring unique value in complex investigations of cybercrimes, apt campaigns, and threat actors.

Christian Lees, Chief Technology Officer, talks about making a mark in cybersecurity industry

Q. How did the idea of starting Resecurity come to your mind?

First and foremost, we wanted to reinvent security. What I mean is that there are too many point solutions and not addressing the bigger problem across technological ecosystems and digital transformation. Second, today’s security practice in general requires time, resources, and funding equivalent to technology spending while business demand with innovations was growing. So, we decided to build an end-to-end ecosystem protection solution that is more focused on outside of the perimeter vs. inside the perimeter. But connect the dots from what’s happening outside to inside while using actionable intelligence. When I say actionable intelligence, I don’t mean the commodity data that is readily available. Simply, you need to know what’s happening, who’s targeting you and being able to connect these events to take countermeasures. So, we wanted to be like (and this is what they usually call us) the drones outside the perimeter or your firewall to collect upstream intelligence but manned by human operators. Because signal intelligence alone is just noise. Hence data driven and human curated intelligence tailored to each of our customers. This all-source intelligence provided a foundation to build our products that is servicing our customers worldwide.

Q. How well do you compete your peers in the market?

We do our best to see what’s in the market as well as what everyone is doing. Where we differentiate ourselves have been on the data. Simple as that. Not about volume or marketing keywords, but intelligent data. We don’t focus on our platform, and it’s features and functions, because that’s not what intelligence platform is, and we just call it workbench for operators to work. Every customer that we have gained over the years comes to us for one simple reason, they need actionable intelligence and our capability to enable our human operators or Hunter™ Unit to develop realistic situational report.

Q. If there is supposedly a data leak, how would you help companies manage the situation?

This is such a sad subject. We characterize these data leak as threats when, both technology and security team has been playing whack-a-mole with patching and hardening. It only takes one simple account to have a game over situation and this event to take place. As well as your third parties or supply chain with like situation.

When we do have an engagement or existing relationship with such event, first thing is identifying where and how the breach happened. This could be done through engaging the threat actor, network test to see where the data was potentially exposed, etc…. The key is to identify where and how it happened so you can close the loop quickly as possible to reduce any further leakage or access. There are so many iterative processes around this as well as company’s maturity and appetite, this could be a very long response, nonetheless. Bottom line, identify the problem, plug the problem, and figure out best way to get the business back online or Prepare, Identify, Contain, Eradicate, Recovery and document Lessons Learned. And of course, damage control from legal, reputation, etc…. Of course, it’s all details.

Q. How are you revolutionizing cyber security?

In multiple fronts. Not about the platform but driven through data. The actual consumers of solutions are tired of explaining why they missed an attack or what there was a gap in coverage. Never mind the fact that they didn’t even enough money or resources to operate all the solutions. Resecurity built simple out of the box, ready to go, developed by operators who has been in the client shoes and not just about cyber but also business scalability.

Q. What are your latest technologies to mitigate cyber-attack?

Technologies come and go, which is why we built our platform based on data first. Developing with data first in mind gives us tremendous opportunity to build whatever is needed. Starting from Context™ our main threat intelligence platform to Risk™, our digital risk solution. It took us over 5 years to build the latest solution that ties all the platform, simply called Endpoint Protection Platform or EPP. All the combined solution completes our portfolio – at least for now – but this provides 7 in 1 protection across the entire ecosystem. In near term, we’ll consolidate the entire offering into a unified platform that delivers actionable intelligence and down to the user level with our endpoint offering. Because “attacks” is going to come harder and faster, defense in depth is all about the inside but outside there is no rules.

Q. How does your intelligent platform deliver global visibility?

Global visibility is a thematic term that we try not to use, mainly because it’s not about boiling the ocean but identifying key upstream as to the source of intelligence. This is where you are dealing with commodity vs. actual intelligence. Core of our business and capability is based on our Hunter™ Unit. This is our adversarial unit that hunts on actual intelligence, tailored to each of our customers. Human aspect of intelligence can never be replaced with a technology.

Shed light on the Context^TMprocess.

Context™ is about flexible monitoring module for operator can organize and use as a workbench, meaning:

Confidential monitoring of all web environments (deep web, dark web, public web) for the presence or absence of a provided set of indicators, which could include IP address, file hashes, URLs, phone numbers, email addresses, physical addresses, names of similar.
Identification of threat actors, attack tools or campaigns targeting State, Local, Tribal, and Territorial government agencies.
Identification of threat actors, attack tools or campaigns targeting
Identification of threat actors, attack tools or campaigns targeting employees of the Client.
Identification of credential and other information leakage or the Client and Client employees. The platform allows to define domain names, personal identifiers and other signatures to target search on breached data.
Identification of Client information or identifies being sold on the “black market”.
Identification of the precursors to or signs of identity theft targeting Client high profile employees.
Identification of vulnerabilities specific to a list of software and hardware as well as degree of difficulty and the rate of prevalence seen “in the wild”. Resecurity is also involved in zero-day research activity and provides detailed intelligence notifications regarding adversary tradecraft.
Identification of imposters of the Client and Client key individuals through fake social media accounts, fraudulent apps, websites and other digital channels.
Identification of potential “cybersquatting” risk from domain name registration similar to the Client’s domain name(s). Additional details are provided in block describing DNS repository.

To minimize the possibility of error, bias, and misinformation, Resecurity Context™ leverages data science and big data analytics to “mine” and analyze intelligence from a wide range of sources, including:

Actor-Centric Intelligence
Botnet Intelligence
Dark Web Intelligence
Data Breach Intelligence
Human Intelligence
Open-Source Intelligence
Malware Intelligence
ISP Traffic Intelligence
Signal Intelligence

Platform ability to collect and analyze input from all these sources, Resecurity Context™ can provide comprehensive finished intelligence about Subjects of Interest or multiple Essential Elements of Information, including but not limited to:

Adversaries, Suspects, and Victims
Device Identifiers
Indicators of Attack (IOAs)
Indicators of Compromise (IOCs)
Malware Artifacts
Network Indicators (IP, Domain)
Signatures or Events

Meet the pillar of the company

Gene Yoo has over 30 years of experience in cybersecurity for some of the world largest brand names such as Warner Bros., Sony, Computer Science Corporation, Coca-Cola Enterprise, Capgemini, and Symantec. Most recently, he served as Senior Vice President and Head of Information Security for City National Bank. He also served in an advisory role to Phantom (acquired by Splunk), Protectwise (acquired by Verizon), Elastica (acquired by Blue Coat) and Vorstack (acquired by ServiceNow).

Meet the inspirational leader

Recently Christian Lees is appointed as Resecurity’s Chief Technology Officer to drive cutting-edge product development and innovation. In this role, Lees will manage a global team of engineers, security researchers, data scientists and software developers across all core products and R&D.

Lees brings over 35 years of experience in the cybersecurity and information technology industry, with a proven track record of building technology for vulnerability assessment, intrusion detection, network security and DDoS mitigation at Trustwave, Level 3, MCI and IBM.

Before joining Resecurity, Lees served as the CTO for InfoArmor, Inc. (acquired by All State) for 12 years and most recently served as the CTO for Vigilante ATI (acquired by ZeroFox).