This interview is part of our new AI in Cybersecurity series, where we interview the world's top thought leaders on the front lines of the intersections between AI and cybersecurity.
In this interview, we speak with Omar Yaacoubi, co-founder and CEO of Barac, to understand how his company is using AI to transform cybersecurity, and what the future of the cybersecurity industry holds.
1. What’s the story behind Barac? Why and how did you begin?
OY: Barac’s technology protects against the increasing threat of malware hidden in encrypted traffic. We started out in regular threat intelligence, not specifically looking at encrypted traffic. It was after we joined Barclay’s Techstars Cybersecurity Accelerator program that we began to hear the whispers of a growing threat: encrypted malware.
It became clear quite quickly that there was no current, succinct solution on the market that didn’t involve decryption and that could combat the problem of locating and stopping malware hiding inside the ever-growing amount of encrypted traffic. In fact, encrypted traffic is growing so exponentially that it represented 70 percent of all traffic in 2018, a number that is expected to rise to 83 percent by 2020 as organizations look to protect their sensitive data.
The problem is that, ironically, this growth of encrypted traffic has also given hackers a new attack vector, as they have figured out that they can disguise their malicious code amongst the regular encrypted traffic. According to PriceWaterhouseCoopers, 60 percent of malware will be encrypted by the end of this year. Seeing that this was a serious, growing problem, we set about developing a solution to stop this new form of attack, and that’s where we are today.
2. Please describe your use case and how your company uses AI
OY: Barac’s answer to the threat of encrypted malware is our Encrypted Traffic Visibility (ETV) platform which uses AI and behavioral analytics to spot and stop encrypted malware in real-time.
Whilst other security vendors offer decryption as a way of looking inside encrypted traffic to search for malware, the ETV does things differently. Instead of using the decryption/re-encryption method, the ETV examines the metadata of encrypted traffic, rather than the actual traffic content. Using AI to learn the difference between ‘good’ and ‘bad’ data, the ETV is able to locate the hidden malware and stop it before it breaches an organization’s network.
Looking at how the technology works more closely, we discovered that every cyberattack has its own SSL metadata signature between the user and the server. By collecting the right data and doing data transformation and feature calculations, we found that unique signatures and abnormalities could be detected with very high accuracy. This approach is innovative and unique and has enabled us to develop a new area of SSL threat detection.
In looking at the metadata, we also avoid the issues that come with decryption, such as the significant strain that is put on the network and the risk of putting enterprises in breach of privacy regulations since all the network traffic is decrypted, even that containing sensitive information.
In addition, the ETV platform can help protect against the increased risks of cyberattacks resulting from the deployment of the new Transport Layer Security (TLS) 1.3 protocol, which does not allow organizations to decrypt and look inside their traffic for malware. This means that many legacy technologies that rely on decryption will be blind to encrypted malware attacks with the introduction of TLS 1.3.
3. Could you share a specific customer/user that benefits from what you offer? What has Barac done for them?
OY: Since launching in 2017, we already have a number of large enterprise customers and proofs of concept underway. Customers include a number of global banks, major telecoms and utilities companies, as well as some UK governmental departments. We have aggressive plans for growth going forward, particularly in our target verticals of finance, telco, utilities and state sector, which are most exposed to the threat of encrypted malware.
The benefits for our customers are many. Firstly, they are able to more accurately protect their systems by having visibility into encrypted traffic to protect against hidden malware in real-time, with high accuracy and fewer false positives. Since our approach overcomes the organizational, technical and budgetary challenges of relying on decrypting and re-encrypting traffic, our customers have no slow-down of traffic, no degrading of the user experience, no need to invest in additional hardware and no privacy issues with decrypting employee communications.
Secondly, Barac offers its customers compliance with privacy regulations, because the data on the corporate network is not being decrypted into cleartext at any point, so no sensitive data such as PII, PHI or PCI information is exposed by the inspection process.
We offer the ETV platform to customers on a subscription model, helping them avoid hefty one-off charges and instead pay for the service on a more affordable, incremental basis. This also makes the service highly scalable, with customers able to add virtual machines if they have more encrypted traffic to scan.
4. What other AI use cases in cybersecurity are you excited about?
OY: I personally believe that AI is the future of cybersecurity, and will be very useful in solving two of the biggest issues in cybersecurity today: managing data and the shortage of skills and people.
AI will be invaluable in overcoming the challenge of managing the growing amounts of data coming from innumerable sources as it will be able to help correlate all the information and extract the most important metrics and alerts.
With the huge gap in skills and shortages in resources in the cybersecurity sector, organizations will also need to adopt AI responses as a way to automatically defend against the next generation of solutions.
5. Where will Barac be in five years?
OY: As the issue of encrypted malware shows no sign of slowing down, and the level of encryption is only going to continue to grow as more privacy regulations are introduced and the number of IoT devices using encryption steadily rises, it’s critical that organizations become aware of this threat. We see ourselves as a frontrunner in this market, offering a unique solution that has come at a vital moment in cybersecurity history.
Our five-year plan is to focus on growing organically, and we’ve already opened an office in Boston, with other offices in Paris, France, and Tunis in Tunisia. We’ll also keep developing our technology through our own research and most importantly we want to make the market more aware of the problem of encrypted malware and the solutions that are out there that are able to combat it. Whilst we enjoy having very little competition in this arena at the moment, it is crucial that every organization that implements encryption wakes up to the threat of encrypted malware. We’ll be there when they do.