Do you feel that cyber threats are becoming more sophisticated and where should responsibility for threat mitigation lie within an organisation?
As technology becomes more sophisticated, so to do the perpetrators of this medium. It is commonly accepted that a successful cyber-attack is not a matter of ‘if' but ‘when.' Cyber-crime is a hugely lucrative business, opportunities for the ‘digital mafioso', criminals, ‘hacktivists' and even nation states only fuelled by Covid accelerated digitisation programmes (remote working), the speed and scale offered by today's hi-tech interconnectedness and the increased attack surface offered by an organisations workforce and supply chain. Whether the breach is theft of personal data or IP, DDOS attacks, ransomware or fraud - the pursuant organisational risk can be huge. Regulatory fines, reputational damage, loss of business and credibility makes Cyber very much a Boardroom business issue and the responsibility of each and every staff member. Cyber security needs to embrace people, process, culture - supported by ICT. Breaking down the divide between technology, culture and information governance is crucial if organisations are to mount a successful defensive. It is no longer acceptable to attribute blame to the technology department when ‘human error' is repeatedly recognised as a leading protagonist.
Tell us something about RevBits - and how your past has paved the way for differentiated solutions within what is a crowded market space?
RevBits was originally founded in 2016 as a Tier 3 cyber security service provider effectively solving those issues deemed unsolvable. This ‘from the trenches' period led to the development of our core portfolio of Next Gen patented solutions, designed to address those gaps left by incumbent suppliers and the specific needs ‘and wants' of the client. The early support period also provided valuable insight into the interplay between an organisation's business critical information assets, vulnerabilities and risk. In turn this ensured strong information assurance capability was baked into the design of the RevBits product set, to echo requirements around accessibility, availability, authentication, integrity, non-repudiation and confidentiality of information. RevBits understands the issues facing organisations and has developed a range of products and services to address these.
The following represents only a snapshot of where requirement has driven product development. A very large retailer's reputation hung in the balance when a malicious entity took control of the kernel to one of their business-critical systems. With the 'kernel' commonly regarded as the brain of any computer system, there is a general acceptance that if this is inappropriately accessed, it's game over. Through intense forensics and development, RevBits resolved the issue and subsequently patented this technology to ensure any such unauthorised access to the kernel and file registry is blocked. No other organisation is able to operate at the kernel level in this manner. Similarly, unauthorised access to business-critical systems, lack of integration and lengthy product rollouts drove the development of our Privileged Access Management (PAM) tool. RevBits PAM uses ‘jump servers' that can handle native clients for a variety of protocols such as SSH, RDP, VNC, MSSQL, PostgreSQL, Oracle and more. As a result of reverse engineering all of these protocols, native client traffic may be intercepted, recorded and re-routed. RevBits PAM is unmatched in the market for its configuration, ‘least privilege' options, auditability, integration and swift rollout. Numerous industry certifications now require organisations to have such PAM solutions in place. From a forensic analysis perspective, frustration at the inadequacies of incumbent solutions drove the development of arguably the best forensic EDR capability in the market with triple endpoint analysis - to include machine learning and signature scanning plus behavioural analysis. A recent independent ICSA labs study reporting 0 false positives and 99.3% detection rate. ‘Phishing' is responsible for well over 92% of all cyber-breaches, ransomware and credential harvesting attacks invariably commencing life as a phish. There is an acceptance in the market that leading SEGs have an email ‘miss rate' of over 24%...it is therefore little wonder that a vast quantity of support issues revolved and revolve around phishing. To combat this, RevBits Email security solution uses patented endpoint algorithmic analysis to detect and block sophisticated complex phishing and page impersonation attacks. This product is ‘complimentary' to existing SEG's however crucially helps eradicate this miss rate. To address the other half of the phishing issue - human error - RevBits are in the process of finalising a complete and comprehensive phish simulator solution which will mimic likely attack paths and techniques, provide advanced reporting capability and enable users to be directed to an integrated computer-based cyber-awareness training course.
Over a million manhours of experienced DevOps development has culminated in the broadest range of core Cyber products on the market today from any one stack. Building on this breadth of capability and using behavioural analysis, artificial intelligence and machine learning, RevBits award winning ‘Cyber Intelligence Platform' (CIP) integrates ALL of the major components within the cyber-defence deployment through a bespoke unified platform to provide real-time actionable intelligence. The CIP automates and integrates RevBits security modules to detect, lure, alert, respond and intelligently analyse multi-layered security data across the security stack, vastly improving SecOps productivity and enabling vendor reduction. Across all product groups the aim has been to readily address gaps and vulnerabilities with the most effective solution and provide improvement in every relevant ‘ility' namely:- Visibility, Functionality, Agility, Proactivity, Scalability, Flexibility, Affordability, Useability and Compatibility.
As an organisation, what is your approach to the Cyber Security market?
RevBits approach is very much to understand the ‘pain points' within the client base in order to help mitigate and remediate these. The name ‘RevBits' is a portmanteaux of ‘reverse' engineering and ‘bits.' As Sun Tzu, the Chinese military strategist once said: "If ignorant of both your enemy and yourself, you are certain to be in peril." The market is flooded with well-intended suppliers offering everything from awareness training, health-checks and a million different ground-breaking technologies to address the various identified vulnerabilities. What tends to be lacking is an affordable means for organisations to identify the ‘most likely risks' and to translate this into a finite number of governance and technology control measures. While no single organisation can have all the answers, we believe that with the integration of RevBits Next Gen technology; a pragmatic logical business approach; alignment to complimentary organisations and improved cultural awareness, it is possible to significantly reduce risk and improve an organisation's cyber security posture.
Can RevBits operate as a ‘one stop shop' for organisations to address Cyber-threats?
On the premise ‘Information Governance' and ‘Technology' are different sides of the same Cyber coin, there are certain mitigative measures that an organisation can take to reduce the likelihood and severity of a Cyber-attack. RevBits has developed a broad range of leading products and services which will significantly improve an organisation's efficacy, efficiencies and enhanced digital assurance for better security outcomes and an improved cyber security posture. These solutions include: -
- RevBits Core Portfolio which provides the most complete, effective and comprehensive range of Cyber Security products on the market today to embrace RevBits Cyber Intelligence Platform - CIP/XDR; Email Security; Endpoint Security/EDR; Privileged Access Management - PAM; Deception Technology and Zero Trust Networking - ZTN.
- RevBits integrated Awareness Training. People are an organisations greatest asset and largest threat. With human error accounting for the majority of reported ICO breaches, ‘awareness training' is key. To address this, RevBits are evaluating various options to integrate computer-based training modules into our software.
- RevBits ‘Knowledge Centre' provides useful information and exemplar templates to highlight some of those other key areas of importance within Information Governance which may contribute to an organisation's cyber defence strategy.
What is your channel strategy for the UK and can you talk through the key components of your channel programme?
Absolutely. RevBits business model operates an 80:20 Indirect: Direct business, our success directly aligned to that of our resellers. RevBits has a multi-pronged approach which encompasses:
- Signing only a finite number of VARs/VADs/MSSPs to avoid channel conflict plus multi-tenancy capability for MSSP and MSP customers;
- The ‘Reseller Portal' provides a one stop shop for sales and technical training; Sales collateral; Contracts; Client testimonials and escalation processes;
- ‘Continual improvement' from an ongoing commitment to review the product portfolio in line with the everchanging market and threat landscape, to help ensure gaps are being readily addressed and market needs are being met;
- ‘Knowledge Centre,' to include some useful documentation, facts and templates to help you help ‘your' clients;
- Marketing. A number of in-country and global marketing initiatives which include: - Press releases, editorials, Ads, virtual and physical trade events, roundtables and seminars. Subsequent prospect enquiries are directed to our in-country resellers;
- RevBits understands the issues facing our clients and is uniquely placed to help you improve their security posture in a commercially favourable manner. The pricing structure is simplistic, scalable and reflective of projected client requirement.
About Kristina Holland
"I am delighted to have been given the opportunity to help launch the RevBits portfolio of products in the UK and Ireland.
We are actively seeking ‘suitable' channel partners to expand our footprint in this region. RevBits is small enough to be flexible, new enough to be current and agile enough to respond to market changes. If you are interested in becoming a partner, please get in touch: [email protected] or visit us at the forthcoming International Cyber Expo in London. Stand A30:- https://www.internationalcyberexpo.com/revbits-visitor."
Kristina is an experienced, security cleared, commercially focused and successful business professional with a proven track record of delivering Information Assurance and Cyber Security solutions; outsourced technology and professional product and services at C-level across disparate industry sectors within the UK and Global markets.