Sean Martin sits down with Dror Liwer at Black Hat 2024 in Las Vegas to discuss Coro's groundbreaking approach to platform integration and its impact on the cybersecurity landscape.
At Black Hat 2024 in Las Vegas, Sean Martin from On Location interviews Dror Liwer of Coro, uncovering the impressive strides Coro has made in creating a truly cohesive cybersecurity platform. This conversation reveals how Coro distinguishes itself in an industry saturated with buzzwords and inadequate solutions, particularly for smaller and mid-sized businesses.
Meeting in Vegas
Sean Martin starts the conversation by appreciating the vibrant atmosphere at the Black Hat Business Hall. The colorful Coro booth, coupled with the energetic team, sets the perfect backdrop for a discussion centered on platform innovation.
Sean Martin: "Here we are, Dror. Fantastic seeing you here in Vegas."
Dror Liwer: "It's where we meet."
The Platform Buzz
The term “platform” has become a buzzword in the cybersecurity industry. Dror explains that many companies claim to offer platforms, but these so-called platforms often result from the integration of various point solutions, which don't communicate effectively with each other.
Dror Liwer: “We built Coro as a platform and have been a platform for 10 years. It's kind of funny to see everybody now catching up and trying to pretend to be a platform.”
Dror criticizes how companies use “platform” to create market confusion, explaining that a true platform requires seamless integration, a single endpoint agent, and a unified data lake.
Defining a True Platform
Dror and Sean delve deep into what makes Coro's platform genuinely innovative. Dror emphasizes that a real platform collects and processes data across multiple modules, providing a single pane of glass for operators. He contrasts this with other solutions that merely integrate various tools, resulting in operational complexity and inefficiencies.
Dror Liwer: "A real platform is an engine that has a set of tools on top of it that work seamlessly together using a single pane of glass, a single endpoint agent, and a single data lake that shares all of the information across all of the different modules."
The Role of Data
Data integration is a cornerstone of Coro’s platform. Dror explains that each module in Coro functions as both a sensor and protector, feeding data into the system and responding to anomalies in real-time.
Dror Liwer: "The collection of data happens natively at the sensor. They feed all the data into one very large data lake."
This unified approach allows Coro to eliminate the time-critical gap between event detection and response, a significant advantage over traditional systems that often rely on multiple disparate tools.
Supporting MSPs and Mid-Market Businesses
One of Coro's key missions is to support Managed Service Providers (MSPs) and mid-market businesses, sectors that have been largely overlooked by larger cybersecurity firms. By offering a more manageable and less costly platform, Coro empowers these providers to offer comprehensive cybersecurity services without the high operational costs traditionally associated with such tasks.
Dror Liwer: “We are changing that economic equation, allowing MSPs to offer full cybersecurity solutions to their customers at an affordable price.”
Fulfilling New Requirements
Dror also sheds light on how Coro helps businesses comply with new regulatory requirements or cybersecurity mandates, often dictated by their position in the supply chain.
Dror Liwer: "When this guy comes to you and says, ‘Hey, I need to now comply with this or do that,’ this is an opportunity to tell them, ‘Don't worry. I got you covered. I have Coro for you.’”
Conclusion
Dror Liwer's insights during Black Hat 2024 highlight how Coro is not only addressing but revolutionizing the cybersecurity needs of small to mid-sized businesses and their MSP partners. By creating a true platform that reduces complexity and operational costs, Coro sets a new standard in the cybersecurity industry.
Learn more about CORO: https://itspm.ag/coronet-30de
Note: This story contains promotional content. Learn more.
Guest: Dror Liwer, Co-Founder at Coro [@coro_cyber]
On LinkedIn | https://www.linkedin.com/in/drorliwer/
Resources
Learn more and catch more stories from CORO: https://www.itspmagazine.com/directory/coro
View all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas
Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story
Coro's Modular Cybersecurity and True Platform Revolution | A Brand Story Conversation From Black Hat USA 2024 | A CORO Story with Dror Liwer | On Location Coverage with Sean Martin and Marco Ciappelli
Please note that this transcript was created using AI technology and may contain inaccuracies or deviations from the original audio file. The transcript is provided for informational purposes only and should not be relied upon as a substitute for the original recording, as errors may exist. At this time, we provide it “as it is,” and we hope it can be helpful for our audience.
_________________________________________
[00:00:00] Dror Liwer: .... . Okay.
[00:00:01] Sean Martin: All right. Here we are Dror. Fantastic seeing you here in Vegas.
[00:00:08] Dror Liwer: It's uh, where we meet .
[00:00:09] Sean Martin: I know in front of the, the amazing taller this time Modular modular booth.
[00:00:18] Dror Liwer: Yes.
[00:00:19] Sean Martin: Yes. It's, but I love the colors. I think I mentioned that before. You know what I love more than the colors of, and I've said this before, the team inside the team is amazing, the energy in there.
[00:00:28] Dror Liwer: Yeah.
[00:00:29] Sean Martin: It's incredible..
[00:00:30] Dror Liwer: We're very lucky and, uh, we don't take any of it for granted. We have a great team. Being on, uh, at a trade show, working at a trade show is really hard. And the energy and the impact that they have is phenomenal.
[00:00:45] Sean Martin: And, so, for those listening and watching, they, they probably hear a nice buzz. We're on the show floor at Business Hall at Black Hat in Las Vegas.
Hacker's summer cap is upon us. And we're here with Roar and the crew. We're going to talk about platforms today.
[00:01:03] Dror Liwer: Platforms it is.
[00:01:04] Sean Martin: Right? Yes. Let's, let's do that. I actually, if I may, I'm going to put these on. Definition of a, of a platform. Let's go. It's a fundamental architecture that serves as a foundation or base upon which other applications, processes, and technologies are deployed, managed, run, organized, orchestrated, all that stuff.
I think, and we were kind of joking about this table here, if this table was built on a platform or a base that was a bunch of sticks loosely put together It
[00:01:41] Dror Liwer: wouldn't work.
[00:01:42] Sean Martin: It wouldn't work. We'd be kind of leaning and falling over on each other. So let's, um, I'm going to put these away so they're not distracting.
Let's talk about platforms. And for those listening and watching, they probably hear this term a lot, right? Every organization they're dealing with has a platform of some sort. Everybody
[00:02:01] Dror Liwer: has a platform now. Everybody. It's amazing. It became the buzzword this year. And we built Coro as a platform, um, and have been a platform for 10 years.
And it's kind of funny to see everybody now catching up and trying to pretend to be a platform. But really, you know, I view things a little bit differently. I think that what's happening in the industry is buzzword chasing, a lot of it. So So, a couple of years ago it was, uh, ZTNA, everybody was ZTNA, everybody was Zero Trust.
Um, then it was, uh, AI, everybody was doing AI. And now it's platform. So everybody's doing platform. Everybody. An email security provider suddenly is a platform. An endpoint protection company is suddenly a platform. That's not a
[00:02:53] Sean Martin: platform. No. That's integration of stuff that you have and hopefully, hopefully it works well together.
Yeah. So your definition of a platform?
[00:03:03] Dror Liwer: My definition of a platform is an engine that has a set of tools on top of it that works seamlessly together using a single pane of glass, a single endpoint agent for all of them, and of course a single data lake that shares all of the information across all of the different modules.
And what we are seeing is, uh, folks that are trying to pass their, uh, platform. Point solution off as a platform and really making the customers, um, creating confusion in the marketplace about platforms.
[00:03:43] Sean Martin: And I think, I don't want to say in fairness, but let's be honest, I mean, if you're a large organization, a large security company, and you have a bunch of stuff, and you want to make life easier for your customer, you probably want to build something that brings it all The problem is, that's yet another something that the customer has to also deploy and manage and maintain.
And it probably, fairly loosely, connects stuff together. So, if you're doing it after the fact,
[00:04:17] Dror Liwer: it's kind of If it wasn't built from the ground up with the thinking of automatic integration, of seamless turning on and off of the modules that are on top of the platform, it's not really a platform. What I call it, is an invoice platform.
Why? Because you get a single invoice from the vendor with all of the stuff that you bought. And I'm not belittling that. That's a good thing. To be able to consolidate and get a single invoice where you probably can negotiate a better price point if you're buying more stuff from the same vendor. But to use some examples out there.
When CrowdStrike says that their platform But their email is Proofpoint. How is that a platform? How is that a platform? Yes. So on the invoice, it's going to be a single invoice from CrowdStrike with their, uh, uh, endpoint protection parts and Proofpoint as the email. But it's not a platform. The two tools are not fully integrated.
They don't talk to each other. They don't share information. They don't inform each other of the actions that the users are taking. A real platform Actually has eyes on everything and shares the information across all of the different modules, whether it's the user protection, the endpoint protection, the network, the cloud, the email, the data, all with a single engine running underneath it.
That's a platform, and I'm proud to say that we're probably the only player currently that has that in place, in production, for years now. So And what we have been doing is, we have been adding modules yearly to this architecture. And the beauty is that these modules automatically talk to each other.
They understand what is happening across the cyber security landscape. And not in the just email, just endpoint, just data protection. That's not platform.
[00:06:29] Sean Martin: We are going to go on a ride here. Let's start. The last point you made when you described it was the data link. Yes. And for me, it's all important, but for me that's a big part of this.
Absolutely. Because in that data set, not sets, data sets is all the stuff, each part of the system, the whole, everything in the platform needs to do its job at a scale, efficiently, in the best way possible, with little impact. The resources. Um, so let's talk a bit about that data piece of this.
[00:07:09] Dror Liwer: Yeah. So the way we think of this and the way we think platforms should behave is every module that sits on top of the platform performs two rules.
Two roles. Role number one is it's a data collector. It's a sensor that feeds the data into the platform of what it sees. And sometimes what it sees is not a threat, but it's information that. It might inform another part, another module of, hey, something really unusual is happening there that is impacting me.
That's a real platform. So
[00:07:44] Sean Martin: many times those, we don't need that data because that, that piece doesn't care. So we're not going to collect it because why it's going to overload the data store.
[00:07:55] Dror Liwer: Data is power. And, and as I said, the modules have two roles. Role number one is a sensor. Feeding data into the data lake.
The second one is protection. Get information from the data, whether or not you created that data, as a module. So if I am the email, email is a great example. Because if you look at email protection today, the email providers out there, they're looking at email protection from a malware, ransomware, phishing, spear phishing perspective.
Right? Which is great. But A, um, um, A BEC attack business email compromise attack doesn't start there. It starts with a credentials compromise. So if a different system that doesn't talk to the email platform, um, is looking at credential compromise and doesn't feed the information into a data lake, email won't.
The email platform will not know it. The email endpoint, uh, uh, the email, uh. The email security tools won't know it. In our world, because our credentials information and anomaly detection is feeding into the same data, the email protection looks at it and goes, wait a minute, that user is probably not who they seem they are.
And that email that just came out, which looks completely legit, is not legit. And therefore, I'm flagging it and I'm taking action. Yep. If you're not a real planner If all of those different sensors are not feeding the same engine that makes decisions, then you're a toolset. You're a bunch of tools that happen to be on the same invoice and probably are using four different endpoint agents that now I, as the customer, or as the MSP partner of ours, need to deploy and maintain and manage and deal with interactions between those agents.
A real platform. is modules that talk to one engine, one data lake, that present themselves on a single pane of glass and manifest themselves on a single endpoint agent,
regardless of the device they're on.
[00:10:21] Sean Martin: So talk to me about, so there's the data in and out. We know email data is not the same as credential data, not the same as, uh, the firewall feed, right?
That's what it is. When there's somebody who has a bunch of parts and they're pulling them together and they're trying to get this data from the device, from the sensor or whatever and then into a place where it can be accessed and retrieved, there's many times a challenge in understanding what's in the data and how to actually make proper use of it.
So in my old world it was a connector that would take some data And transform it Yeah. Into something else. Yep. And in that you probably lose some context or, absolutely. So talk to me a little bit about how, how you kind of maintain integrity across all of it.
[00:11:23] Dror Liwer: So the whole idea is the collection of data happens natively at the sensor.
So at our email protection module or at our endpoint protection module, uh, or at our data governance module, they collect the data and they feed all the data into one. One very, very large data lake. On top of that, uh, there is a, uh, an anomaly based detection platform, uh, that is part of the engine that looks at anomalies that are happening.
So we're not looking at the data from the perspective of, uh, if then, then that. But rather, we're looking at this as an unstructured, unsupervised, um, machine learning environment that looks at the data. the data and understands when something anomalous is happening. And then, uh, informs the appropriate engine, uh, the appropriate module of that anomaly.
So, if it sees an anomaly that starts at the credential step and continues in email, it's going to raise a flag to these two modules, and these two modules will now take action. which again means that the operator doesn't have to be It doesn't need to spend time chasing events. That's one. And two, the architecture here eliminates time criticality.
You and I both know that when an event happens, by the time an operator acts on it, that time is critical. A machine reacts in milliseconds. Um, and therefore we removed that time criticality issue from responding to, uh, time criticality.
[00:13:13] Sean Martin: It's funny because I, in the last two weeks, in part of Black Hat actually, we've had a number of conversations around metrics.
And what does it mean to succeed with a security system and a program. And time is critical, but the decision that's made, at least in my perspective based on the conversation I had, is equally critical. So, if you make a decision Decision that's bad, a false positive, and you respond in a certain way. Or if, uh, if you set a firewall rule that that doesn't, it may stop that particular attack, but then affect other parts of the business, you're, you're now reacting in different ways.
So there's a whole chain of things, not just can I respond more quickly, but, which is, but that's important as well. So talk to me about kind of the respond. I'm, I wanna speak to the SSPs now. Who probably struggled with this for years. Yep. Trying to find a solution that actually helps them respond. Yep.
Right? Well, first identify and respond in time. But in a way that's appropriate for the business.
[00:14:28] Dror Liwer: Yep.
[00:14:28] Sean Martin: Not just appropriate for the technologies they happen to pick.
[00:14:31] Dror Liwer: So, as you know, we are a channel first company. And most of our revenue comes from our partners. MSPs, MSSPs, VARs, and so forth. And the one challenge they've had was, even if they had built a security stack from Point Solutions, and they're actually the platform.
They become the platform, because they're masking the complexity from the end customer, but they need to manage that complexity. Managing that complexity, um, creates, um, an enormous OpEx, uh, cost for them, which Then they need to pass on to their customer. When you're looking at the mid market or small business, they just can't absorb that cost.
So what happens? My MSP partner needs to make one of two choices, either not cater to that huge market, mid market and small businesses, which are actually the majority of the businesses out there today, or offer them a sliver of the platform they've built. Because that's all they can afford. We come to the table and we say, No more.
You can actually offer them the entire cybersecurity solution. Starting with, uh, user, endpoint, network, cloud, email, data, everything in one platform at a price that they can afford because we remove the OPEX cost. Because managing Coro is so much easier and so much less time consuming. So you're assuming that your team can now support so many more of these smaller businesses out there without adding to your OPEX.
Very different model.
[00:16:24] Sean Martin: So there's OPEX in terms of just getting it all to work together.
[00:16:30] Dror Liwer: But also the team cost. The largest cost is actually the team.
For an MSP, once they've built the stack, that's some cost. Right? But then there's the team that needs to operate. And every customer that you onboard in that complex, uh, virtual platform that you created, um, is very, very costly because of the alerts and, and, and the, uh, the, um, operational costs associated with that.
But with us being a real platform that does all the work, not all the work, but the vast majority of the event chasing on its own, uh, through very smart automation. It basically means that you don't have that enormous onboarding cost of a new customer. Uh, and that actually opens the door to a huge revenue stream that you've basically not been able to address effectively and profitably before.
So most MSBs shied away from offering a full cybersecurity stack to their customers, to their SMBs and mid market customers. And we are changing that economic equation.
[00:17:47] Sean Martin: They deserve the same protections, the same SLAs. Absolutely.
[00:17:53] Dror Liwer: These guys are the backbone of the economy, the mid market and small business.
And the fact that this entire industry around us has neglected them, has overlooked them, and has been trying to shove enterprise product down their throat is shameful. We're here to right this wrong, basically. I love it. And We're doing it and our growth is showing that we're doing it in the right way.
[00:18:20] Sean Martin: So let's talk to the, let's keep talking to the MSSPs. Sure. Um, because we're about to wrap here. So I want to leave them with something they can think about. Are there any signals, I mean I'm sure they all feel the pain. Are there any pain points that you think would resonate with them, those that are listening and watching?
Are there any signals that say, you may have built this very well? It's a virtual platform, but if you look at how you're doing things, you might spot that this is happening, and you can fix that. That isn't, that isn't, that's not what you have to deal with, right? You don't have to settle there. So are there any signals or signs or anything you want to share?
[00:19:02] Dror Liwer: I think the main signal is when your SMB or mid market customer comes to you and says I have this new requirement by either regulation or Or by cyber insurance. Or by the supply chain I'm in. Because normally our guys are somewhere in the middle or the bottom of the supply chain. And the folks at the top of the supply chain are now dictating cyber security mandates.
So when this guy comes to you and says, Hey, uh, I need to now comply with this or do that. This is an opportunity to tell them, don't worry. I got you covered. I have Quora for you. Yep.
[00:19:44] Sean Martin: And I have an app. And I have an escalator back at home. It's fantastic. Well, Dor, it's always great to be out with you.
Always a pleasure to speak with you. And I love this story, and I love what you're doing. And I like that you're righting this wrong, as you said it. And I hope, I hope more and more small and medium businesses get to enjoy the value of Coro. And the partners that serve them. And the partners that serve them, exactly.
Absolutely. Exactly. So thanks everybody for, uh, this brand story. And, uh, hopefully you'll stay tuned. Please do. Please do connect with Dror and the team. Trust me, you'll, you'll appreciate the energy and it all comes back to the greater platform that they built and the solution that they have to offer through their partners.
[00:20:26] Dror Liwer: And you can find us at Coro. net. C O R O. net. Perfect.