Security controls can be a bit of a cat and mouse game—you block one attack, new ones spring up. Malicious actors continue to innovate new ways to hack your software, so responses end up being attack-specific and often manual. It’s not just your software, it’s your third-party dependencies, too. So Exaforce built software that can automate some of the responses and attack detection.
I spoke with Ariful Huq, co-founder and head of product, and Marco Rodrigues, co-founder and head of product, at Exaforce last month at AWS re:Invent.
————————————
Q: Tell us a little bit about what what Exaforce does.
Ariful Huq: We are focused on helping organizations of all sizes, starting from high growth startups all the way to mid enterprises, depending on where they are in their SOC journey. If you do not have a SOC, we enable you to build one in days, literally without having to go buy tooling, get detection, engineers, get analysts. If you do have a security operations center when you have analysts, our goal is to amplify the capability of these analysts. Think about a team of two or three analysts—how do you make them a team of ten? That’s essentially what we do.
Q: Where do you find that organizations are the most lacking, either pre-SOC II audits or after?
Marco Rodrigues: In our experience at least, customers tend to come to us once they have the SOC II compliance or ISO that’s clearly an attestation and an evidence-driven security compliance framework. When it comes time to actually start putting together incident response plans or where there’s legal liability that’s being driven through their customer contracts, that’s where they tend to get a bit more serious.
A lot of these companies are at the early stage startups. They barely have one or two security engineers to begin with. Usually where they’re lacking depends on the journey of the company. A lot of them can be where they have no tools at all, and they need some detection framework. They need individuals monitoring and actually writing those detections. You need a routine that actually responds and remediates to it. So we’ve seen a kind of a variance of companies in that space.
Some of the larger companies, they just can’t keep up with the growth of detections as they come in. They need to augment their teams. The reality is that the skill set is not there—they can’t hire these people even if they wanted to. They’re using AI SOC, as an example, to augment and fill in that gap.
Q: When you do construct these sort of detection frameworks for these operations, how much existing infrastructure are you building on? I know a lot of folks have a CloudFlare base to help with that, or HAProxy to route traffic. What are you coming in to? Does anyone just have nothing?