January 8, 2025 • 16 mins
This episode explores the transformative role of automation in cybersecurity through Cyngular Security's innovative approach. By focusing on Cloud Investigation and Response Automation (CIRA), we discuss how this technology alleviates alert fatigue, reduces burnout among analysts, and empowers teams to enhance their security efforts.
• Cyngular Security introduces Cloud Investigation and Response Automation (CIRA)
• High alert volumes lead to analyst burnout
• Automation in investigations enhances operational efficiency
• Importance of human oversight alongside automation
• Quick and easy deployment process with no agents required
• Dual-engine approach combines automation and manual investigations
• Proactive threat hunting is critical for effective cybersecurity
• The misconception of safety on cloud platforms without continuous monitoring
• Cyngular offers peace of mind through rapid deployment and assessment
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:09):
Welcome to another episode of Cybernomics.
My guest today is Dan Spinner,who is the General Manager for
North America at SingularSecurity.
Dan, I've heard so much aboutthis product, I've heard about
what you guys are doing over atSingular and I'm hoping that we
can just dive a little bit moreinto it to talk about the issues
(00:30):
and the solutions, this newcategory called CIRA.
Can you explain to us what CIRAis and give us a little bit of
a rundown, an elevator pitch, ifyou will, of Singular security?
Speaker 2 (00:43):
Well, thank you for having me on the show and
looking forward to sharing withyou and your audience some of
the main items about SingularSecurity and how Singular saves
people's lives.
I've been involved in thiseffort for about a year now and
really dove into it because ofits impact on the social side.
(01:06):
I appreciate it's a business,it definitely is a money-making
operation, but the way thatSingular solves the problems in
the SOC, I believe it has a hugeimpact on people's lives and we
want to talk about that today.
Specifically, to answer yourquestion about CIRA, cira is a
(01:27):
new category defined by Gartneras cloud investigation, response
automation, automation of theincidents, investigation.
So, as everybody knows, in aSOC there is a very high volume
(01:48):
of alerts.
Now there are some alerts thatare suggested to be more severe,
less severe.
There is a filtering I agreewith all the products that exist
in the current stack, yes butultimately there is a net number
(02:10):
of alerts that need to bemanually investigated today and
that is where the challenge is.
The challenge is theinvestigation process on each
one is 10, 15, 20 minutes.
Pick a time.
It's significant, it'scumbersome, it's difficult and
(02:31):
the volume.
Even after the net reduction,the volume is essentially
unbearable and becomes a burnoutto typical SOC analysts and
becomes a burnout to typical SOCanalysts.
It requires a significant skillto do the investigation and T3
(02:56):
SOC analysts are not that easyto be found.
They burn out.
And that is the space whereSingular lives the automation,
the hunting, investigation andactually providing mitigating
suggestions to the SOC analystwho is still in the loop.
We believe strongly that thereshould be a human being in the
(03:17):
loop, just like in the Iron Domesystem in Israel, there is a
human being in the loop to makesure that shooting down incoming
missiles is truly incomingmissiles and not an airplane or
passenger aircraft.
Same way we investigate, huntthings down, provide mitigating
(03:44):
suggestions and then we andthat's where we fit and makes
things a lot easier for the SOCanalysts Empowering the SOC is
our model.
Speaker 1 (03:58):
The Iron Dome is an apt comparison and metaphor
because Singular, as Iunderstand, is an Israeli-based
company.
Speaker 2 (04:06):
And it's Israeli-based.
That's what we do, and it'sIsraeli-based, that's what we do
.
As a matter of fact, theco-founder was the CISO at the
company that invented the irondough, and the other co-founder,
who's the CTO, was the SOCmanager at the company, and you
(04:32):
know that's what he did.
He says why am I doing thismanually?
You know as much as the IronDome and the CEO of this company
is a co-founder and was theCISO in the development.
The CTO of Singular was theperson who had to manage the SOC
(04:53):
and was doing all this manualinvestigation and said well, why
am I doing this manually whenall of this can be done using AI
?
And that's where Singularstarted.
Speaker 1 (05:09):
So he was doing all of the manual effort and I mean
that's a great story, startingat the company that invented the
Iron Dome, and being in thatsock and in those operations, I
would imagine would more thanqualify you to be able to create
some technology around this tomake the job easier Because,
like you said, it saves lives,some technology around this to
(05:31):
make the job easier because,like you said, it saves lives.
And it seems like that not onlythat's not only something that
you've baked into your missionat singular, but it's something
that's baked into the blood ofthe uh of the people who started
singular, because the iron dome, as we know, as we well know
with what's going on in thatpart of the world, is it is in
the 24-hour job of saving lives.
(05:53):
So that's an incrediblepedigree to have and story to
have attached to Singular.
How does this philosophy thatyou guys have ingrained help
reduce that problem of burnoutand fatigue?
Speaker 2 (06:08):
Well, there's the burnout and the fatigue issue,
which comes from the need of themanual work, and then there's
the reality of the animal orwhat we're dealing with, that
the intruder can come in at aridiculous time in a different
(06:30):
shift and go on for like a fewseconds and make one attempt and
do something and then goesdormant for six months and then
another SOC analyst in anothershift, possibly even a new
employee, sees another alert.
(06:51):
How do you connect these two ortwo or three or four or five?
This is where an automated toolshines, because it's able to
understand what happened, it canget history, it can connect the
dots and it could actually putout an alert, an investigation
(07:17):
and then the mitigationsuggestion.
Speaker 1 (07:19):
So really the answer to that problem is I mean, it is
that we are becoming sort ofcyborgs.
The way Elon Musk put it isthat in order to become a cyborg
in today's world, you have toreduce the interface problem.
Right now we've just got thumbsand he wants to integrate it
into our brain.
(07:39):
So maybe there's going to beone day a tool that integrates
with the brain of the SOCanalyst that allows them to
handle a million alerts persecond.
Who knows?
We can hope, or maybe nobodywants to live in that world.
You just can't keep up with thenumber of alerts.
Right, it's just.
It's impossible with thegrowing threats.
Speaker 2 (08:00):
The beauty of this product is that it sets up in
like 15 minutes.
It deploys in a read-onlyenvironment.
Read-only we're reading thelogs.
We're reading the logs.
We're reading the five networklayers.
We're just reading.
We are not deploying any agents, no agents, there's no
(08:23):
configuration, requires a fewminutes to deploy and it
immediately starts working.
To understand the networktopology, the first thing you
get is a beautiful map, kind ofa nice tool for everybody who,
by any chance, you know, doesn'texactly know all the assets
(08:45):
that they have.
So, step one, quick deployment,no agents, read-only, accounts,
safe, and then it startsworking and it gives you a
lovely way of seeing yournetwork.
Terrific.
Then it starts understanding ifthere are any incidents that
(09:08):
need to be recorded.
Let's say there are 20 attemptsat a login and then there's a
successful one.
Okay, check Red flag.
No problem.
Let it go Month later, sameSame idea Duplicate, raise a red
(09:33):
flag.
Maybe this needs to beinvestigated.
Singular basically has twoengines the automatic engine
that I'm discussing right now,and then there's an incident,
kind of an incidentinvestigation component where
you can manually say investigatethis and you can start looking
(09:54):
at it from different angles.
Same incident, but theinvestigation could be
comprehensive all around it.
And that's where the power is,because if you had to do that
manually it'd be very difficult.
But Singular can produce a fullincident report with all the
(10:14):
artifacts.
That report is a great productfor regulatory, for compliance.
You know the new SEC reportingthat requires delivery within
four days of an incident.
Singular can do that in aminute.
A lot of times when you have todo these reports it takes
multiple days to investigatewhat happened, what was the
(10:40):
remit and not no more Everything.
I keep saying, and I'm sorry torepeat myself, we are making it
easier, we're empowering thethe current sock analyst, who
may not know everything, to bemuch more and be able to get
stuff done that makes everybodysleep better at night.
Speaker 1 (11:01):
I would imagine you know the the cso sleeps better
at night because he knows thatuh, he's addressing these issues
.
If the SEC comes knocking onthe door, if there's an incident
, there's something that you canpresent in a court of law
Before four days.
Yes, exactly so it satisfies itchecks so many of the boxes.
And what I'm hearing somepeople may say is there are lots
(11:23):
of tools and technologies outthere that can monitor, that can
set alerts, that can filter.
What makes Singular sodifferent from the other tools
and technologies that are outthere who do something similar?
Speaker 2 (11:40):
It's this whole automation.
It's just automation of hunting, investigation and mitigation
Automation.
It's the automation aspect.
That that's all.
Speaker 1 (11:51):
It is the automation aspect, while he keeps the human
in the loop and theinvestigation piece is pretty,
pretty unique here, where maybea lot of tools at least as far
as I know if anybody's listeningor watching this and you know
you want to comment or shoot mean email, we can.
(12:12):
We can talk about it, but fromwhat I know, a lot of those
products, a lot of those tools,they they'll give you alerts and
they'll tell you what's goingon, but they're not doing the
investigation, they're notputting their proactive there's
the key word here yeah, hereyeah proactive.
Speaker 2 (12:29):
Our unifying message is we are proactive in hunting
things down and, by the way,things don't need to be blowing
up to be detrimental.
You could be a victim ofsomebody purely nesting in your
system Nesting.
(12:50):
They're not taking you down,they're not doing anything.
They're just sucking out allthe research, all the IP.
They're just taking it all.
And there are very few peoplewho are in a cloud environment
today who are not vulnerable tothat situation.
Of course, very few people.
There are many people who donot vulnerable to that situation
.
Of course, very few people.
(13:11):
There are many people who donot know that just because
you're on AWS or you're on Azure, you're not protected.
I know, you know the image isthat you're protected, but you
are not.
You are not protective untilsomething like a tool like
Singular comes and investigatesto make sure that there are no
(13:34):
nesters in your environment.
Why not?
15-minute install and you knowthat there are no nesters in the
environment.
And the product, by the way, ismulti-cloud, so if you have
somebody coming in on AWS, itwill track that incident over to
(13:58):
Azure.
If you are a MSSP servingmultiple clients, you have one
single pane of glass to look atall your clients, multi-cloud
and multi-tenant.
I'm ready.
(14:22):
Anybody who wants two offers,two really big offers, anybody
who wants to sleep bettertonight or tomorrow to know that
there are no nesters in theirnetwork, reach out and you could
have it deployed in 15 minutesand give it a try.
(14:44):
I mean, well, you know, readonly.
Why not Just find out?
And the main other offer isthat if you just want to have an
assessment, if there's anybodynesting, it's all in the same
ballpark, Happy to help you sothat you can be comfortable that
nobody is stealing yourinformation or about to ask you
(15:07):
for a lot of money and lose yourjob.
I don't want to do that.
Speaker 1 (15:12):
Why not?
Why not, Dan?
Thank you for spending timewith us today on Cybernomics.
If people want to find you,what is the best way for them to
find you?
You?
Speaker 2 (15:22):
could just go to the singularcom site and just hit.
There's one thing that says youknow, let me see a demo.
Four minutes, four minutes ofyour life to see a demo.
Speaker 1 (15:41):
Why not?
Why not Four minutes?
Why not?
Alright, we'll leave it there,Dan.
Thank you so much.
Dan, again is the generalmanager for North America at
Singular, an Israeli-basedcompany that has occupied this
new category.
Thank you so much for listeningto this episode of Cybernomics.
Thanks for watching.
(16:01):
If you need to get a hold of me, you can find me on LinkedIn,
linkedincom, slash Josh Bruning,or you can shoot me an email at
josh at bruningcom.
Also, check out our new website, bruningcom.
That is bruningcom.
That is our podcast agency thatproduces cybernomics and other
(16:26):
podcasts in the tech industry.
Thank you so much and we'll seeyou on the next episode.
Speaker 2 (16:32):
Goodbye.
Welcome to another episode of Cybernomics.
My guest today is Dan Spinner,who is the General Manager for
North America at SingularSecurity.
Dan, I've heard so much aboutthis product, I've heard about
what you guys are doing over atSingular and I'm hoping that we
can just dive a little bit moreinto it to talk about the issues
(00:30):
and the solutions, this newcategory called CIRA.
Can you explain to us what CIRAis and give us a little bit of
a rundown, an elevator pitch, ifyou will, of Singular security?
Speaker 2 (00:43):
Well, thank you for having me on the show and
looking forward to sharing withyou and your audience some of
the main items about SingularSecurity and how Singular saves
people's lives.
I've been involved in thiseffort for about a year now and
really dove into it because ofits impact on the social side.
(01:06):
I appreciate it's a business,it definitely is a money-making
operation, but the way thatSingular solves the problems in
the SOC, I believe it has a hugeimpact on people's lives and we
want to talk about that today.
Specifically, to answer yourquestion about CIRA, cira is a
(01:27):
new category defined by Gartneras cloud investigation, response
automation, automation of theincidents, investigation.
So, as everybody knows, in aSOC there is a very high volume
(01:48):
of alerts.
Now there are some alerts thatare suggested to be more severe,
less severe.
There is a filtering I agreewith all the products that exist
in the current stack, yes butultimately there is a net number
(02:10):
of alerts that need to bemanually investigated today and
that is where the challenge is.
The challenge is theinvestigation process on each
one is 10, 15, 20 minutes.
Pick a time.
It's significant, it'scumbersome, it's difficult and
(02:31):
the volume.
Even after the net reduction,the volume is essentially
unbearable and becomes a burnoutto typical SOC analysts and
becomes a burnout to typical SOCanalysts.
It requires a significant skillto do the investigation and T3
(02:56):
SOC analysts are not that easyto be found.
They burn out.
And that is the space whereSingular lives the automation,
the hunting, investigation andactually providing mitigating
suggestions to the SOC analystwho is still in the loop.
We believe strongly that thereshould be a human being in the
(03:17):
loop, just like in the Iron Domesystem in Israel, there is a
human being in the loop to makesure that shooting down incoming
missiles is truly incomingmissiles and not an airplane or
passenger aircraft.
Same way we investigate, huntthings down, provide mitigating
(03:44):
suggestions and then we andthat's where we fit and makes
things a lot easier for the SOCanalysts Empowering the SOC is
our model.
Speaker 1 (03:58):
The Iron Dome is an apt comparison and metaphor
because Singular, as Iunderstand, is an Israeli-based
company.
Speaker 2 (04:06):
And it's Israeli-based.
That's what we do, and it'sIsraeli-based, that's what we do
.
As a matter of fact, theco-founder was the CISO at the
company that invented the irondough, and the other co-founder,
who's the CTO, was the SOCmanager at the company, and you
(04:32):
know that's what he did.
He says why am I doing thismanually?
You know as much as the IronDome and the CEO of this company
is a co-founder and was theCISO in the development.
The CTO of Singular was theperson who had to manage the SOC
(04:53):
and was doing all this manualinvestigation and said well, why
am I doing this manually whenall of this can be done using AI
?
And that's where Singularstarted.
Speaker 1 (05:09):
So he was doing all of the manual effort and I mean
that's a great story, startingat the company that invented the
Iron Dome, and being in thatsock and in those operations, I
would imagine would more thanqualify you to be able to create
some technology around this tomake the job easier Because,
like you said, it saves lives,some technology around this to
(05:31):
make the job easier because,like you said, it saves lives.
And it seems like that not onlythat's not only something that
you've baked into your missionat singular, but it's something
that's baked into the blood ofthe uh of the people who started
singular, because the iron dome, as we know, as we well know
with what's going on in thatpart of the world, is it is in
the 24-hour job of saving lives.
(05:53):
So that's an incrediblepedigree to have and story to
have attached to Singular.
How does this philosophy thatyou guys have ingrained help
reduce that problem of burnoutand fatigue?
Speaker 2 (06:08):
Well, there's the burnout and the fatigue issue,
which comes from the need of themanual work, and then there's
the reality of the animal orwhat we're dealing with, that
the intruder can come in at aridiculous time in a different
(06:30):
shift and go on for like a fewseconds and make one attempt and
do something and then goesdormant for six months and then
another SOC analyst in anothershift, possibly even a new
employee, sees another alert.
(06:51):
How do you connect these two ortwo or three or four or five?
This is where an automated toolshines, because it's able to
understand what happened, it canget history, it can connect the
dots and it could actually putout an alert, an investigation
(07:17):
and then the mitigationsuggestion.
Speaker 1 (07:19):
So really the answer to that problem is I mean, it is
that we are becoming sort ofcyborgs.
The way Elon Musk put it isthat in order to become a cyborg
in today's world, you have toreduce the interface problem.
Right now we've just got thumbsand he wants to integrate it
into our brain.
(07:39):
So maybe there's going to beone day a tool that integrates
with the brain of the SOCanalyst that allows them to
handle a million alerts persecond.
Who knows?
We can hope, or maybe nobodywants to live in that world.
You just can't keep up with thenumber of alerts.
Right, it's just.
It's impossible with thegrowing threats.
Speaker 2 (08:00):
The beauty of this product is that it sets up in
like 15 minutes.
It deploys in a read-onlyenvironment.
Read-only we're reading thelogs.
We're reading the logs.
We're reading the five networklayers.
We're just reading.
We are not deploying any agents, no agents, there's no
(08:23):
configuration, requires a fewminutes to deploy and it
immediately starts working.
To understand the networktopology, the first thing you
get is a beautiful map, kind ofa nice tool for everybody who,
by any chance, you know, doesn'texactly know all the assets
(08:45):
that they have.
So, step one, quick deployment,no agents, read-only, accounts,
safe, and then it startsworking and it gives you a
lovely way of seeing yournetwork.
Terrific.
Then it starts understanding ifthere are any incidents that
(09:08):
need to be recorded.
Let's say there are 20 attemptsat a login and then there's a
successful one.
Okay, check Red flag.
No problem.
Let it go Month later, sameSame idea Duplicate, raise a red
(09:33):
flag.
Maybe this needs to beinvestigated.
Singular basically has twoengines the automatic engine
that I'm discussing right now,and then there's an incident,
kind of an incidentinvestigation component where
you can manually say investigatethis and you can start looking
(09:54):
at it from different angles.
Same incident, but theinvestigation could be
comprehensive all around it.
And that's where the power is,because if you had to do that
manually it'd be very difficult.
But Singular can produce a fullincident report with all the
(10:14):
artifacts.
That report is a great productfor regulatory, for compliance.
You know the new SEC reportingthat requires delivery within
four days of an incident.
Singular can do that in aminute.
A lot of times when you have todo these reports it takes
multiple days to investigatewhat happened, what was the
(10:40):
remit and not no more Everything.
I keep saying, and I'm sorry torepeat myself, we are making it
easier, we're empowering thethe current sock analyst, who
may not know everything, to bemuch more and be able to get
stuff done that makes everybodysleep better at night.
Speaker 1 (11:01):
I would imagine you know the the cso sleeps better
at night because he knows thatuh, he's addressing these issues
.
If the SEC comes knocking onthe door, if there's an incident
, there's something that you canpresent in a court of law
Before four days.
Yes, exactly so it satisfies itchecks so many of the boxes.
And what I'm hearing somepeople may say is there are lots
(11:23):
of tools and technologies outthere that can monitor, that can
set alerts, that can filter.
What makes Singular sodifferent from the other tools
and technologies that are outthere who do something similar?
Speaker 2 (11:40):
It's this whole automation.
It's just automation of hunting, investigation and mitigation
Automation.
It's the automation aspect.
That that's all.
Speaker 1 (11:51):
It is the automation aspect, while he keeps the human
in the loop and theinvestigation piece is pretty,
pretty unique here, where maybea lot of tools at least as far
as I know if anybody's listeningor watching this and you know
you want to comment or shoot mean email, we can.
(12:12):
We can talk about it, but fromwhat I know, a lot of those
products, a lot of those tools,they they'll give you alerts and
they'll tell you what's goingon, but they're not doing the
investigation, they're notputting their proactive there's
the key word here yeah, hereyeah proactive.
Speaker 2 (12:29):
Our unifying message is we are proactive in hunting
things down and, by the way,things don't need to be blowing
up to be detrimental.
You could be a victim ofsomebody purely nesting in your
system Nesting.
(12:50):
They're not taking you down,they're not doing anything.
They're just sucking out allthe research, all the IP.
They're just taking it all.
And there are very few peoplewho are in a cloud environment
today who are not vulnerable tothat situation.
Of course, very few people.
There are many people who donot vulnerable to that situation
.
Of course, very few people.
(13:11):
There are many people who donot know that just because
you're on AWS or you're on Azure, you're not protected.
I know, you know the image isthat you're protected, but you
are not.
You are not protective untilsomething like a tool like
Singular comes and investigatesto make sure that there are no
(13:34):
nesters in your environment.
Why not?
15-minute install and you knowthat there are no nesters in the
environment.
And the product, by the way, ismulti-cloud, so if you have
somebody coming in on AWS, itwill track that incident over to
(13:58):
Azure.
If you are a MSSP servingmultiple clients, you have one
single pane of glass to look atall your clients, multi-cloud
and multi-tenant.
I'm ready.
(14:22):
Anybody who wants two offers,two really big offers, anybody
who wants to sleep bettertonight or tomorrow to know that
there are no nesters in theirnetwork, reach out and you could
have it deployed in 15 minutesand give it a try.
(14:44):
I mean, well, you know, readonly.
Why not Just find out?
And the main other offer isthat if you just want to have an
assessment, if there's anybodynesting, it's all in the same
ballpark, Happy to help you sothat you can be comfortable that
nobody is stealing yourinformation or about to ask you
(15:07):
for a lot of money and lose yourjob.
I don't want to do that.
Speaker 1 (15:12):
Why not?
Why not, Dan?
Thank you for spending timewith us today on Cybernomics.
If people want to find you,what is the best way for them to
find you?
You?
Speaker 2 (15:22):
could just go to the singularcom site and just hit.
There's one thing that says youknow, let me see a demo.
Four minutes, four minutes ofyour life to see a demo.
Speaker 1 (15:41):
Why not?
Why not Four minutes?
Why not?
Alright, we'll leave it there,Dan.
Thank you so much.
Dan, again is the generalmanager for North America at
Singular, an Israeli-basedcompany that has occupied this
new category.
Thank you so much for listeningto this episode of Cybernomics.
Thanks for watching.
(16:01):
If you need to get a hold of me, you can find me on LinkedIn,
linkedincom, slash Josh Bruning,or you can shoot me an email at
josh at bruningcom.
Also, check out our new website, bruningcom.
That is bruningcom.
That is our podcast agency thatproduces cybernomics and other
(16:26):
podcasts in the tech industry.
Thank you so much and we'll seeyou on the next episode.
Speaker 2 (16:32):
Goodbye.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!