A Medical Approach to Cybersecurity

This episode has been automatically transcribed by AI, please excuse any typos or grammatical errors. 

Steve King  00:13

Welcome, everybody. I’m Steve King, the managing director of CyberTheory. And joining me today is Dr. Deron Williams, the CEO and founder of black fog, a leader in on device data privacy, and you’ll learn what that is in a minute here. And then of course, data security and ransomware prevention is their objective. For a cybersecurity expert. Darrin has an interesting background, he got a PhD in pharmacology before moving on and, and founding this security startup we and he believes that, you know, through an understanding of medicine and how to kill viruses, that that was inspiration for a career shift. He knew the current defensive approach to cybersecurity was not working, because he spent two days in the field and said, Wait a minute, this isn’t working. And so he created a different approach, applying the same thinking medical professionals. Yes. So I’m, I’m anxious to do a deep dive here into black fog and their unique medical approach to cybersecurity and explore how, how Dr. Williams has, has done what he’s been able to do so far. So Darren, welcome. Thank you for joining me today. A pleasure, Steve. Thanks for having me on. Sure. Sure. Well, let’s start with blackfog. Tell me about what you guys do, how you do it, why it’s different than everybody else’s approach to cybersecurity prevention, protection, etc. And how it draws upon the some of the theories or best practices in medicine. Sure, no problem, Steve. So blackfog, was started in around 2015. And basically, this is my third company. And we decided that we wanted to get into something which can really use sort of some of our skill base some of the things that we’ve learned at other corporations, but more importantly, some of the information that I’d learned, obviously doing a PhD in pharmacology. And so you know, one of the things that we noticed, particularly with my last company that was acquired by a company in Canada, which was focused really on, basically, recovery of stolen laptops, if you will. And so they were sort of doing some really interesting things in that area. And what we realized very early was that, in the very early days, when laptops were really expensive, you know, 1000s, of dollars age, it was really important for companies to focus on, you know, if they lost that asset, that’s pretty expensive assets. So they were taking out insurance policies and doing all that sort of stuff. And so this software that this company developed, which was absolute software, they decided that we’ve got a technology that if someone steals the laptop, we could effectively brick it out in the field. And then we could actually tell him to return it, or we’ll lock down the device, and you couldn’t remove it, it was very persistent. And it was a really good technology. But what we found was that the revenue started declining that the brand about the, you know, with a mobile device economy started around the mid 2000s, or 2007, I guess, with the first iPhone, people sort of started seeing that the device costs have decreased dramatically. And so it wasn’t as important to protect these laptops anymore. And when we start thinking about the way we work every day, now, our focus is really on the devices, but they’re a bit of a commodity, the prices had gone down significantly. But what transpired was that people actually didn’t really care about the device itself, but they really care about the data on the device. And so that got us to thinking is, what is it that we’re doing these days? And how do we protect users from a data privacy perspective, but more like, more, more commonly these days is ransomware protection? And how do we prevent that and when we looked at the marketplace, we saw pretty much a common thing. You know, there’s around 6000 vendors out there in the marketplace in cybersecurity, and, you know, 5999 of them pretty much approach the problem the same way defensively, you know, think about a building your home, for instance, and you’re trying to protect it from criminals, you know, you put a lock on the door, you have a few other devices, you do take out an insurance policy, you do a lot of different things to protect your property, but effectively, they’re all involved with perimeter security. They’re all about having, you know, you can add extra guards to the front of the house. You could you could do a lot of things to protect yourself, but ultimately, you’re still stopping people coming at you all the time. And

Darren Williams  05:00

That’s pretty much what all cybersecurity tools do to this day is they all focus on bad guys coming towards you, you try to take them out before they get into the building. So Alice, and so when I looked at basically how we looked at medicine and design drug therapy, we typically look at the lifecycle of a disease, we look at how a disease actually manifests, how it spreads, how it replicates, and then we try and target various parts of that life cycle so that we’re able to destroy it. And so various drugs that are around today, they all target different things, some are better than others, right? So this is what we do we trial and error, we do science on it, and we see which ones work the best. And, you know, it’s not dissimilar to weigh all the different vaccines that are available COVID. These days, they they work in different ways as well. And so when we looked at cybersecurity, we thought, There’s got to be another way, we can’t just focus on that one approach. And so we thought, what is the goal of ransomware? Anyway, and the goal of ransomware is effectively to steal your data, and extort you for money mean, that’s effectively their goal. So what is it that they have to do to make that happen? Well, sure, they have to get on you in so if they do get through your defenses, then you’ve got a problem because no one else is really fighting that other battles. So we thought, why don’t we focus on the, on stopping what they’re trying to do, which is take information from you. Because if they can’t get your information, then they can’t extort you, and they don’t have any value, the attack didn’t effectively happen. So that’s when we came up with the whole idea of think about the problem in reverse. And so we came up with this anti data exfiltration technology where we effectively monitor all of the information leaving the device, and then we, we basically stop any unauthorized data loss. So when an attack happens, what does a typical cyber gang try and do? Well, they extract a lot of data, and then they try and extort you for that information. And then they usually do that by say, contacting the dark web, anonymize the information, they don’t try and trick few protocols. There’s literally 30 or 40, different things that they’re going to try and do. And so what we do is we have some sort of API that works across all of this. And we basically stop the data leaving that shouldn’t be leaving your device. And we’re able to find stuff that no other defensive security is able to stop because they don’t work at that level. So it’s sort of a summary effectively, sorry, long winded but that’s a long story. Yeah, sure. And then I think the, what’s interesting about that, beyond the fact that you’ve done it, is how you do that. How do you determine what data is critical data? What data isn’t body determinations around? Around each of those? Yeah, it’s a good point. So we use behavioral analytics to do a lot of it. And when I talk about that, and an AI, we talk about, what is it that defines bad behavior, we typically know when we talk to humans, when we see a criminal, we can sort of see when someone’s doing something suspicious. It’s not dissimilar to what the way we look at things from a cybersecurity perspective, we sort of know typically, what types of bad behavior that the cyber criminals are going to employ, because there’s no legitimate reason to use a combination of these different approaches, in an everyday situation. So we can pretty much determine pretty accurately, you know, 99.9% of the time, we will able to determine most things are bad activities, if you’re running certain commands to try and delete your backups, which is one of the very first thing any decent ransomware company is going to try and do. The Cyber gangs are going to try and Okay, let’s go and delete all their backups, so they can’t recover. So that’s the very first thing that I try. Anyone that that does, that we know, they’re up to no good right away, because there’s very few reasons to do that. So if you combine that with a 3030 or more parameters, and then you run it through some AI engines and Analytics, you can actually determine pretty accurately when the guys are good, and when they’re bad, you know, where they’re connecting to where they’re trying to exfiltrate data to, etc. So we think we’re pretty good at it. And, you know, it’s we’ve been doing it for, you know, I guess seven years now, although, really commercially from 2019, I would say, right, but blackfog is not a household name. And I wonder, given the chat we had as we headed into this, why? Why not just license that behavior

Steve King  09:59

analytics technology fits generalize that all and because what you described is the holy grail of behavioral analytics based discovery and, and detection. Why bother? Why bother running a company and having so many different search masters when you could just license this stuff to other folks and let them worry about making payroll every two weeks?

Darren Williams  10:25

Yeah, that’s a good point. Well, I’m an entrepreneur, ultimately, at my heart at the very soul. I mean, entrepreneurs like to create companies and build teams, and we have a great team, we think we’ve come up with something really, really quite interesting. Where you I mean, you can argue that about any company really why Why wouldn’t they license it? Now, you wouldn’t be the first person to say that. We have had a lot of some other larger companies come up to us and say, Would you license out your technology to us some very well, household names, and we felt that we have a unique opportunity in the marketplace to be the next big security provider. And we think we can do it better than a lot of the companies out there. I think, like, before we even got on the line, we talked a little bit about service and support. And I think that I would want to really focus on that as well as product and technology. Yes, it’s hard building a company. But that’s okay. I like a good challenge. I mean, we’ve built the technology now. We’re just building the people and processes all around it. And we think we can do a better job, frankly. Yeah. Now investors also believe that as well, they wouldn’t be involved. So, you know, we think we got a good opportunity out there right now.

Steve King  11:36

Yeah, got that half of our listeners are cybersecurity technologists, if you will, and, and maybe the other half are in the marketing business. And, of course, what’s interesting to everybody is how you how you get a startup like yours to market. So I guess that leads me to ask you What the What’s your go to market plan is for let’s pick the United States, for example, as you say, I mean, there. I don’t know about 6000, but certainly close to a number of folks all trying to accomplish the same thing. And your prosumer, your cybersecurity senior practitioner, who needs to do an evaluation of your product, etc, is overwhelmed by incoming noise. Right? How do you cut through that one?

Darren Williams  12:26

Yeah. Well, I think it’s really interesting. You say that, because you know, that’s always the challenge. And it’s really interesting when we jump on calls, and we’re really having the initial call with a client. And one of the first questions is like, well, how are you different everybody else, and most of the time, most people will be able won’t be able to say much at all, because again, it’s all defensive security. But we’re actually have such a different approach to stuff, we’re able to cut through that pretty quickly and say, Well, what are you doing in terms of your data? exfiltration right now? Well, usually the answer is we’re not doing anything, we’ve never even thought about it. And, and so typically, what we do is we install the we show them the software, just doing a zoom call. And we basically show them what is going on on the back channel. Everyone’s very familiar with what happens when you hit a website, and you’re consuming data. But no one knows what’s really happening on the back channel. And you see, every single customer that we show this to is just shocked. And I think it would be to you run the software, we have a little control our reset where resets all the counters, with the system off, and then with it on, and we show you the back channel chatter. And we can actually show you the number of connections just by going to a standard news website, you can see that you’ve basically got even though you’re going to news.com, say, and it pulls up this website, there’s about another 50 other connections happening, where they’re profiling you, and collecting data about you and sending it back to base. Now you can talk about anonymization of data all day long. But what actually happens is that company X will go and collect your gender, and Company Y will connect your affiliate can be affiliates in political beliefs. And in another one, we’ll collect something else. Now, all of them don’t have any personally identifiable information about you. But they all share it with each other and reassemble it in the cloud and share it between each other and they have agreements between each other. So yes, they anonymize them. They do things according to the law, but actually, there’s still a big database with Steve King on the other side that knows everything about you. And so that’s some of the stuff we show and then that gets the interest going. And then we show them about ransomware and how it’s working. And typically within 24 to 48 hours. We can show you there’s an attacker probably going on in your network somewhere.

Steve King  14:55

Right. So after you’ve shown me that then what’s the rest of the process look like?

Darren Williams  15:02

Yeah. So typically what we do is our approach is we offer a free seven day ransomware assessment for up to 20 devices in your organization. And we basically let you run for seven days and basically free of charge. We have one of our forensic team experts, we hire a lot of police investigators, and usually forensic experts that basically will guide you through the process. And then we’ll give you a call back and give you a report after seven days. And typically, we’ll show you some really interesting stuff. And everyone’s usually like, wow, this is really amazing. This is beyond what I would have expected. And I’ve never seen some of this information before. And typically, we close a very high ratio of our deals that way. So that’s pretty much how we go go and focus on things. Now. In terms of a go to market, what is our approach there? Well, I would say our focus is very focused on the SMA, you’ve got very big players, they’re very well financed some public companies at the very high level, you know, multi billion dollars available to them. And they focus on the high end enterprises, we don’t really want to even though we could compete from a technology perspective there, you really don’t want to pick on a gorilla. So when when you’re amino. So what we’ve done is we’ve said, Well, it’s very difficult for those high end companies to come down into the SME space, because their technology is such that you need so many administrators to run the solution, you need big IT departments, you really need to have a lot of resources, our solution is really well designed in the sense that we can hit the SME market, and you don’t need all that administrative costs. So you only need to be a small shop. And you pretty much just let the software run in our console. And all our reporting is all there for you. So you could run it in a small company without the overhead. So we have very high ratio of closes on that area. And again, we as I said, we don’t really, we don’t have to compete with the bigger guys there as well. And so that’s how we think we can effectively pick off the low hanging fruit, and then build the company brand name that way too, because there’s a way more of the SMEs than there are of the big accounts anyway. And we’re gradually increasing the deal sizes as we move up and get our brand out there and known. So that’s sort of our approach,

Steve King  17:22

how many customers do have their

Darren Williams  17:25

share of about 250 right now, and pretty reasonable size accounts, some of them, but you know, not huge, huge, you know, we don’t have big government contracts or anything like that. So, but you know, a lot of a lot of businesses, basically, a lot of North American few, we started in Europe very early on to test the market out there with GDPR, back in 2015, as we were doing the initial development of the software, and then we moved to North America around 2019, in terms of just going crazy. And really, we think we had something, and then we expanded we got some big financing so that we could actually help expand.

Steve King  18:03

Yeah, so let’s roll the tape back to that initial call. Where I don’t know if you’re using business development or sales development reps or what have you. But I understand what happens when you get somebody’s intrigue? How do you actually get them in the first place? And how do you? How do you take them to that level of intrigue that? Yeah, that will enable them to say, hey, yeah, let me let me run this for seven days.

Darren Williams  18:33

Yeah, so we, we have a number of angles there, the top two, probably the most, we should focus on probably, we actually produce some because of the work that we do in cybersecurity and ransomware. We collect a lot of data on a daily basis. And so what we do is we actually put that out there as publicly available report. So we do the state of ransomware from 2020 2021 2022. And so we combine in and and generate monthly reports on all this data, and we get it put it out there. And so we have 1000s of users that access that every month. And we have an amazing amount of traffic that comes to our website to get all of this information, and all the charts and interesting statistics out there. And so what happens is on on that particular page, we’ve also got ways for people to find out a little bit more about blackfog. And so we get a lot of leads from that. So we get to have a lot of incoming leads that come through that mechanism. And then our sales guys follow up on that. And that’s how we sort of take them through the journey from that point. The other thing that we do is we have a relationship with insurance providers out there cybersecurity insurance providers, where it’s not something that we offer, but we will recommend particular providers to have that if you’re interested in that. And then by the same token, they also introduce their customers to BlackFox So it’s sort of a two way street where both of us recommend each other. And so when somebody has a cybersecurity policy with this other company, and we use evolve, MGA is a classic example of that, who’s a great partner of ours, and they send us a lot of leads that way as well. And basically, they say, you know, we give you that seven day assessment. And basically, we close a lot of deals that way as well. So there’s a lot of mechanisms, there’s a lot of different channels that we’re using, but they’re probably the top two that I would sort of talk about. And we’re working with a number of other cybersecurity insurance providers as well, where we’re going to do something similar, because we value with both,

Steve King  20:42

I would guess that if I were an insurer and sort of looking out into the landscape in 2022, and realizing that they’re probably not going to be very many underwriters going forward here, without some sort of without some sort of structure, consideration around architectural improvements, or software that the foundations that that at least go toward mitigating and preventing entirely ransomware attacks. And if you guys have already, if you guys are the ransomware busters, it would seem to me that if I were an insurer, I’d want to partner up with you guys. Because, you know, for obvious reasons, right? And if you you said earlier, I think that you can you can kill 99.9% of ransomware attacks. That’s, that’s quite a statement. And given that, yeah, given given the slope of the hill here, you know, you’ve got a pile of gold here.

Darren Williams  21:45

Yeah. So we think that we can add some value, there’s no doubt about it. And and there’s been some recent reports that I saw one at the end of last year, which is really interesting on cybersecurity insurance providers, I think was top 20 in the world. And it was something like 18 of them lose money, because they can’t keep ahead of the curve on these things. Because the insurance rates are going up by 25%, like every quarter or something ridiculous like that, because they can’t keep in front of the whole problem. They don’t know what they’re even insuring for sometimes. And so as soon as they have an attack, their rates dramatically go up. So it’s becoming sort of unaffordable. So it makes sense that if the cybersecurity insurance underwriters actually partner with a cybersecurity company, then their claims dropped dramatically, then it’s easier for them to make an underwriting, you know, assessment of a company that why? Because they don’t want to be paying out all the time, obviously. And then if you then layer on the complexity, and the new government regulations that are being instituted everywhere, all over the world, and United States is no different is starting to say, look, if you pay out on a ransomware, you know, extortion, then you could be up for some pretty big legal problems with the governments as well. So you know, there’s all these complex things. So the more that you can stop it from happening, the better it is, it’s sort of like saying, Look, I do want to fire insurance policy for my home. But I don’t ever want to use it really, because I’d rather stop it. Because it’s not just the fact that you’re how, you know, you’ve got the protection. But if your house burns down, you’ve got the inconvenience, you got to rebuild, you got to live somewhere for two years while they rebuild your home, you sort of don’t even want to go there. Sure, I’ve got my coverage and stuff sorted out and financially. But there’s all those other factors. And it’s the same with cybersecurity insurance. Yes, sure. I got a policy. Sure, I might have a little bit of money, but your business can still go under. Because you’ve got to recover from it. You’ve also got class action lawsuits, you’ve still got all of these other problems that you may have to face legal problems. So it’s a very long list.

Steve King  24:07

Yeah, you’re right. It is a long list. And it makes me wonder whether what these folks are actually doing when they sit down to evaluate what their exposures are, because these things sort of creep out of the woodwork when you start looking at your policies.

Darren Williams  24:23

Right. And then there’s all those minor clauses as well. And I was talking to insurance person recently and they said, are you in believe the stuff they’ve added into some of the clauses now. I mean, it’s so they make it so difficult. There is a couple of providers, unscrupulous providers and insurance policies out there. They’ll take your money, but you try and get them to pay back out because it’s nearly impossible. And they and they get to like the one that I was reading about has not paid out any policy. It’s despite having like a 50% of claims they’ve been paid out one yet because there’s so many holes in it so you’re effectively extorting money from someone but you’re not able to give it back now that

Steve King  25:05

makes their shareholders happy.

Darren Williams  25:08

Sure does.

Steve King  25:10

So So I see that we’re out of time here Darren unfortunately because it was a real pleasure chatting with you and and I’m fascinated about black fog and its future here in North America. So perhaps we can get together again in say, six months or so and see how you guys are doing and whether your progress as you imagine is being materialized. So, oh, okay. If that’s okay with you, let’s let’s figure out how to do that. I

Darren Williams  25:42

love to thank you say thanks for your time today. Really appreciate it.

Steve King  25:45

Well, thank you, Darren, and thanks to our listeners, who I hope had a an equally enjoyable time and learn something from this and until next time, I’m your host, Steve King, signing off