We try to prevent any hacking attacks. The main idea right now is not only to trust your firewall, but to prevent the point of having to actually use your firewall. We monitor the dark web and specific sources and forums we found more interesting and active and we monitor the discussions being made about companies, governmental bodies, their executives, their IP ranges etc. We map the network as we can see it from the outside, so this entire systems tries to mimic a hacker’s mindset and his way of thinking. We don’t try to get information from the company itself. We see what we can get without their help. In this way, we can really understand their vulnerabilities and weaknesses without getting insider information. This is exactly how a hacker would get the information and these are the weaknesses anyone can see from the outside. Once you are aware of the weak spots, then you can be more active in preventing attacks.
Firstly we use VR (visual reconnaissance), a representation of the network topology as we can harvest it passively. This way you can see the open ports or the technology being used that has known vulnerabilities – information that any hacker can get their hands on.
Secondly, discussion monitoring which can bring up specific data breaches or leaks of credentials or any kind of discussions that are about the executives, the network or the company. This gives us alerts in advance to see what we can do to prevent any action on the network.
We don’t compare ourselves to our competitors. We believe in our product and we believe that the best way to sell it is to provide the best presentation. A lot of people do it – Israel is after all an intelligence nation!
Most of the people who work for KELA were intelligence soldiers and officers. They were analysts in the IDF and are currently civil analysts. We base our experience from intelligence and apply it to the business and civil world. We combine the automated services done by the system with our human touch i.e. the analysts. At the end of the day, we can send you a lot of information, whether its the discussion results or the VR, the topology itself. But you will need to understand what to do next. This is where the analysts touch comes in handy, because we provide detailed reports in an organized matter with recommendations.
The dark net is where the action really does happen. It’s not as easy to monitor as any other open source. The main challenge is to map the important sources, the relevant forums or websites, because 99% of the dark net is background noise which is not important or relevant. At some point, you need to know how to dig deeper. It’s not enough to get the results. What’s next? Who published the results? What was the rest of the conversation about? Will they be going to do anything else? Then you can start the research.