Cyber Security Pioneer Illuminates the Deep & Dark Web
Josh Lefkowitz, CEO and Co-Founder of Flashpoint, speaks with GrowthCap about the critical need for corporations and governments alike to stay ahead of the Deep & Dark Web as illicit actors become more commonplace in both the physical and digital worlds.
To read this interview on GrowthCap, please click here.
RJ: Josh, thanks again for joining us, we really appreciate the time. This conversation comes at a very interesting time given everything we’re hearing in the press about cyber breaches and what unfortunately recently happened in Paris. Maybe we can kick off with a high-level overview of the important work you’re doing at Flashpoint.
Josh: Absolutely, and thanks for taking the time. Flashpoint provides visibility into risks that materialize in the underbelly of the Internet, the Deep & Dark Web. For those who are not familiar with it, the Deep & Dark Web is comprised of the unmapped areas of the Internet; those that are unreachable by traditional search engines like Google and Bing. That could be everything from the Tor Onion network to password-protected forums like, Internet Relay Chat, and P2P file sharing technologies. Our approach at Flashpoint is really a holistic approach where we look at not only folks that are involved in hacking and cyber crime, but also on the physical side of the house, whether it be Al Qaeda, ISIS, or other threat actors who are looking to cause harm in the physical medium. In these capacities, we support a broad range of both government and Fortune 500 customers across the globe.
RJ: There was just some news about a breach of Starwood’s data earlier today. It seems this is becoming more of a common occurrence that you see large corporations have breaches into their payment systems. Is that one of the key areas that you help corporations with?
Josh: We frequently assist our customers with understanding, mitigating, and reducing fraud. The fraud problem is one that is very much front and center for corporations, and the level of sophistication of the adversary community that operates in the Deep & Dark Web is, frankly, remarkable. These are well-oiled economic machines with a full-fledged dedication to finding creative ways to target global financial institutions. What can be gleaned from monitoring the Deep & Dark Web in terms of providing a lens into the strategies, the tradecraft, the techniques and tactics that are used by these particular illicit actors can be extraordinarily relevant and actionable to the point where in numerous instances we’ve been fortunate enough to help some of our global financial customers, and saving them tens of millions of dollars by giving them a bird’s eye view into some of these tactics that are being deployed by these illicit actors.
RJ: One of the things that I noticed when we visited with you previously was the level of talent that you have there at Flashpoint and the level of talent you need to be able to effectively provide solutions to protect systems. Could you just shed a little bit of light on the folks that you have there and how you’re able to really address the Deep & Dark Web?
Josh: Being able to gain access into these highly vetted communities in the Deep & Dark Web is an extraordinarily difficult and risky endeavor. You need an A-Team to be able to operate at the scale that Flashpoint does, and that requires not only a broad range of linguistic skills (here at Flashpoint we have over 12 different languages represented), but also an understanding of the cultures and a broad range of different ecosystems to be able to interact with illicit actors as if you were one of them.
And then of course from there, you also need a very savvy technology team to be able to automate collection from particularly difficult to access corners of the web. In that regard, we’ve assembled a world-class team comprised of individuals who not only come out of some of the elite cyber threat intelligence programs and the Fortune 500 companies like Deloitte, JP Morgan, Target and others, but also a deep bench of talent coming out of the U.S. government national security apparatus who have been on the front lines in a prior life and have now transferred that skill set over to the private sector. You see that across the marketplace where Fortune 500 companies are really scrambling to build teams that can help get in front of this problem set. The reality is there’s a very acute war for talent to try to recruit folks of the caliber that we’ve been able to bring in house.
RJ: It would be helpful to also hear a little about your background and what led you to create Flashpoint and more broadly the career path you took to get here.
Josh: Flashpoint grew out of a consulting business that my co-founder, Evan Kohlmann had been running since 2004. Evan and I had met at our first jobs out of college, and we both cut our teeth as intelligence analysts supporting terrorism investigations and prosecutions. Evan’s consulting business became the go-to resource for the Department of Justice around the country as they struggled to process and make sense of a stream of post-9/11 investigations and prosecutions. Evan very quickly established himself as one of the leading global experts on terrorists’ use of the Internet, leveraging a very unique combination of subject matter expertise as well as technical acumen. Flashpoint really emerged as an evolution to that consulting business based on the identification of a couple core pain points.
As analysts, we understood that in these very austere Deep & Dark Web environments, purely taking a human led approach to monitoring risk in the Deep & Dark Web was woefully inefficient. When Flashpoint stood up in late 2010, it’s important to understand that this was really taking place in a broader narrative which was that open web data collection was being transformed. Companies were plugging into Twitter and Facebook and trying to glean insights into what was going on in the open web at scale. The reality is that illicit activity doesn’t take place in the open web; instead it happens in the shadows of the Internet. What we came to realize as analysts that had spent our life in password-protected forums, literally hitting the refresh button over and over, looking for interesting and notable developments, was that there had to be a way to fuse deep subject matter expertise with technology. That was really the aha moment that drove us to start Flashpoint and that now even fuel’s its growth: to look for ways that technology could empower the analysts to provide a far more holistic and efficient lens into the most significant areas on the Internet where threat actors were congregating.
RJ: And thinking about some of your key clients such as financial institutions or large retailers, are they able to take your technology and effectively prevent cyber breaches, or is it a combination of both preventative measures as well as a need for quick detection?
Josh: It is really a combination of the two. We can provide customers with an advanced warning of threats and vulnerabilities that impact their perimeter as well as their assets that may have been exposed in one way or another. There’s also an incident response component, where we help corporations really minimize the time between exposure and detection. Both of those can be tremendously impactful given the risks that exist on the Internet and the financial implications of being blind in this particular regard.
RJ: Given the sophistication of your solution, do you find that there are many out there who are providing a similar type service, or are they mostly on the consulting front?
Josh: There are a range of providers in the cyber security marketplace, and certainly a broad range of providers within the cyber threat intelligence subsector. We’ve really distinguished ourselves as the leading experts, the leading solution providers in the Deep & Dark Web. We’ve been very focused in terms of where we invest our resources. And we’re seeing more and more that customers across the Fortune 500 are recognizing that coverage of the Deep & Dark Web is vital to a comprehensive security program. We are not trying to be all things to all people. We believe that just like there’s a requirement to have DDoS prevention services, just like there’s a requirement to have antivirus and email spam detection, having a lens into the Deep & Dark Web is a critical and required component of any security program.
RJ: To help round out this conversation, where do you see Flashpoint going over the next year to two years? You clearly have a very big market and corporations are increasingly becoming more attuned to the solutions that they need to have in-house. Are you focused on product and service expansion? Could you shed a bit of light on the future growth path?
Josh: We’re certainly very heavily focused on how we can assist corporations–Fortune 500 and beyond–to understand intimately the risk that they face emanating from the Deep & Dark Web and provide them with proactive, actionable, and substantive solutions that can help them mitigate that risk profile. In that way, there’s certainly a component of helping people better comprehend what is taking place in the Deep & Dark Web. The market holistically is still evolving and is still relatively early stage when it comes to really mapping out what a highly effective and comprehensive security program looks like. Beyond that, for Flashpoint, the key will be ensuring that our data and intelligence is operationalized for the tools and workflows utilized by security teams. This focus will be a core priority for us in 2016 and is part of the reason that we’ve worked very hard to establish partnerships that can leverage our data into that operational workflow.
RJ: Fantastic. Another thing we were curious about was your level of involvement in the aftermath of the tragic events in Europe, or other instances of attacks? I presume these are very directly relevant to Flashpoint.
Josh: Most certainly. The immediate week after the Paris attack has certainly been frenetic, and I’ve been extremely proud of the round-the-clock support our team has been able to offer our customers in the aftermath. The questions that our customers are asking all the way up to the C-Suite have been consistent: trying to understand the implications of these attacks, what it means to the homeland, and what it means when it comes to executive travel to Europe, as well as physical infrastructure that they have there.
We have been in constant touch with our customers, with briefings throughout the weekends as well as reporting out to them on the latest developments and implications. Of course financial institutions are also interested to ensure that no financing trail was coming through their organization, and we’ve been working hand-in-hand with them to help them better understand how ISIS finances itself. We actually just put out a white paper on that topic, because it was a question that was being asked so repeatedly from the C-level on down. It certainly is indicative of the multifaceted nature of threats that we’re seeing, and also the bleed over between the physical and the virtual world because, prior to this event, there were a lot of discussions about how ISIS was recruiting individuals on social media and of course we pay very close attention to ISIS’s online footprint both in the Deep & Dark Web as well as through online social media. As a result, there have been again a range of inquiries from both government and Fortune 500 customers who have sought additional insight in the wake of this tragedy.
RJ: This has been a very informative conversation, and I think a lot of our readers will enjoy learning more about the work you do; it is important work. It’s always a great pleasure for us to be able to interview companies such as yours that are providing a much needed service to corporations and other entities that are in need of this type of cyber protection.
Josh: Thank you again for the time. It’s my pleasure.