Earlier this week, we were excited to announce our oversubscribed $15 million Series A round of financing, led by new investor SYN Ventures with participation from existing investors ClearSky Security and South Dakota Equity Partners. The funding further validates the market demand for our one-of-a-kind solution that gives companies full control of security investigations within a single, unified interface.

Query.AI was founded to solve a major problem for enterprises today – ransomware, breaches, and other cyberattacks are continuing to increase at record rates while the amount of enterprise data is exploding and becoming more and more decentralized and distributed across cloud, third-party SaaS, and on-prem environments. Businesses of all sizes collect data from a wide range of sources, including AWS, Google Cloud Platform, Azure, Microsoft 365, multiple SaaS applications (typically 50-100), plus a ticketing system. This is compounded by scale challenges with gigantic-volume data sources like DNS, Flow, Proxy, Cloudtrail, and Endpoint data.

In addition, multinational corporations use siloed data due to regulatory compliance requirements across different countries or regions, and while it still may have its place for compliance and retention situations, the onslaught of decentralized data has rendered universal data centralization models impractical for security investigations. As data volumes exponentially increase, so do alerts that security teams need to review and investigate from an inordinate number of tools.

Among the range of tools, organizations are using SOAR and XDR in an attempt to solve the problems of data decentralization, but they’re not the answer. Enterprises have found that SOAR requires time-consuming software engineering efforts to build playbooks and manage API integrations. In fact, according to a study by the Ponemon Institute, the average organization spends $2.7 million per year on engineering work to integrate disparate security data and yet only 23 percent consider their security engineering efforts as very valuable. And, while XDR definitions are all over the map, XDR still relies on a single platform provider to do all the collecting, aggregating, correlating, and analyzing. To try and adjust, SOC analysts are also increasingly relying on their endpoint protection or a focused threat detection product to address the issue, but neither option gives them the full picture to truly assess what is happening in their environment.

In the end, SOC analysts spend their days doing swivel-chair analytics, pivoting between siloed tools to manually correlate the data to determine what they should investigate before they can actually respond. It’s an exhaustive, time-consuming, and burnout-inducing way to work for security teams that are already stretched thin.

The Query.AI security investigation platform solves this problem by serving as the connective tissue that provides real-time insight for security data across platforms no matter where it resides – the cloud, third party SaaS, or on-prem systems. Our API-enabled platform does not require the transfer or duplication of data. It simultaneously normalizes, aggregates, enriches, visualizes, and analyzes alert data that lives across cybersecurity systems with a single, unified browser interface. And, it makes security operations teams more productive much faster by giving them the flexibility to ask questions via text, natural language, or Unified Query Language, and helping them quickly understand data relationships so they can initiate response actions.

The pain point is real, and the market is responding to our solution. We’re already generating revenue from several enterprise-level organizations, many of which are MSSPs for parent companies with numerous affiliates. We have an extremely healthy pipeline, and the new funding will go toward scaling customer support, the continued expansion of the Query.AI security investigations platform, as well as its expanding library of integrations with additional technology providers across cloud, third-party SaaS, and on-prem environments.

The entire Query.AI team is excited for the opportunity to continue our work to help enterprises accelerate cybersecurity investigations and efficiently respond to and mitigate threats.

Want to learn more about our innovative security investigations platform? Book a demo, today!

Today we are ecstatic to share that we have been recognized by Gartner as a Cool Vendor in Security Operations! [1] 

Introduction

Today’s most widely used security toolkit is OpenSSL, not only due to its licensing terms (including a commercial use with no restrictions whatsoever) but due to its rich plethora of facilities and building blocks we can use to build any sophisticated cryptosystem.

It is also a rich learning tool, and despite its serious nature, we can use it to understand several basic questions like how internet banking works or how cryptocurrencies function. You can also learn fingerprinting and blockchain logic using the Linux command line and OpenSSL utility.

Picture this - you are coming from a database background and getting into the world of IT monitoring or administration. While you are newly warming up to the Linux command line, you have to deal with Windows and Mac machines in your network. Add to that a bunch of Linux servers in your company’s data center.

As a systems administrator, how can you monitor each system’s health, disk space, and metrics? Unfortunately, learning the tools for each OS can be a drag. Many cloud companies offer their dashboard, and those can be helpful, but what about the physical machines in your network? How do you monitor them?

You will need some kind of instrumentation to monitor and take action based on the situation. With big data and high-speed networks and plenty of video-rich accesses, even the terabyte disks can fill up quickly, and you need to take stock of disk overruns, memory, CPU, and network usage. Or in the cybersecurity world, you need to monitor any suspicious activity on your company’s systems.

We talked about introductory OpenSSL in a previous blog Dipping Our Toes into OpenSSL, that covered how it supports rich cryptographic-centric operations, which are needed for all sorts of things in the security domain and even outside of it. Today, let's take the next step and understand some of the crypto arithmetic behind it, without making the topic too complicated.

Photo by Vanna Phon on Unsplash

Socat - the tool of choice for proxies and networking pipes

In prior blogs, our team has written about tools like netcat, Nmap, and Zeek that network security engineers widely use. Security analysts and threat hunters use these tools to help with their daily tasks. So this time let's talk about socat. Socat is the tool of choice if you are creating your own proxies or networking pipes.

To start a career as a security analyst, one must have a good understanding of the network and knowledge of networking tools. Let's begin with netcat.

What would life be without OpenSSL, can we even imagine one! 

A software application is a program or multiple programs that help end-users. Most applications use network resources, database resources, storage, and other cloud resources, to function. This connectedness is vital to keep in mind, not only how your end user may interact with the application, but also how vulnerable the application may be to malicious actors. One may use several different methods to protect the application, but a determined attacker with sufficient resources may access your application. So, how can we secure your home-grown IT applications? 

Python is an incredibly powerful programming language. It is not only for small school projects but instead, also used for Google AI in photo recognition and other monumental projects.