Safety Detectives: Please share your company background, how you got started, and your mission.
Query.AI: Dhiraj Sharan and I met more than 15 years ago at ArcSight, a security information and event management (SIEM) company. Following our tenure at ArcSight, Dhiraj and I worked together at various successful startup companies, including Niara, Inc., a user and entity behavior analytics (UEBA) provider. Given our strong passion for cybersecurity and complementary skill sets (go-to-market strategies for me and engineering for Dhiraj) – we knew we’d make for a powerful combination. We decided to team up on a new startup – Query.AI – where we are focused on solving a major industry problem.
Because we were working in the cybersecurity trenches each and every day, we noticed that the explosion of data – in the cloud, within third-party SaaS apps, and on-prem – was causing security investigations to be extremely time-consuming and inefficient. The average enterprise has between 50 and 75 cybersecurity tools in-house, and the traditional SIEM model forces security teams to ingest data from all these tools into their SIEM to access and analyze alerts from a central location. In theory, the data centralization approach is a logical one, but in reality, it’s quite complicated.
For starters, with the unprecedented volume and distribution of data, centralizing all data into one universal repository is impossible for a number of reasons, including cost, scale, logistical complexity, data governance, and even politics and bureaucracy. This means that security teams are conducting investigations without having all the data they need for accurate analysis. Second, the data that is available for investigations is siloed into a myriad of browser tabs that security analysts have to continuously pivot through. Often, they have so many browser tabs open that it’s extremely difficult to derive any insights from the data within. Last but not least, the manual approach to data centralization and query searches leaves a tremendous amount of room for error. The end result is that security teams take far too long to respond to threats and often end up with inconclusive results for those threats they do identify.
Dhiraj and I realized that security investigations would be much faster and easier from a human efficiency perspective, and also more cost-effective from a data perspective, if security teams could access data where it lives. Our mission was to unlock data access, context, and unified action across distributed cybersecurity systems.
SD: What is the main product your company offers?
Query.AI: We offer the Query.AI Security Investigations Platform. From a technical perspective, the platform serves as the connective tissue that delivers federated search to conduct cybersecurity operations across data silos, eliminating the ineffective and expensive universal data centralization approach. Analysts can access and analyze data where it lives, which enables them to more quickly, accurately, and cost-effectively address security threats. In addition, they can easily understand the relationships among data and initiate response actions much more quickly. From a business perspective, Query.AI helps companies improve security posture, because faster incident response times equates to greater protection from today’s advanced threats.
Additional benefits of the Query.AI Security Investigations Platform include:
- A unified browser interface, which plugs into existing security technologies quickly and easily using APIs, providing users a single console from which to simultaneously investigate across all tools.
- The flexibility to query across cybersecurity systems and contextual information stores with the simplicity of a single query – via a Unified Query Language – so security analysts don’t need to be experts in individual systems. Analysts simply ask questions and get the answers they need easily and quickly.
- Peace of mind when it comes to data privacy and governance concerns, as the Query.AI platform doesn’t store, process, or require vendor access to the data.
We’re committed to helping companies unlock the power of their security data, so they can realize massive cost savings, more efficient security investigations across real-time and historical data sources, and reduce security analyst ramp-up time. With our platform, companies have access to data where it lives, so they can benefit from privacy by design, investigate in minutes, and respond with one-click orchestration. And, in a world where every second counts, with Query.AI, security teams are equipped with the speed they need to stay in step with threat actors.
SD: What is something unique that helps you stay ahead of your competition?
Query.AI: Dhiraj and I have spent the past two decades entrenched in the cybersecurity industry – so we know what works and what doesn’t when it comes to security operations, and the SIEM market, in particular. Our first-hand experience and expertise are one key element that sets us apart from our competitors.
Additionally, because we’re a startup, we’re able to be much more agile with our product and go-to-market strategy. We’re always integrating customer feedback to innovate our platform so that it evolves alongside our customers’ changing needs. And, we’re also able to execute on product enhancements much more quickly.
Last, but certainly not least, we have what I like to call the “first movers’ advantage.” Our architecture is truly the first of its kind, and no other company offers what we do. As our company continues to grow, the hope is that more security teams will realize they no longer have to accept the traditional way of conducting security investigations based first on centralizing their data. With Query.AI, they can eliminate common pain points and transform the process to more quickly, accurately, and cost-effectively address security threats.
SD: What do you think are the worst cyberthreats today?
Query.AI: Ransomware attacks have grown to be one of the worst cyberthreats over the past 18 months. They have been relentless, constantly dominating the cyberthreat landscape and media headlines. And those are just the attacks we know about. Many cases are never reported to the authorities.
Ransomware attacks are exponentially increasing by number and threat actors are becoming more aggressive with their targets. They’re executing attacks against large, Fortune 500 companies, as well as small to medium-sized businesses – so no organization is safe. Ransomware is a problem that isn’t going away anytime soon. Rather, it’s evolving and becoming more dangerous. In the case of killware, ransoms are no longer just about unencrypting data or keeping sensitive information off the dark web, but about saving lives. This is why ransomware is far and away the worst cyberthreat today.
A close second to ransomware is supply chain attacks. We saw many over the past year, including the attacks on SolarWinds, Synology, and Kaseya. Supply chain attacks are becoming an increasingly common – and dangerous – attack method because successfully compromising a third-party company, such as a software developer, vendor, or supplier, can provide cybercriminals with access to thousands of their customers. And, at the end of the day, a company is only as secure as its third-party partners.
This increasingly sophisticated threat landscape is why security investigations are so important. It’s no longer a matter of if a company will be attacked, but when. And when it does happen, security teams want to be able to detect it quickly, understand the scope of the attack, and respond immediately to contain the damage.