Café con Leche with Dan Brett, Chief Strategy Officer at CounterCraft

6 Feb Read more blog posts

Interview with Dan Brett

Last year CounterCraft celebrated many milestones and successes, and pivotal to it all was none other than Co-Founder and CSO, Dan Brett. Dan works hand in hand with CEO, David, in leading the business and oversees the end-to-end sales and marketing operation.

We secured a slot in his diary to sit down and talk about some of the next steps planned for CounterCraft, and to get his views on the state of the cyber deception market. From digital enablement to Yorkshire dairy farms, there wasn’t much we didn’t cover!

How do you see cybersecurity becoming an integral enabler for large scale change?

Embracing digital is essential to remaining competitive in today’s global market, and more organisations are finally recognising the close connection between digital transformation and the need for cybersecurity by design. It’s all encompassing, and reaches many businesses that traditionally weren’t considered to be tech companies. The dairy industry, for example, is now an online operation - cows have become trackable IoT devices!

Cybersecurity is a really important enabler for securing the platform behind digital growth. It is fundamental to the success of any business transformation programme and spans every sector. Let’s think again about the dairy farm analogy; this kind of physical domain carries a minimal risk of being damaged by people in other countries. Everything changes, though, when you become digital. Because the cyber landscape is global, suddenly you’re exposed to all kinds of different risks, including nation-state level adversaries. Digital enablement is a powerful thing, connecting every small corner of the world, but of course, it comes with additional risks that need to be mitigated.

Talking about predictions, do you agree that 2019 will be the year when the CISO finally secures their position at board level?

Yes, absolutely. In fact, many companies already have CISOs reporting to the board. Talking security is slowly becoming business as usual, and the relationship between the CISO and the Board is better than ever. The two have developed a mutual understanding of the need to articulate highly technical security problems in risk-based language. This definitely creates an opportunity to encourage more diversity into the CISO community. Alongside the traditional technical experts, a more diverse skillset is now required. So, not only are the ranks changing, the role and remit are too.

Where do you see deception headed in 2019 and beyond?

Right now, deception is key because it allows enterprises to detect more threats than they’ve previously been able to, and to detect a higher order of threats, and it is about to evolve into a new wider concept. This is what we call enterprise cyber counterintelligence – if you can think of a shorter way of saying that let us know! This is not just detecting threats, but also investigating and engaging with them to disrupt threat actors before they’re in a position to impact the business.

There is a huge development path ahead from cyber deception to cyber counterintelligence, in which it will become a fundamental part of any corporate IT security area.

What part of the CounterCraft Cyber Deception Platform development are you most involved and excited in driving?

Without a doubt this has to be the ongoing improvements we’re making to the CounterCraft platform user interface. Better tools enable our clients to analyse data more effectively, vastly improving their day to day. The faster results are delivered, the better the tool, and the whole function starts to become business as usual. Advanced data analysis that has the power to slice and dice multiple datasets starts to overhaul the hunt for particular threat actors, meanwhile automation helps teams to prioritise and become more efficient, as intelligence identifiers work to highlight the stuff that they really need to pay attention to.

Where does deception fit into the overall cybersecurity landscape?

Most cybersecurity products are based on resolving incidents and treat threats as series of unrelated incidents. The focus is on what the adversary has stolen, disrupted, altered, but at no point do they take into account the intentions of the human force behind those incidents. In contrast, CounterCraft is very much focused on the adversary’s intention, and investigations are much more successful when we’re working with an intentional attack rather than a collateral damage attack, like WannaCry. Whatever they’re doing, the bad guy is always executing on a series of objectives. Once we understand the constant in the equation, the objective, we can turn this against them and use it to the defender’s advantage.

How do we do it? By creating a highly-customized, credible synthetic environment we are able to prolong their interaction with the system, what is also referred to as ‘dwell time’, and this way we can keep them monitored and controlled. They’ll continue to elevate their resources against you while we continue to collect more and more high-level intelligence against them. Defeat against the attack comes once they think they’ve succeeded. That’s when we can start to play with their perception of reality and eliminate the risk completely. It’s incredibly cost-effective and has a huge impact.

Do you have a favourite use case in which CounterCraft has revealed particularly fascinating insights about adversaries’ motives and modus operandi?

I remember one client from the financial sector who implemented the platform specifically to focus on external reconnaissance, which is one of the more unusual things we’re able to do. In this scenario we can see how cyber threat actors have informed their own technical bias. We deployed a campaign to detect people probing for specific systems and knowledge sets within the company, and not only did we detect people, we could also watch what happened next. For example, they may enter into a system, move laterally across a couple of computers and leave a trail of evidence. It’s interesting to see this kind of behaviour reflected across the MITRE Att&ck Matrix® in very explainable terms. This makes it easier for defenders to explain to the business why there is a particular risk.

The speed and accuracy with which this kind of threat can be resolved is fascinating. Analysts receive alerts of suspicious activity in real time wherever they are – and they may well conclude that it can be dealt with on Monday morning. So, you see, the impact on the lives of these cyber defenders is low. Instead, CounterCraft delivers enriched incident response capabilities where better context leads to more informed decisions.

What less obvious motivations can CounterCraft deduce from deception campaigns, besides the usual hunger for financial gain?

Threats to IP, VIPS and insider threats are next in line to attacks devised purely for financial gain. Threats relating to IP are very important in engineering firms, for example. Senior board members are increasingly targeted by exploiting the open source intelligence found on social networks. And of course, insider threats can either be accidental or intentionally damaging.

During 2018 you played a key role in the partnership strategy and internationalization of the company. At the moment CounterCraft have more than 12 global business partnerships. What can those partners afford to end-customers?

For us, partners are a vehicle to market. Many clients need help designing and deploying their deception campaigns. They know what they want, but need additional support and expertise to make it happen – and that’s where we come in. We train our partners to fill that gap. Since they are so intimately connected with the end-client, they can help them take maximum advantage of our system by tailoring it specifically to their needs based on their experience and customer insights. They are there for the end-customer, every step of the way helping them with the setup, deployment and working with them to analyse the data and control the attacks.

Which industries are benefiting most from using deception? The financial services industry is always the early adopter and we’re starting to see uptake in cryptocurrency exchanges and other related businesses. Outside of the financial realm, it’s becoming a must for engineering firms and pharmaceutical companies in their efforts to protect their intellectual property. In retail, deception is becoming more widely used to safeguard critical supply chains.

What are the three areas CounterCraft will focus on in your go-to-market strategy for 2019?

Partnerships, partnerships, and partnerships! We’ll continue our strong push across the EU and Latin America and we’ll also be initiating work in the Middle East and the US.

It’s less than two months until RSA Conference USA, and we heard you’ll be there. What will CounterCraft be focusing on at this year’s conference?

CounterCraft has been present at RSA Conference for a number of years now and we love it. It’s an incredible place to meet others in the industry and get an idea of all the technical possibilities available to CISOs. As well as exhibiting, we are pleased to be representing the Department for International Trade (DIT), as a member of GCHQ alumni.

We are leading the market as the only high-end deception solution provider, looking towards enterprise counterintelligence. At RSA we will be ground-breaking in demonstrating our advancements to a worldwide audience. If you’re looking to tool-up your security function with better awareness of current and unknown threats in preparation for the geopolitical threats we anticipate in the next five years, come and talk to us!


Does your agenda for 2019 include any events or conferences we can attend?

Yes, definitely, and I hope you do! I plan to attend Infosecurity Europe 2019, Cyber UK, Blackhat Europe, 44con, NIAS, and the Gartner Security Summit in London, where you’ll likely see some more of the team, too.

As a co-founder in an emerging technology market, what keeps you awake at night?

Crossing the chasm. Turning a startup into a viable business is a huge challenge. Making it from prototyping your product to achieving a repeatable sales cycle is a startup’s main challenge. This marks your right of passage and CounterCraft is crossing this chasm at the moment. Geoffrey A. Moore’s insights from the late 80s are just as applicable now as they were when he talked about 3.5-inch disc drives.

OK. one last one to wrap this up. Cortado or café con leche?

Oh, café con leche without a doubt! And now that you mention it, I think it’s about that time.

Keep up with Dan on LinkedIn for more musings on what is emerging enterprise cyber counterintelligence, and his pursuit for a catchier acronym. And, of course, catch him at RSA Conference 2019, 4-8 March in San Francisco alongside fellow musketeers, CEO, David Barroso and Head of Threat Intelligence, Nahim Fazal.

Like Jim Morrison said, this is the end. But you can...