SAN FRANCISCO – Feb. 16, 2016—Against an onslaught of high profile data breaches, nation-state cyberthreats and flourishing cybercrime, one group of world-class cyber sleuths at ®buguroo— a U.S. startup and spinoff of Deloitte’s European Security Operations Center (SOC) — is taking the fight back to the threat actors themselves. Using aggressive techniques to hack the hackers like Dark Web data mining, malware back-tracing sandboxes and deceptive “take my endpoint, please” decoys, buguroo is taking aim at the very criminals behind the attacks, as well as the malware, botnet networks and command and control centers on which they rely.
To aid in the fight, buguroo is launching bugThreats, a comprehensive threat intelligence platform (TIP) that, in sharp contradistinction to other entrants in the nascent TIP market, looks outside the enterprise infrastructure and focuses purely on useful intelligence gathered where the compromised end users, and their stolen data, are.
“If you are a bank, an e-commerce provider or another high value target, your biggest problem is not the employees inside your hardened infrastructure. It is the millions of users outside of your control that are under attack,” said Pablo de la Riva Ferrezuelo, CTO and founder of buguroo.
buguroo aims to complement the existing IT security stack, not reinvent it. Focused on intelligence and not protection, the bugThreats vision is to strengthen existing tools by investigating beyond the infrastructure to gather and feed intelligence that helps protect the millions of home banking, social media and email end users — as well as off-hours employees — that are receiving massive attacks, from the whole world.
Not only does it detect and analyze threats to determine who and what they are after, bugThreats patrols the Dark Web, paste bins and other cybercrime haunts to find stolen credit cards, login credentials and identities and sends alerts back into the ITSEC protection infrastructure solutions to make them more effective.
“Whether an end user or partner client is compromised in their home, hotspot, hotel, Internet cafe, or wherever they are, bugThreats is designed to identify information for our clients’ customers that is exposed online and can be used to profile a company and orchestrate an attack. We provide a tool that can detect and isolate the attacks used to capture the data, analyze the new technique, trace the actors involved back to their source and discover what was stolen before it can be used for fraud,” said de la Riva Ferrezuelo.
The comprehensive bugThreats platform makes enterprise security operations analysts more effective and has already been proven in use in several large global infrastructures. The new bilingual English-Spanish bugThreats and the associated professional cybersecurity services are available immediately in the U.S., European and LATAM regions.
In addition to its extra-infrastructure focus, buguroo’s approach to the rapidly evolving cyberthreat intelligence market is unique and novel in many other ways:
- Designed by ethical hackers and cybersecurity analysts, the platform automates their own best practices and provides a single tool for managing everything
- Includes dozens of advanced technology solutions and techniques used to detect new threats and deliver intelligence on who and what they target, who the threat actors are, where the attacking botnets and C&C centers are, where the data is going and what data, such as login credentials or credit cards, was compromised so action can be taken to prevent fraud
- Helps “hack the hackers” by delivering intelligence to penetrate the Dark Web cybercrime networks, botnets and C&C centers
- Deploys easily and delivers time-to value; does not require any on-premise software or hardware; simply create a user ID on the buguroo cloud and an automatic intelligent infrastructure discovery capability starts getting the intelligence you need
- Provides a cloud-based big data and proprietary analytics ecosystem that automatically stores, correlates and analyzes all of the intelligence, searchable from a global suite and accessible from anywhere in the world
Although a startup in the U.S., buguroo is building on its five-year history in Europe and its proven technology and security operations experience. Originally, the company was a stand-alone unit in Deloitte Spain, and the buguroo team of ethical hackers and cybersecurity analysts worked alongside experts from Deloitte Spain to manage the Deloitte Security Operations Center (SOC) for Europe. In 2015, the 50-employee company was spun off as buguroo and closed a $3.34 million round of angel financing to expand its business internationally and accelerate development of its product roadmap.
Separately today, buguroo announced its bugFraud Defense next-generation online fraud detection solution that provides real-time protection of websites from hijacked sessions using man-in-the-browser or man-in-the-middle attacks. It also announced its application security solutions, bugScout and bugBlast that, among other distinctions, include a modern architecture designed for the cloud that enables full modeling of today’s very large applications in memory, a capability not available from current appsec providers that industry analysts have cited as a security weakness.
buguroo also provides technical services from its highly qualified team of professional security auditors to help clients with malware analysis and remediation, forensics, impact analysis, Dark Web data recovery, botnet takedowns and other advanced techniques.