Today we have a great interview for you!
We spoke with Marco Ramilli, CEO and Founder of YOROI. This company is not like any other! If you want to find how bushido and samurai traditions influence modern cybersecurity, you found the right place. We talked about differences between cybercrime in US and Europe and much more. Read about one of the most extraordinary company founded in Europe!
[Hakin9 Magazine]: Hello Marco! Could you introduce yourself to our readers, just in case they are not familiar with your work?
[Marco Ramilli]: Absolutely, name is Marco Ramilli. I took a Masters Degree on Computer Engineering and after that I took a PhD on Computer Science “traveling between” UCDavis, CA and University of Bologna, Italy. Since my MD, I’ve been studying and working on cybersecurity in different organisations in both private sector and federal government. I’ve been involved in several OpenSource projects such as (but not limited to): malwarestats.org, malcontrol, RoboAdmin.sourceforge.net, and so on.. (you might check the full list here: http://marcoramilli.blogspot.com/p/projects.html). I do run a cybersecurity blog: http://marcoramilli.blogspot.com. Today, I am the Co-Founder and CTO of Yoroi S.R.L (www.yoroi.company) a Managed CyberSecurity Service Provider (MCSP) where we developed innovative solutions against CyberSecurity Threats.
[H9]: Why did you choose a career in security? Why Ethical Hacking?
[MR]: Since I was young, I was fascinated by understanding how “things work”. The continued need of knowing the deepest technical details during my life took me on the “Ethical Hacking” path. I did not choose :D, I did not have it in mind to become an “Ethical Hacker”, I became it without even knowing what I was doing was known as Ethical Hacking. So, in some senses it has not been a choice, I simply followed my passions.
[H9]: Caraibici dances?
[MR]: Because it’s a nice way to get fit and to “clear your head” :)
[H9]: Tell us more about YOROI, why did you create this company?
[MR]: YOROI gets its name from the ancient Samurai’s armor. Today, YOROI protects its customers as the armor protected the Samurai. Thanks to our analysts’ experience and education, YOROI’s goal is to “map the protected company” in terms of: understanding the business processes, assessing the business risks and thinking as an attacker would in order to apply security measures to protect the company. To reach this goal, we developed an innovative protection system based on private sandboxes, networks IDS, and Cyber Intelligence (images below). We do offer our CyberSecurityOperationCenter as a service. YOROI has been created because my co-founders and I are observing a huge gap between current protection systems and current threats based on Evasive Malware.
[H9]: You have been studying and working in the USA. Why haven’t you decided to open a company there? Isn’t the USA the main source of cyber crime and has the biggest need for cybersecurity?
[MR]: What you say is true: on one hand, in the USA, the cybersecurity working field is much more prosperous if compared to the European one. On the other hand, in the USA, many companies are already working on the same field (even if using different technologies ad methods). My colleagues and I decided to start up YOROI in Europe because we saw a deep gap between what organisations need and what organisations have. So we built up YOROI filling the gap by giving an expert team of cyber analysts to organisations which need to protect their cyber perimeter.
[H9]: YOROI has a motto: “We Protect You, No Matter What”, can you tell us more about it?
[MR]: Our motto underlines the way we work, the way we put our entire effort and expertise in what we do, the way we are dedicated to our customers whatever it takes. No matter what it takes or what kind of effort we have to invest to protect our customers … no matter what! We want to protect our customers!
[H9]: On YOROI’s website you have a cyber security index. How accurate it is? Can you tell us how it works?
[MR]: The YOROI’s cybersecurity index is a useful resource to control how many threats, infections and Malware we observe on daily basis. It gives you a “defcon like” index, able to warn or to calm you depending on the displayed sizes. Our cybersecurity index measures three sizes (Threats, Infections and Malware) based on our findings. We do not pretend the numbers reflect the state of the World Wide Network but it gives you a nice approximation of the health of the Internet since our customers come from different fields, such as (but not limited to): Banking, Insurances, Gov and Industrial.
[H9]: I have to ask what’s with all these references to samurai? Is there a story behind this?
[MR]: Yes, there is a story … :) Our company is built on top of the “Samurai’s tradition”; we call ourselves “cyber warriors” and we respect a cyber warrior bushido: our internal “honour code”. Having a full story is important to create an innovative, challenging and fun working environment where cyber warriors feel like home.
[H9]: How does bushido relate to cybersecurity?
[MR]: Being able to protect somebody and/or something, needs discipline. Indeed, you might look for hundreds of connections and/or reverse hundreds of files and find “nothing”, but you need to keep going because all they need is only one malware to keep control of the entire attacked organisation. Our “honour code” (our Bushido) helps us to give the best in every situation: keep investigating even if everything seems to be harmless, listen to the customer needs even if we already know what he desires, think before you act, stay silent and report only important threats, and so on…
[H9]: How have security threats evolved over time? Is the internet safer or less safe now than five years ago?
[MR]: On one hand, the public release of exploit kits, such as (but not limited to) “Angler” and “Nuclear”, took the cyberthreats to the next complexity level. On the other hand, new security solutions, such as advanced intrusion detection systems and Sandbox environments, raised up cybersecurity defences empowering human analysts. Nowadays, the most frequent threats affecting organisations are based on Malware. Malware (Malicious Unwanted Software) are able to automate many of the steps involved in a single attack and are able to scale up common attacking phases, such as: propagation, getting persistence, update payload, giving back control, data exfiltration, etc. For these reasons, attackers prefer to invest in Malware threats rather than performing attacks by hand (old style attack) taking the Malware ecosystem to a “real and deep Zoo”. Today, Malware are getting more and more complex; in YOROIwe are observing a huge change from Polymorphic Malware to Evasive Malware. A Polymorphic Malware is a specific piece of code able to change itself even if holding the same behaviour, while an Evasive Malware is a piece of code able to understand if it is living in a real environment or in a fake one (like a sandbox). If an Evasive Malware “thinks” it’s in a fake environment, it won’t fire on malicious behaviour. This “intelligence” makes very difficult the early detection of new generated Malware.
The Internet of Everything is a reality, everything is connected and “connected things” are experiencing the internet by meaning of sensing and acting like human beings. Peacemakers, insulin injectors, remote surgeries, but even more, simple home automations, SCADA systems, home security appliances are only some of the connected devices. New Malware threats applied to the Internet of Everything makes the current Internet less safe than ever.
[H9]: What do you think is the biggest challenge standing before cybersecurity community right now?
[MR]: On my personal point of view, the most important challenge standing before cybersecurity is “the mental change”: Firewalls, AntiVirus, Proxies, MTUs, etc., are not anymore enough to guarantee an acceptable security threshold. The need of CyberSecurity experts (such as threats analysts) is becoming the fundamental step for getting back control of our networks. Many technical challenges, such as Domain Name Generation detection, multi-path implementation and real hardware emulation for sandboxing are still very important challenges, but before this, we need the mental change to move on the cybersecurity’s economy firing up new technical solutions.
[H9]: What is needed for this change to happen?
[MR]: My belief is that we need two things: (a) Direct Experiences and (b) Cyber Security Ambassadors. Direct experiences are life changing. Many CIOs, after a cyber security breach, totally change their minds, putting cyber security as one of the top priority on their list. Cyber security ambassadors are skilled people who decide to dedicate their own career on “talking” about cyber security by teaching to other people the real risks and the possible paths to the cyber risk.
[H9]: What do you have to say about formal education in cyber security field? Is it a good path for young people interested in IT?
[MR]: In my personal point of view, formal education, even if it’s not always up to date, is a fundamental step to build the right forma-mentis able to push young students to the need of “knowing how things work”. I definitely would suggest formal education for students interested in Information Technology! Although I do agree with people arguing formal education is not enough. In my personal experience, it played a primary role in my education, ergo in my career.
[H9]: What do think about certification as a one of the most important ways to prove your expertise in cybersecurity?
[MR]: Certifications are the ultimate way to be on the edge of technology. Having a standard path to achieve a well known “security status” is the best way to guarantee a minimum skill set. Certifications are very useful in the private sector, too, in order to qualify and to normalise the skill set adopted in the specific field. Making a long story short, I definitely would suggest the kind of certifications enabling practical usage of specific technologies.
[H9]: Do you think it can be confusing for newcomers in the industry to choose the right certifications to get, among so many?
[MR]: Yes, I do. There are many certifications out there, such as (but not limited to): process oriented certifications, methodology oriented certifications, law oriented certifications, technology oriented certifications, risk awareness certifications, and so on and so forth… There is not a best certification program, each one is a worthy one. What the student should do is to understand what he needs. I would suggest to understand what “face of Cyber Security” needs to be addressed and later on looking for certification in that direction.
[H9]: Lately the world has faced many cyber attacks that were successful. Why aren’t companies better prepared for attacks?
[MR]: Often, companies acquire Vulnerability Assessments and Penetration Testings periodically, and NextGeneration of Firewalls, Intrusion prevention Systems, even recent SandBoxes technologies without having a real service behind them. Owning the best in class technology without somebody able to interpret the results and able to make decisions could prove useless. YOROI was born to fill the gap between automation and humans.
[H9]: Do you have any thoughts or experiences you would like to share with ouraudience? Any good advice?
[MR]: During the past few days, I woke up with the following thought which I’d like to share:
“Cyber Attacks are often realised by software which is developed by humans, ergo attackers could be considered humans as well. Defeating attackers’ human minds requires defensive human minds.” Technology is perfect to help analysts but nowadays, attacks are way too complex for simple machines, we definitely see the need of defence built on top of cyber warriors !
[H9]: Thank you for talking with us!