tl;dr - At the heart of the Tonic platform is its ability to tap into the company’s collective knowledge and extract the business context of the digital assets powering the company’s most critical systems. By integrating with collaboration tools, business applications and ticketing systems, Tonic understands how assets are connected to applications and services, providing security and IT teams with true business context, and an unprecedented understating of their own “digital battlefield”.
I have been waiting to write this blog post for over 8 years now.
For most of the past decade, my co-founder Sharon and I have helped companies all over the world, from Fortune 500 companies to critical infrastructures to crypto currency exchanges, recover from devastating attacks that crippled their operations and threatened to shut them down for good.
Each time we returned from an incident, we’d jokingly say that we probably have no more than a couple of days until the next one comes in, so why bother unpacking? We were usually correct.
Now, our memory can play tricks on us, but it wasn’t always like this. It used to be that devastating cyber attacks were a thing you’d see in the movies, and from time to time in real life as nation states engaged in high stakes cyber warfare against other nation states (remember Stuxnet?). But that all changed in 2017. Most of us remember exactly where we were when news broke out on Friday May 12 that a ransomware was quickly spreading worldwide infecting hundreds of thousands of computers in an attack attributed to the North Koreans (I was actually at the movie theater, but nothing cyber related). As unprecedented as WannaCry was, it was only a prelude to the much more devastating Not Petya wiper attack that broke out about a month later. What was meant to be a targeted attack against Ukraine, broke out of control and infected numerous multinational companies all over the world to devastating effect.
Some companies were almost completely wiped out, and I was “fortunate” enough to spend months in aggregate at one of those firms, witnessing the aftermath of the attack as I was researching what were the main factors that almost got the company wiped out (digitally and commercially). In a series of meetings, it became quite evident that in the first 72 hours of the attack, with the firm’s critical business and IT applications still down, no one had a clear answer as to how to recover these critical systems as fast as humanly possible. In fact, what first seemed as a fairly quick, though not trivial, recovery effort to restore some ~20 critical applications, became a complex operation involving more than 300 people and as twice as many systems and servers worldwide, that took weeks to complete and cost millions of dollars.
When I asked one of the folks on the security team how come it took so long to get to the point where the critical applications that power the business’ largest revenue streams were fully recovered, I was met with a blank stare and blunt answer: “we had no idea which servers supported those [critical applications], how were we supposed to know what to do?”
It was the first time it was evident to me that a lack of how companies’ digital assets support their main business processes is one of the major contributing factors to many of the devastating attacks that would soon to come, as WannaCry and Not Petya signaled the beginning of what some call the “golden age” of ransomware threat actor groups.
And it was not only during incident response engagements where we saw how the lack of business and operational context hampers the ability of security and IT teams to get the job done.
In between incidents, we would spend a considerable amount of time working with Enterprise Security teams on their security strategy and how to best implement defensive mechanisms to prevent, or at the very least, significantly mitigate ransomware attacks. Every time we would ask “what are your main business processes, and what is the IT stack that supports it?”. It seems like a trivial question, but the answer was almost always incomplete at best and embarrassing more often than not. Firstly, not many security, IT or OT organizations know how to answer the first half of the question, as often times these teams work in silos without sufficient understanding of the business that they’re trying to protect. But even if the answer to the first question was given, there was not a single team that was able to accurately describe how their digital assets support critical applications, and what are the business ramifications should these assets be compromised or disrupted in any way.
I spent years working with teams all over the world tackling this issue, and it was not until recent advancements in AI made it possible to solve this problem once and for all, and on a massive scale.
And the reason why that is clear – if something is important to the business, someone is talking about it, somewhere. Think about all the information that exists across internal wikis, messaging apps, and ticketing systems. What happened to a critical server that suffered an outage or a connectivity issue? Someone reported it, and somewhere it was documented what were the implications of that outage or connectivity issue. We see this all the time, across enterprises large and small. The tribal knowledge of the organization exists, yet is usually highly distributed and unstructured, across disparate tools.
Tonic’s Data Fabric was built to connect the dots between assets (e.g., server, workloads, identities) and the applications/platforms (e.g., consumer facing, ERP, Finance) they support. Connecting these two semantically different groups of entities enables security and IT teams to be better across the board – from triage to investigation to remediation, having true business and operational context is key to solve one of the most complex challenges in cyber today – the lack of a deep understanding of your “digital battle terrain” - often the deciding factor in any complex cyber attack.
By harnessing collective knowledge through advanced AI, Tonic doesn't just map the digital battlefield – it gives security and IT teams a decisive advantage against even the most sophisticated of adversaries.
