Sponsored: Why security is a data search problem - Risky Bulletin

Summary

Risky Bulletin: Sponsored Episode – "Why Security is a Data Search Problem"

Host: Tom Uren
Guest: Mike Wiachek, CEO and Founder of Stairwell
Release Date: May 4, 2025

1. Introduction to Mike Wiachek and His Journey

The episode opens with Tom Uren introducing Mike Wiachek, the CEO and founder of Stairwell. Mike shares his passion for internet search and his long-standing ambition to work for Google. Despite multiple unsuccessful attempts, his persistence paid off after gaining experience at the Department of Defense and pursuing a Master's degree in computer science at the University of Maryland.

Notable Quote:

[00:55] Mike Wiachek: "I enrolled in 2004 I think, and two months in I sent my resume again to Google and this time they said we want to meet you."

Mike's journey underscores the importance of perseverance and continuous learning in the cybersecurity field. His eventual success at Google set the foundation for his subsequent ventures in cybersecurity.

2. The Impact of Operation Aurora and the Formation of the Threat Analysis Group

Mike delves into a pivotal moment in his career—the impact of Operation Aurora. This was a significant cyberattack where Chinese state-backed hackers compromised Google, leading to a profound shift in the company's security approach.

Inspired by advice from a Navy SEAL during his tenure at the Department of Defense, Mike adopted a focused mindset to tackle challenges:

Notable Quote:

[02:20] Mike Wiachek: "It's just trying to think about what that situation was... I don't care what's happening... what do I have? What do I need to do? How do I do it?"

Utilizing Google's vast computational resources and his expertise, Mike founded the Threat Analysis Group (TAG). This group marked the early days of Cyber Threat Intelligence, focusing on identifying and analyzing malicious malware through extensive data mining.

3. Evolution from TAG to Chronicle and the Birth of Stairwell

Mike explains the transition from TAG to Chronicle in 2015, leveraging Google's log processing capabilities to enhance security infrastructure. Chronicle aimed to expose Google's "magic sauce" of scalable log infrastructure to the broader security community.

However, Mike identified a gap between data mining for malware and scalable log analysis. This realization led to the creation of Stairwell, a venture-backed startup that bridges the divide between threat intelligence data and log-based security operations.

Notable Quote:

[04:30] Mike Wiachek: "Stairwell... combines both of those things. Instead of focusing on logs, it's what files are more important... what's on the endpoints that we're supposed to be protecting."

4. Security as a Data Search Problem

At the core of the discussion is the paradigm shift of viewing security through the lens of data search. Mike elaborates on how traditional security approaches focus narrowly on predefined threats or log data, akin to searching only where the lamp light shines—not necessarily where the keys (issues) are.

Notable Quote:

[05:51] Tom Uren: "It's like this searching under the lamp for your keys... because that's where the light is, rather than that's actually where your keys are."

Mike emphasizes the importance of harnessing all available data sources to uncover threats that might otherwise remain hidden. This comprehensive data acquisition and analysis approach allows organizations to detect and respond to threats more effectively.

5. Stairwell’s Comprehensive Data Search Approach

Mike outlines Stairwell's methodology, drawing parallels to how search engines operate. The process encompasses:

Data Acquisition: Collecting executable and similar files from various endpoints.
Data Preservation: Storing files and their features to maintain a comprehensive dataset.
Data Analysis: Continuously reanalyzing data in light of new information.
Driving Value: Providing actionable alerts and making data searchable for threat detection.

Notable Quote:

[07:15] Mike Wiachek: "When you think about a search engine works on the Internet, you have to crawl the web... Durable is no different. Right, except we're doing the whole stack ourselves."

Stairwell’s platform, Durable, integrates these stages into a unified system, enabling organizations to perform deep searches for malicious files across their entire infrastructure rather than being limited to superficial log searches.

6. Innovations in AI-Driven Security Analysis

A significant highlight of the episode is Mike's discussion on integrating AI into Stairwell’s security solutions. He introduces the feature called "Sterile Intelligent Analysis," which leverages large language models to perform tier-one triage of files rapidly.

Notable Quote:

[10:05] Mike Wiachek: "We can take all that data from the file... and adding this into a giant prompt, if you will, for a large language model and asking it to help perform tier one triage."

This AI-driven approach translates vast amounts of file data into concise summaries, malicious likelihood indicators, and confidence assessments, accompanied by technical justifications. This not only accelerates the threat analysis process but also makes it accessible to organizations lacking extensive reverse engineering resources.

Notable Quote:

[11:15] Mike Wiachek: "You are actually given like the high-level impact assessment along with the technical justification."

The tool provides actionable insights, such as detailing how a file manipulates process memory or injects into critical system processes, thereby enhancing the organization's ability to respond to threats swiftly and accurately.

7. Future-Proofing Security with Data Retention

Mike shares an anecdote about a CISO who recognized the value of Stairwell’s data preservation strategy in future-proofing her organization’s AI initiatives.

Notable Quote:

[09:41] Mike Wiachek: "I was describing this approach and there was a CISO... you need to have a copy of all the files and you can go over and you can extract those features and data from it."

This strategy ensures that organizations retain comprehensive data, allowing them to adapt and integrate emerging AI technologies without being constrained by past limitations. Mike likens this approach to sound financial advice: "The day to start saving for retirement is yesterday, and the second best is today."

8. Demonstration of AI Capabilities

Towards the end of the episode, Mike demonstrates Stairwell’s AI-powered analysis tool. He showcases how a file is processed through feature extraction and AI analysis within seconds, producing a high-level summary and a detailed technical explanation for the assessment.

Notable Quote:

[12:00] Mike Wiachek: "It's like, we can take all that data from the file... and then sent for AI analysis where you're presented with a tldr."

This demonstration highlights the efficiency and depth of Stairwell’s solution, making advanced threat analysis accessible and actionable for organizations of all sizes.

9. Conclusion

Tom Uren wraps up the discussion by acknowledging the transformative potential of viewing security as a data search problem. He commends Mike for his insightful exploration of both the historical and future landscapes of cybersecurity.

Notable Quote:

[12:43] Tom Uren: "Well, Mike, thanks a lot for a very interesting discussion about both, I guess, the past and the future of security as a data problem."

Mike expresses his gratitude, reinforcing the collaborative spirit of advancing cybersecurity through innovative data-centric approaches.

Key Takeaways:

Data-Centric Security: Shifting the focus from traditional log analysis to comprehensive data search enhances threat detection and response.
AI Integration: Leveraging AI for automated, intelligent analysis can significantly reduce the burden on security teams and improve accuracy.
Future-Proofing: Maintaining extensive data archives ensures organizations remain adaptable to evolving cybersecurity challenges and technologies.
Innovation through Persistence: Mike Wiachek’s journey exemplifies the impact of perseverance and continuous innovation in the cybersecurity landscape.

For more insights and updates on cybersecurity, visit Stairwell's website.

Summary

Risky Bulletin: Sponsored Episode – "Why Security is a Data Search Problem"

Host: Tom Uren
Guest: Mike Wiachek, CEO and Founder of Stairwell
Release Date: May 4, 2025

1. Introduction to Mike Wiachek and His Journey

Notable Quote:

[00:55] Mike Wiachek: "I enrolled in 2004 I think, and two months in I sent my resume again to Google and this time they said we want to meet you."

2. The Impact of Operation Aurora and the Formation of the Threat Analysis Group

Inspired by advice from a Navy SEAL during his tenure at the Department of Defense, Mike adopted a focused mindset to tackle challenges:

Notable Quote:

[02:20] Mike Wiachek: "It's just trying to think about what that situation was... I don't care what's happening... what do I have? What do I need to do? How do I do it?"

3. Evolution from TAG to Chronicle and the Birth of Stairwell

Notable Quote:

[04:30] Mike Wiachek: "Stairwell... combines both of those things. Instead of focusing on logs, it's what files are more important... what's on the endpoints that we're supposed to be protecting."

4. Security as a Data Search Problem

Notable Quote:

[05:51] Tom Uren: "It's like this searching under the lamp for your keys... because that's where the light is, rather than that's actually where your keys are."

5. Stairwell’s Comprehensive Data Search Approach

Mike outlines Stairwell's methodology, drawing parallels to how search engines operate. The process encompasses:

Data Acquisition: Collecting executable and similar files from various endpoints.
Data Preservation: Storing files and their features to maintain a comprehensive dataset.
Data Analysis: Continuously reanalyzing data in light of new information.
Driving Value: Providing actionable alerts and making data searchable for threat detection.

Notable Quote:

[07:15] Mike Wiachek: "When you think about a search engine works on the Internet, you have to crawl the web... Durable is no different. Right, except we're doing the whole stack ourselves."

6. Innovations in AI-Driven Security Analysis

Notable Quote:

[10:05] Mike Wiachek: "We can take all that data from the file... and adding this into a giant prompt, if you will, for a large language model and asking it to help perform tier one triage."

Notable Quote:

[11:15] Mike Wiachek: "You are actually given like the high-level impact assessment along with the technical justification."

7. Future-Proofing Security with Data Retention

Mike shares an anecdote about a CISO who recognized the value of Stairwell’s data preservation strategy in future-proofing her organization’s AI initiatives.

Notable Quote:

[09:41] Mike Wiachek: "I was describing this approach and there was a CISO... you need to have a copy of all the files and you can go over and you can extract those features and data from it."

8. Demonstration of AI Capabilities

Notable Quote:

[12:00] Mike Wiachek: "It's like, we can take all that data from the file... and then sent for AI analysis where you're presented with a tldr."

This demonstration highlights the efficiency and depth of Stairwell’s solution, making advanced threat analysis accessible and actionable for organizations of all sizes.

9. Conclusion

Notable Quote:

[12:43] Tom Uren: "Well, Mike, thanks a lot for a very interesting discussion about both, I guess, the past and the future of security as a data problem."

Mike expresses his gratitude, reinforcing the collaborative spirit of advancing cybersecurity through innovative data-centric approaches.

Key Takeaways:

Data-Centric Security: Shifting the focus from traditional log analysis to comprehensive data search enhances threat detection and response.
AI Integration: Leveraging AI for automated, intelligent analysis can significantly reduce the burden on security teams and improve accuracy.
Future-Proofing: Maintaining extensive data archives ensures organizations remain adaptable to evolving cybersecurity challenges and technologies.
Innovation through Persistence: Mike Wiachek’s journey exemplifies the impact of perseverance and continuous innovation in the cybersecurity landscape.

For more insights and updates on cybersecurity, visit Stairwell's website.