How war shifted the plans of one Ukrainian Cybersecurity Entrepreneur. The cybersecurity business SOC Prime was founded in 2015 by IT entrepreneur Andrey Bezverkhi and 2 of his Ukrainian colleagues, as well as they made sure to have a disaster plan in place.
What we couldn’t have anticipated, he said, “was that we would have to put this into action in the middle of a full-scale invasion.”
Despite having its headquarters in Boston, the majority of the company’s team—more than 80 individuals—worked from Ukraine up to Russia’s invasion earlier this year. Since then, several staff members have relocated to a recently established office in Spain, while some, like Bezvercchi, have been left behind.
The business compensates researchers for developing threat-detection algorithms and positions itself as the Spotify of the cybersecurity industry by drawing comparisons to how the Swedish company pays royalties to musicians. 600 independent researchers are involved internationally.
Bezverkhi stayed for personal, political, and in some cases circumstantial reasons. He postponed a scheduled board meeting in Silicon Valley just before the conflict due to his Omicron illness. On February 24, the day Russia started its attack by hitting two air bases in Kiev, he had a trip to the US booked for midday.
Bezverkhi and his wife decided to go to a hamlet in western Ukraine near the Polish border instead of to America. He told The Record, “We have high-speed internet here; I need to work on cyber defence.
The choice to relocate SOC Prime’s company from the war-torn nation to the United States did not go over well with its investors. Bezwerkhi rejected his demand to support international development, notably in the US.
He declared, “Everything is great; we are protecting ourselves, and we can carry on with business as usual.
Martial law, which was established in February and prevents Ukrainian men between the ages of 18 and 60 from leaving the country without a good reason, meant that Bezverkhi could no longer leave the nation, even if he wanted to.
Working while a crisis is ongoing
Returning to work was challenging given the widespread air raid warnings and rocket attacks that were occurring. As Kyiv was the major Russian objective at the beginning of the conflict, several of Bezverkhi’s supporters were forced to flee the city.
Bezverkhi believed that one of his investors, the Israeli investment firm J-Ventures, may have knowledge in conducting business during a conflict. But it was useless, he claimed, since what was happening in Ukraine was unprecedented.
Bezverkhi established hubs, which are distributed groups of 5–10 individuals, to adapt to the new reality. Because the CEO and the leaders of the hub made choices as well, the job became less centralised.
The modification enabled the teams adapt as those in need of homes or food dispersed around the nation.
Viktor Zora, Ukraine’s senior cyber security officer, and Andrei Bezverkhi. Facebook photo by Victor Zora
Bezverkhi further said that SOC Prime will grant Ukrainian businesses and government organisations free access to the platform in an effort to aid Ukraine in winning the cyber war.
“We operate for the state in Ukraine, but we continue to grow commercial business in other nations,” he stated.
SOC Prime had few clients in Ukraine before to the war because, according to Bezverkhi, the country’s market for cyber protection is still rather limited. The majority of the company’s remaining clients are in the UK and other countries in the European Union. The US accounts for around 40% of the firm’s income, which comes from businesses including banks, telecommunications corporations, and government agencies.
The company made teaching businesses how to utilise the Sigma language, which enables cybersecurity experts to define cyber dangers in a standardised way, its top priority when it started providing its services to Ukrainian firms without charge.
Sigma is described to as “the common language for cybersecurity” by its supporters. It was created in 2017 by SoC Prime advisors Florian Roth as well as Thomas Patzke, both specialists in cyber security. Sigma’s compatibility with several Endpoint Detection and Response (EDR) as well as Security Information and Event Management (SIEM) systems that examine security alerts, is one of its key advantages.
Instead than being specific to a single SIEM or EDR, cyber security analysts may communicate identification rules with one another using the Sigma language in a common manner.
The basis of Prime’s detection-as-code platform is the Sigma SoC, which dictates how researchers must build their algorithms. Sharing a language on a platform with specialists from all around the globe is consistent with the idea of the world of obscenity, where cyber security experts collaborate internationally to combat threats.
He stated, “There are still more hazards than computers can identify. Our platform has over 8,000 sigma criteria, yet more than 10,000 security flaws are found annually.
A “Spotify” for Cyber Security
Osman Demir, a 25-year-old Turkish cybersecurity expert, was one of SOC Prime’s top contributors and among the highest paid in June. SoC Prime pays its independent researchers $1,500 on average per month. The best researchers that create well-liked code get the most, typically $5,000 or more each month.
Demir has created 559 Sigma rules since November 2019 that address hacker strategies include defensive theft detection, credential access, lateral movement, and exfiltration.
Zero-day exploits are the most difficult to find, according to Demir. In these assaults, hackers take advantage of a flaw before engineers can patch it. Threat hunters, according to him, could only develop predictive detection techniques for such assaults.
Working with outside researchers helped the business to expand much more quickly than it would have if the algorithms had been built inside. Bezverkhi stated, “When we first started creating the code ourselves, we developed roughly 100 rules a year. We currently have 8,000 regulations, but by the end of the year, that number might rise to 14,000 rules.
One person who enjoys the threat reward scheme is Demir. He claimed that doing so enables them to earn money from their work and supports their “researcher persona.” Additionally, he stated in an interview published on the business’ website that “it’s a pleasure to know that your regulations help firms with their cyber security operations.”
The majority of SOC Prime’s researchers are from countries including Germany, France, Israel, Turkey, Indonesia, and Singapore. Their resumes are verified by SoC Prime Admins, according to Threat Bounty Developer Program Manager Alla Yurchenko, who make sure they have demonstrated security knowledge. Each researcher has their own internal evaluations that are based on how well and how widely their work is received.
Having an international squad has benefits, according to Bezverkhi. In order to better comprehend and recognise cyber dangers, he stated, “each individual offers their own local experience in cyber security.”
Bezveri frequently collaborates with foreign groups and clients from his office in Ukraine. Numerous local technocrats are following suit. They often contract with IT behemoths like Samsung, Google, Oracle, and Viber, which launched R&D centres in Ukraine drawn by affordable costs and lenient regulations.
Bejwerkhi is happy he stayed in his country and is able to fight on the digital battlefield, despite the fact that dealing with international investors and clients got more difficult during the conflict. He told The Record, “There wasn’t a day that I regretted being in Ukraine.
- What is Cybersecurity Threats?
- What is Cybersecurity? Everything You Need to Know
- New Cyberpunk 2077 Technical Update Fixes Disc Issue on PS4
From Ukraine, Daryna Antoniuk works as a free-lance reporter for The Record. She writes on cyberwarfare between Russia and Ukraine, cyberattacks in Eastern Europe, and cybersecurity businesses. She has previously worked for Forbes Ukraine as a technical correspondent. Additionally, Sifted, The Kyiv Independent, and The Kyiv Post have all featured his writing.