HackerTrans
TopNewTrendsCommentsPastAskShowJobs

Bisen

no profile record

Submissions

Launch HN: Overwatch (YC S22): OSINT platform for cyber and fraud risk

164 points·by Bisen·2 ปีที่แล้ว·89 comments

comments

Bisen
·2 ปีที่แล้ว·discuss
Our whole aim is to make you happy by downranking those false positives while remaining explainable. We blogged about the explainability part in case you're interested: https://www.overwatchdata.ai/blog/the-imperative-of-explaina...
Bisen
·2 ปีที่แล้ว·discuss
I'd love to take you up on that offer. Hn doesn't reveal emails but we have one listed here that directs straight to me, in case you're able to drop us a line: https://www.overwatchdata.ai/request-a-demo Looking forward to learning from your experience!
Bisen
·2 ปีที่แล้ว·discuss
Ha! Damn, missed a trick there.
Bisen
·2 ปีที่แล้ว·discuss
Great points - can say this is all 'coming soon'! One note, because this profile isn't personalized to a particular user's products, tech stack, and 3rd party/ supply chain, it's especially chaotic. For a more tailored profile, the social, news, and dark web posts all cluster around a specific events since there are far fewer critical events of interest to a specific user. No excuses, just sharing for background. Interesting point on the hedge fund use case, haven't been able to find a good user/ persona to interview about that and would love any suggestions if you have any. Thanks again for checking us out.
Bisen
·2 ปีที่แล้ว·discuss
Thanks for the advice. Maybe a loom video would have been better with a walk through of a single use case. Taking it on notice for next time!
Bisen
·2 ปีที่แล้ว·discuss
EDR's are a great way to help secure endpoints but high fidelity threat intel which is tailored to your environment and org's needs can help increase awareness and shine light on potential security blindspots. This is especially critical when the threats are ever evolving and time to exploit is decreasing year over year. Qualys in a 2023 report stated that "25 percent of these security vulnerabilities were immediately targeted for exploitation, with the exploit being published on the same day as the vulnerability itself was publicly disclosed. They offer some outside the perimeter threats but by reputation, it’s a weakness and narrowly targeted to your organizations credentials and vulns, and orgs usually still need a threat intel provider. For example, one of our users who already uses an EDR, may not know about a 3rd party that’s been ransomed by a threat actor e.g. APT 73. An alert from Overwatch saying a 3rd party has been compromised will also include information about recent IOCs e.g. hashes and file extensions attributed to that threat actor so that the user can add them to virus total and scan internally to make sure they haven’t been compromised. This is an example of how EDRs and threat intel can work in concert.
Bisen
·2 ปีที่แล้ว·discuss
Thanks for clarifying - honestly, we're a tiny startup so not really here to play PR games, just didn't fully understand the question. Users can 100% review all the results even if they aren't ranked as 'high priority'. You can even free form search our repositories with boolean strings like you would any other OSINT tool, but with the added benefit of an AI agent to help triage, if you so wish.
Bisen
·2 ปีที่แล้ว·discuss
RF contracts are heavily services based and cost up to 7 figures for tailored intel across a number - we delivers a similarly personalized experience but for a fraction of the price. AI agents can also do a range of additional and customizable tasks e.g. bringing together relevant context about a threat actor, tracking fraud methods, compromised checks and cards, narrative analysis, geopolitical disruptions etc. They can also be automated to create new escalations and actions through integrations. It's like having RF data as well as digital analysts to do a lot of the leg work for you.
Bisen
·2 ปีที่แล้ว·discuss
That makes sense, we're going through our annual renewal now. It's a great experience to harden and test systems.
Bisen
·2 ปีที่แล้ว·discuss
Our current users are CISO's security ops team, threat intel team, blue team, fraud strategy or fraud intel team. Hope that helps!
Bisen
·2 ปีที่แล้ว·discuss
We totally hear you and that’s why we don’t really charge by keyword but instead look at how many agents we need to deploy/ use cases we build towards. A 1000+ assets is the norm for our users. Would you be interested in connecting on a call to better understand the use cases and tell you more about how it works?
Bisen
·2 ปีที่แล้ว·discuss
That's definitely the vibe of the example we're presenting. But for specific customers, the agent can cluster and bring additional relevant context to each of the 'events', and even recommend actions / automate certain actions e.g. if you detect a compromised account, send it team X.
Bisen
·2 ปีที่แล้ว·discuss
The discover is another important value add - AI Agents can monitor beyond human scale across more data sets to do the initial triaging for you.
Bisen
·2 ปีที่แล้ว·discuss
Some of our customers said they spend around 3hrs a day on navigating new vulnerabilities alone. Step 1: wading through info from some easy and some hard to access sources; Step 2: trying to bring together all the most relevant information. E.g. just detecting your payroll provider got ransomed is just one step, then you have to research the group, any indicators that you might also be infected etc. then step 3: what do I do next? e.g. adding relevant hashes to virus total.

We not just help with relevant detection, but also automate some of the next two steps as well. Bringing the total weekly time saved down to a few minutes a day.
Bisen
·2 ปีที่แล้ว·discuss
In 3 important ways besides price:

-Personalization: The platform can be fully customized to your interests, e.g. 3rd party vendors, tech stack, products, peers or industry. It’s like having your personalized threat intel org that cuts through the noise. Each of the alerts are ranked and tailored to your interests.

-Customization: The platform can be used for a range of use cases, with agents undertaking tasks ranging from finding and extracting check, loan, and credit card fraud, risky narratives about your brand, through to breaches or emerging ransomware groups targeting your tech stack or vendors. Those agents can even identify breaking events that could be near your assets.

-So what and now what: Each report provides finished intel, whether finding or extracting relevant indicators of compromise, background on the threat actor and victim, compromised credentials, or compromised credit cards and checks. We're training our agents to be even more specific with answers e.g. "what IOCs relate to malware groups most active in the airline industry". We can even automate workflows through integrations or creating cases/escalations for specific teams.
Bisen
·2 ปีที่แล้ว·discuss
In 3 important ways besides price: -Personalization: The platform can be fully customized to your interests, e.g. 3rd party vendors, tech stack, products, peers or industry. It’s like having your personalized threat intel org that cuts through the noise. Each of the alerts are ranked and tailored to your interests. -Customization: The platform can be used for a range of use cases, with agents undertaking tasks ranging from finding and extracting check, loan, and credit card fraud, risky narratives about your brand, through to breaches or emerging ransomware groups targeting your tech stack or vendors. Those agents can even identify breaking events that could be near your assets. -So what and now what: Each report provides finished intel, whether finding or extracting relevant indicators of compromise, background on the threat actor and victim, compromised credentials, or compromised credit cards and checks. We can even automate workflows through integrations or creating cases/escalations for specific teams.
Bisen
·2 ปีที่แล้ว·discuss
I can jump in on the data source question - we can track specific accounts and keywords on Twitter, we aren't paying for the full firehose yet. We also track those original ransomware and dark web sites and blogs being referenced and just figuring out how best to cluster them all into the same event. Thanks for checking it out!
Bisen
·2 ปีที่แล้ว·discuss
Haha! It's also an SEO nightmare. The term Overwatch is a force protection tactic, where you have one team providing extra assistance and cover to the main operation. If only we had played the game first before naming ourselves!
Bisen
·2 ปีที่แล้ว·discuss
Thank you! It definitely didn't feel quick. We had a 3 month audit window and we used Vanta.