We are excited to announce our investment in Dropzone AI, a new platform for deploying AI-assisted “reinforcements'' for cybersecurity operations. Professional hackers have the upper hand when targeting an organization, often using automated attacks to create an overwhelming number of security alerts. The vast majority of these events must be manually investigated, putting cybersecurity analysts at a disadvantage in what feels like an asymmetric war. Dropzone enables defenders to automate their front line of defense, leveraging the power of LLMs to autonomously investigate security alerts, create real-time context, and empower human analysts to respond to only the highest impact events.
Dropzone was founded by Edward Wu, former head of detection engineering at ExtraHop Networks. We talked to Edward about his vision for delivering AI-assisted reinforcements in our founder Q&A:
I grew up in Shanghai and was very fortunate to get access to a computer while in kindergarten - I taught myself programming and grew up playing (and hacking) video games on my PC. My parents were incredibly dedicated to education and brought me to the US to try to enroll me in a top university. It was hard for them to find a career here in the US and they clearly made a lot of sacrifices so that I could have a chance to focus on my passion. We moved to California when I was 14 and I immediately started taking college-level advanced computer science courses while in high school. I ultimately went to UC Berkeley and the University of Washington where I studied under some of the best professors and researchers in the field of cybersecurity.
In cybersecurity research, we frequently cite the “Defender’s Dilemma” - an attacker only needs to succeed 1 out of 100 times, and a defender needs to catch and stop every type of attack. This is what creates the asymmetry in battle and while at UC Berkeley we asked ourselves if it was possible to turn the tables around on attackers. At the time we studied the Zeus Botnet, a very large network of ~3 million compromised machines that used widely known exploits to steal banking information and re-route payments from legitimate companies to criminal accounts. It was near impossible for any one organization to detect when they were compromised, but our team was one of the first to turn the tables and discover 0day exploits in the Botnet itself. At one point we realized we could shut the entire Botnet down across the internet - this felt like we had created a superpower and were changing the game for defenders. Attackers seemingly will always have the upper hand unless you have your own force multipliers that enable your defense.
When you talk to cybersecurity defenders, it often feels like they are fighting an unfair fight without enough resources or hours in the day. They show up to work and must attempt to defend an ever-growing digital estate that is incredibly complex. Security products such as endpoint protection, firewalls, vulnerability scanners, and cloud security tools create thousands of alerts every day, and it is nearly impossible for security teams to investigate every possible incident. Most teams are only able to fully research about 10 percent of their alert backlog - and many know they are leaving open the possibility of a security breach but must focus their limited time on a small number of high-priority incidents. I believe we are at an inflection point in the cybersecurity war - attackers have been automating their methods for years and we’ve run out of trained cybersecurity specialists on the front lines. Dropzone is designed to be the platform that gives defenders the ability to scale up their defensive forces with pre-trained agents harnessing the power of LLMs, freeing security teams from relying on manually curated playbooks for every incident.
I have spent a large part of my career using machine learning and AI to create new detection methods, which ultimately create more alerts for cybersecurity professionals. Anomaly detection and classification is now everywhere and having seen the scope of the challenge at some of the largest companies, I believe that creating yet another detection and response product won’t move the needle unless we can help security teams analyze each event. We don’t need another mouse trap - there are already too many. We need to augment the research capabilities of the experts and this is where LLMs and Generative AI play a meaningful role. LLMs are powerful reasoning engines that when engineered with proper guardrails, explainability, and data lineage can automate a lot of the work done by human analysts with great precision. I think this is one of the more powerful applications of LLMs - we can help take away a lot of the work that is seen as important but routine and enable security practitioners to focus their time responding to the incidents that matter.
Dropzone is the first platform for deploying pre-trained reinforcements to the front lines of your cybersecurity team. We are launching our first LLM-powered agent which automates the research and investigation of common alerts in SOCs. You can try this for free today by sending any suspicious phishing email to firstname.lastname@example.org and our expert AI agents will analyze the metadata and context of the email, research the URLs, associated IPs, and file attachments for malicious intent against widely used public data, check the context of the e-mail against known phishing patterns, and summarize the findings into a simple to read report that can be understood by both end users and cybersecurity experts. We will be expanding soon to support additional types of investigations for endpoint detection and response alerts (EDR), vulnerability scans, network security / IPS events, and cloud security alerts. The Dropzone platform was designed to meet the needs of organizations large and small - our reinforcements are available on-demand and are ready to be deployed in your environment today.