Inside UpSight: Tackling Cyber Threats with Next-Gen Technology

May 2024

Deepthi Madhava 

We recently spoke with Tracy Camp, CEO of OVF portfolio company UpSight Security, about their cutting-edge anti-ransomware solution. UpSight employs AI to predict, intercept, and eliminate ransomware threats. From phishing attempts to credential theft, their technology offers comprehensive protection. 

In February 2024, the Blackcat ransomware attack caused significant disruptions across U.S. pharmacies and healthcare systems, demonstrating the acute dangers such attacks pose to patient safety. UpSight’s solution could have prevented this, highlighting its potential in safeguarding critical healthcare infrastructure. 

At the 2024 RSA conference, UpSight showcased a successful demonstration of its ability to evict Blackcat ransomware. Here is an excerpt from our interview with Tracy:

Q: Tracy, having just returned from showcasing Upsight at the 2024 RSA conference, can you share any interesting insights? 

A: RSA conference reinforced our optimism about UpSight's differentiated product. We observed a significant demand for advanced anti-ransomware solutions that surpass what is currently available in Endpoint Protection (EPP) tools like Crowdstrike. Traditional EPP technologies such as EDR, XDR, and NDR tend to offer only lagging indicators of ransomware attacks. This is similar to a smoke alarm that sounds after the fire has already spread. In contrast, UpSight's predictive model identifies threats at their inception, providing an early warning and at a much lower cost than existing tools like Crowdstrike. 

Q: Are there other competitors close to what UpSight offers? How does UpSight differentiate itself or excel compared to those competitors? 

A: UpSight offers superior capabilities in early detection and interdiction of attacks. Ransomware typically begins with initial access, often stemming from a phishing campaign. Credential stealers like Redline, Raccoon, Rusty, Lummastealer, and Agent Tesla are common initiators. These tools facilitate the transfer of access to ransomware operators who then deploy payloads through platforms like Blackbasta, Blackcat, Lockbit, Bianlian, and Conti. UpSight excels in neutralizing these credential stealers with remarkable accuracy, significantly enhancing the power of our tool. Moreover, UpSight can effectively thwart attacks from their inception to the deployment of ransomware payloads, offering full-spectrum defense. In contrast, products like Halcyon, which serve primarily as a last line of defense, often intervene too late to prevent damage effectively. 

Q: We're familiar with Large Language Models (LLMs), but Upsight utilizes Small Language Models (SLMs). Can you explain more about these SLMs and the decision to use them? 

A: UpSight's innovative approach involves the use of an SLM tailored to our specific needs. Unlike typical endpoint protection tools that view security as a big data problem—aggregating massive amounts of data and employing LLMs to decipher it—our SLM operates on a much smaller scale. It utilizes a limited vocabulary of a few thousand words, which enables it to operate with stunning speed. This simplicity allows the model to execute with virtually no CPU impact, providing real-time prediction, interdiction, and eviction of threats. By focusing on a compact, precise dataset, our SLM can identify and counteract threats more efficiently and with fewer resources than traditional LLM-based systems. 

Q: Selling security software can be challenging since it's difficult to demonstrate success. What lessons have you learned from your experience in speaking with potential customers? 

A: Selling security solutions indeed poses unique challenges, primarily due to the difficulty in showcasing immediate benefits. However, UpSight has developed strategies to address this by making the impacts of our product tangible and understandable. We offer our software with deployment-ready features and early versions of executive dashboards that clearly illustrate the value we provide. We offer operational level reporting that provides a breakdown of the attack sequence, offering clients a clear view of the sequence of events leading up to an attack. We also offer deeper research level reporting where we present a more detailed graphical view of attack events, allowing clients to visualize the intricacies of security incidents. 

Q: Can you describe the current stage of your product? Is it ready for deployment? 

A: Absolutely, our product has undergone rigorous quality testing and has proven its efficacy in stopping ransomware attacks. We are currently at a stage where we are eager to collaborate with design partners. By deploying our product at no cost to these partners, our goal is to refine and enhance its integration within their existing security tech stacks. 

We are focused on critical questions such as, 'Have we built the right tool for you?' and 'What other tools should it integrate with?' Our aim is to identify any points of friction and collaborate closely with our design partners to evolve our tool. This process will involve a few hours each week where partners provide feedback to our team, ultimately making it simpler and more effective for future customers to adopt our solution. 

Q: Is there a product demo available on your website, and how should interested companies contact you? 

A: Yes, we have a fully functional product demo readily accessible on our website. If you are an IT security leader or CISO of an organization with over 1000 employees and are looking for a cost-effective yet powerful ransomware protection tool, please feel free to reach out directly to me at campt@upsightsecurity.com or on linkedin. For technical experts within your team who are keen to explore the tool further, they can download a demo directly from our website here. This allows them to test and evaluate our product firsthand.