CyCognito is a company that has developed a botnet and discovery engine using graph data modeling to map and classify the assets across your attack surface. Pulse 2.0 interviewed CyCognito CEO Rob Gurzeev to gain a deeper understanding of the company.
Rob Gurzeev’s Background
What is Rob Gurzeev’s background? Gurzeev said:
“I got my start in cybersecurity as part of the Israeli Intelligence Corps 8200 Unit. I can’t get into details, but my job involved automating the collection of intelligence about criminal and terrorist groups. That’s where the seed for CyCognito started: How could you start with nothing but a name and learn all about an organization? I did a brief stint in offensive security. After that company was sold, I decided to start CyCognito with my partner Dima Potekhin.”
Formation Of The Company
How did the idea for the company come together? Gurzeev shared:
“As I mentioned, the seed of the idea came when I was trying to automate the process of intelligence collection. Dima and I realized that commercial organizations had a similar issue – trying to build a complete picture of their structure and the assets they owned. It wasn’t too much of a leap from connecting a mobile phone to a criminal to connecting a laptop to a corporation. If we could do it for the bad guys trying to hide, we could certainly do it for the good guys in IT who were just overwhelmed trying to figure out what they owned.
One guiding principle I learned was the ‘path of least resistance:’ you don’t have to break through every defensive layer; you just need to find one strategic route to reach your target. This approach is crucial in cybersecurity, yet the industry often piles on new defenses without fully accounting for external attackers constantly probing for weaknesses.”
Favorite Memory
What has been your favorite memory working for the company so far? Gurzeev reflected:
“I have lots of great memories – sitting on Dima’s apartment balcony through the night until sunrise in the first few months, first paying customer, first funding check, the amazing people we have hired. But a fun memory, which has happened a few times, is sitting with a CIO who was telling us how bad our results were because we’d attributed a server to his company that belonged to another company entirely. We had to explain to him that the server belonged to a joint venture his company had established. It wasn’t that we were right, but it validated that people really needed help with this big problem.”
Core Products
What are the company’s core products and features? Gurzeev explained:
“Our market is called attack surface management (ASM). Given just your company name, we’ll build the structure of your organization, with all of its subsidiaries and joint ventures. Then we will discover all of the assets – devices, servers, IP addresses, and more – test them all and tell you which ones you need to worry about.”
“The scale of the problem is enormous. Most large companies have tens of thousands of assets. Some of these, like cloud instances, come and go. Keeping track of them, testing them daily, and understanding which are attractive to the bad guys is what we do. You can think of what we do as acting like attackers, before the attackers get there, so you can fix things before they are a problem.”
Challenges Faced
What challenges has Gurzeev and the team faced in building the company? Gurzeev acknowledged:
“A few years ago, a number of larger cybersecurity companies acquired some of our smaller competitors. These bigger brands had established customer bases, bigger sales teams, and bigger marketing budgets.”
“We had to stick to our guns and challenge these technologies head to head. Our product design, from the beginning, has always been superior. We were using the right architecture, data model, and advanced AI techniques from the start. Over time, many sophisticated cybersecurity teams have told us that our technology is superior. So, having a better product and the faith to keep moving ahead.”
Evolution Of The Company’s Technology
How has the company’s technology evolved since its launch? Gurzeev noted:
“The scale of what we do and the speed at which we do have improved massively. We maintain a 60,000 node security testing network and are testing things every minute of every day. Some of our larger customers have over millions of assets to keep track of. I think that’s the most impressive thing.”
Significant Milestones
What have been some of the company’s most significant milestones? Gurzeev cited:
“There have been so many. I think it’s really the type of organizations that trust us to do this job for them. Some of the largest telcos in the world. Some of the largest oil producers in the world. Many Fortune 100 companies.”
Customer Success Stories
When asking Gurzeev about customer success stories, he highlighted:
“We onboarded one of the biggest banks a few years ago, and they have already heavily invested in threat intelligence and other capabilities to maximize their remediation process. It was really exciting to see us help them reduce their mean time to remediation from two weeks to just three days over the course of two years, and how effective our technology was for them, compared with the millions of dollars previously spent on other approaches that didn’t get them to that desired point.”
Total Addressable Market
What total addressable market (TAM) size is the company pursuing? Gurzeev assessed:
“Definitely over $3 billion dollars when you think about the new exposure management space. It’s a new market, which some analyst firms estimate is growing at rapid 28% every year. Interestingly, it’s replacing older vulnerability scanning, manual pentesting, and security ratings technologies. Each of those is over $2 billion.”
Differentiation From The Competition
What differentiates the company from its competition? Gurzeev affirmed:
“Our competition still rely on the legacy approach to reconnaissance, which assumes you already know most of your attack surface, and you just need to discover some “adjancent” things. They rely on lists of seed data and manual analyst work. This leads to incomplete asset discovery that gets stale over time – humans can’t keep up with the changing attack surface. Since competitors rely on input and existing knowledge, they can’t map the organization’s business structure or attribute discovered assets to their organizational owners, missing critical context that we catch during our automated processes.”
Future Company Goals
What are some of the company’s future goals? Gurzeev concluded:
“We’d like to become a major cybersecurity player. Our mission and what we do is so important. Organizations have spent years investing in defensive technologies. It’s time they started acting like the attacker to get a real picture of how secure they really are instead of sitting back and waiting for something bad to happen.”