Greycortex is like a doctor, preventing clients from catching a cyber-disease

What a person encrypts, a person can also decrypt. This was true a couple of years ago. Nowadays, cyber-criminals use advanced technologies and their attacks are much more sophisticated and targeted, and consequences are much worse. “Not only the good guys (i.e. cyber protection companies) but also the bad guys are evolving. Attacks are aimed at weak points and human errors,“ says Petr Chaloupka, CEO of Greycortex, a company that focuses on IT and industrial network security. The story of this company that succeeded among the fastest growing tech companies began long before its foundation. It is a story about passion, vision, skills and a ton of humour. And, in a way, it is connected to the beginning of computerisation in Czechoslovakia.

Maybe you too still have a vivid memory of this history chapter and maybe you remember 8-bit computers – or maybe you don’t. Luckily, there is Petr Chaloupka, the founder and CEO of Greycortex, and his memories of a contest from the ’90s, a text game passed around on cassettes and floppy disks that were created very long ago for 8-bit computers. Cassettes and floppy disks were… well, just google it, kids! “This game was protected by a password that was announced on a certain day in the newspaper, on the radio and on TV to give everyone the same fair start.  However, my friend and I didn´t feel like waiting and so, after several hours of reverse engineering, we identified the password and came to the conclusion that what a person encrypts, a person can also decrypt. And that is maybe where my lifelong passion for cybersecurity started and this seemingly innocent story signalled my future professional career“.

A story of a company standing on the front line in the battle against hacker attacks

The first chapter of the Greycortex story began around 2005. “I was working on an antivirus for Linux, which was a completely insignificant platform for cybercriminals back then and for which there was no malware. There were only a few lab experiments for proving that there could be one. My colleague Michal Drozd used to hack banking systems using social engineering and customised malware“, reminisces Petr Chaloupka about the beginnings with a smile. The group includes another Petr – Petr Chmelař. “Back then, he was working on machine learning principles that would be capable of finding video signal anomalies. A strong technology for which there may have been another use. What about transferring it from the video world into a computer network“? asks Petr Chaloupka rhetorically with a good portion of irony.

However, you are probably more curious about the ending of the first plotline, about Michal Drozd and his bank story. There was no shocker – Michal Drozd stood on the right side and banks paid him to do what he did. We would say today that he was an ethical hacker. “However, if he had decided to become a cybercriminal, he would be very rich by now,“ adds Petr Chaloupka.

But let’s be more serious now. Fast forward fifteen years later. Petr Chaloupka sums up that Linux is a common and widespread platform, interesting enough for cybercriminals to attack. Greycortex is now a well-established company focusing on the development of security products for network protection, machine learning and AI research, and the second fastest growing tech company in the Rising Stars category of the Deloitte Technology Fast 50 competition.

“Were we visionaries back then? I don’t know. Maybe we were just the three right people at the right place, and if we had never met, nothing would have happened. Literally. But we did meet, a couple of good questions were asked and we started to look for answers together.“

Thorough and complete security

The second chapter of the Greycortex story was about visionary questions in the end; for example, how can someone manage to break into a bank or any other company without having to leave their home? And how come they don’t get caught? Then the right answers came and with them the first specific solution.

“Somewhere around 2014, things blended really well and when five more friends and colleagues joined us at the end of 2015, everything was ready to establish a company and start our business. It needs to be said that all founders are still with us in different roles in the company, helping it grow.“

Four years later, the company became five times as big. “Our product ‘Mendel’, which can uncover hidden threats in the network, from unknown devices to advanced attacks, has matured. After overcoming some childhood diseases and puberty, it is becoming a model for others – we helped introduce another branch of cyber security into the world! It used to be called NTA (Network Traffic Analysis) in the past; now it is called NDR (Network Detection and Response),“ says Petr Chaloupka.

Don’t worry if you are getting a little lost in all the information, you have a right to that and you deserve an explanation: NDR combines deep visibility into infrastructure with the capability to detect known and unknown attack and malware types and to react to them in real time. So, it is clearer now, isn’t it? Same as the fact that “the world is changing, technologies are changing and we are changing with them. It is important that we have done our bit and continue to give cybercriminals a hard time and ruin their filthy and immoral business,“ remarks Petr Chaloupka.

What was the worst in the beginning? “Even in our case, it holds true that all theory is grey, but the golden tree of life springs ever green, so we do everything in a completely different manner than we used to. However, the most important thing is that we learned to understand what it means not only to have a good product but also to sell it and persuade clients that they need it. You could say that we are selling insurance or that we are like Eastern medicine – we ensure that the client does not become infected and he pays us for not getting ill.“

To sum it up, Petr Chaloupka views success and failure as communicating vessels. “A functioning and growing company is a success, even though it arose from humble financial background and was basically only a dream of a few founders some 6 years ago. From the beginning, we had a vision of building a global company and so our plans now are clear – to strengthen our position in the territories in which we already operate and gradually add other locations to reach our goal. It is definitely important to find balance between this dream goal and the need to have both feet on the ground (or at least one foot).“

Cyber attacks under control – 3 questions for Petr Chaloupka

What will hackers be focusing on in the next years?
Today’s world is ruled by information and hackers know this very well. Anything important that they gain in a successful attack, i.e. non-public information about your company, your plans, information about your clients and partners or know-how of your business, is extremely valuable to them. This is one of the reasons why their tactics have changed this year and they try to gain and steal as much information as possible and only then partly cover their tracks by encrypting your data (and very often its backup too).

What are the threats that companies have to face?
Many companies already have to face double blackmail these days – they first pay attackers to send them an encryption key to encrypted data and then pay so that attackers do not publish the stolen data or resell it on the black market. Of course, sometimes they do not get to their data even if they pay protection money or their data appears on a public server or black market anyway. However, we cannot give you more details. We have to maintain confidentiality and we do not want to inform cybercriminals of what we know about them and their procedures.

What else are you up to?
One of the important tasks for the following period is working on another of our products that is headed from the world of IT network and infrastructure protection to the world of operating technology (i.e. industrial system) protection. It is not exactly the latest news as we have been working on research and development in this field for over two years but its priority has increased with the growing number of partners and clients that use these technologies. This year has proven that misuse of these technologies by cybercriminals may even lead to casualties – and that has not been taken into consideration in the past several decades at all. These operating technologies have been designed for smooth and reliable functioning, which gives the bad guys enough opportunities for its misuse. We are trying to fill this gap with our new product.

Deloitte Technology Fast 50
Technology  Law 

Modern copyright law is mainly focused on the protection and licensing of software, says the attorney at Deloitte Legal

Law and IT represent very specific and demanding disciplines, which mainly call for a thorough approach. We encounter both areas on a daily basis both in personal and working life. It is the latter that may impose a challenge striving for compliance with legislation along with keeping up with digital technologies. Jan Kuklinca, attorney at Deloitte Legal knows something about that. He focuses on IT law and assists clients in the areas of digital signatures, software licenses or intellectual property protection. In the interview, we asked him what the work in such a specific legal field was like. 

5. 1. 2021

Many people have learned to use new services. This is good news for tech companies, says Libor Čížek from Citi Commercial Bank

Thanks to automated solutions, the usual banker skills from the past years are no longer enough. Communication with clients is more technical and project-managed by various implementation teams focusing on the development of services for digital economy companies, from e-commerce to software to fintech. “Cooperation therefore requires involvement of IT people on both sides,” says Libor Čížek from Citi Commercial Bank, where he leads a section focused on services for digital companies. He adds that “as for other trends, it is mainly about shifting the bank’s corporate customer experience closer to the retail banking customer’s experience, despite the higher complexity of services in the corporate world.” Another key aspect is the digitisation process, which has been accelerated by the ongoing pandemic. 

16. 12. 2020
Technology  Law 

The Electronic Signing of Documents: A Phenomenon in the Time of Digitization, but a Necessity in the Time of Crisis

Czech legislation permits companies, and their clients, to use several kinds of online communication, including those with the use of remote contract signing. Although it is not regulatory news, there are companies that have not yet embraced such digitisation, even in these times. During the coronavirus crisis, interaction without physical presence is not only an interesting bonus, it is an outright necessity. We have therefore summarised key information that will help companies avoid disruption in communication with their customers, continue entering into contracts, and still meet all the requirements of current measures. 

25. 11. 2020