**Automate Your Security Whack-a-Mole: A Conversation with Exaforce**

As cyber threats continue to evolve at an alarming rate, organizations are finding themselves playing a never-ending game of whack-a-mole in their security efforts. Each new attack requires a manual response, which can be time-consuming and resource-intensive. But what if there was a way to automate some of these responses and detection processes? Enter Exaforce, a company that has developed software to help organizations streamline their security operations.

We spoke with Ariful Huq, co-founder and head of product, and Marco Rodrigues, co-founder and head of product, at Exaforce about their innovative approach to security automation.

**What does Exaforce do?**

Ariful Huq: We're focused on helping organizations of all sizes, from high-growth startups to mid-enterprises, build a Security Operations Center (SOC) in days. If you already have a SOC, we help amplify the capabilities of your analysts. Think about taking a team of two or three analysts and making them a team of ten.

**Where do organizations struggle the most?**

Marco Rodrigues: We see customers come to us once they've completed their SOC II compliance or ISO audits. It's when they're putting together incident response plans or facing legal liability due to customer contracts that we get involved. Many startups have one or two security engineers, and they need help with detection frameworks, monitoring, and remediating incidents.

**How does Exaforce approach detection in a reliable and permanent way?**

Ariful Huq: We use a combination of statistical modeling and large language models to detect anomalies. The goal is to make anomaly detection more reliable by reducing noise and false positives. We're also leveraging our AI agents to triage detections and provide context.

**What about the response aspect of security operations?**

Marco Rodrigues: Our platform focuses on automating response actions, such as resetting passwords or isolating instances. But we also help customers build bespoke automation agents to handle specific use cases.

**How does Exaforce's platform interact with existing infrastructure?**

Ariful Huq: We can tap into major cloud providers through APIs, and customers can choose from a variety of deployment options, including our cloud-based solution. Each customer gets their own separate cloud account with a data warehouse powered by Snowflake.

**Is there a significant installation lift involved?**

Marco Rodrigues: The installation process is relatively straightforward, typically taking around 3-4 hours to onboard four to five data sources. We can also ingest historical data from SaaS services, which helps build behavioral models and improve detection accuracy.

**To get signals out of the system, do you require customers to instrument first?**

Ariful Huq: If customers have historical data stored in their SaaS services, we'll automatically ingest it and start building behavioral models. We can also tap into existing instrumentation like Open Telemetry.

By automating some of the manual processes involved in security operations, Exaforce's platform aims to help organizations stay ahead of emerging threats without breaking the bank. As the threat landscape continues to evolve, innovative solutions like Exaforce's are essential for securing the future of cybersecurity.