Covering Disruptive Technology Powering Business in The Digital Age

Home > DTA news > News > Automated analysis of big data can help prioritize security alerts, neutralize threats
Automated analysis of big data can help prioritize security alerts, neutralize threats

 

Every year, companies are increasing their cybersecurity budget and pouring money into new products and services. The problem is, these offerings often come from separate vendors and don’t integrate with one another.

This disparity overwhelms security practitioners to the point that they simply ignore security alerts. According to Cisco, 44 percent of alerts are not being investigated.

E8 Security, a Silicon Valley startup, wants to be the vendor that security teams turn to for solving that problem.

Through behavioral intelligence, machine learning, artificial intelligence and big-data analytics, E8 Security says it helps “connect the dots” to enable faster detection and investigation of threats within a network.

The company was among hundreds of vendors promoting leading-edge cybersecurity systems at the RSA 2017 cybersecurity conference last week in San Francisco, which drew 43,000 attendees.

“Over the past five to eight years, organizations have increasingly deployed tools to collect information, and the data has exponentially increased,” says Ravi Devireddy, company co-founder and chief technology officer. “We’re solving that challenge for these teams.”

How it works

To identify anomalous activity, E8’s behavioral intelligence platform first maps the network, teaching itself what the baseline is rather than relying on analysts’ security rules. Then, the platform uses so-called multidimensional modeling to monitor behaviors of users, devices and within the network.

FireEye estimated that in 2015, the median lapse between time of compromise and time of discovery was 146 days, and 56 days for internal discovery. The E8 Security platform doesn’t detect the actual intrusion, but it works to significantly reduce the time gap between compromise and discovery.

Devireddy says that frequently, by the time security teams find the bad actor or activity within the organization, the data is lost.

“By the time they realize this, it’s too late,” he says. “We’re trying to reduce that (detection) time to a few minutes or a few hours, once the attack is happening.”

The multidimensional modeling, Devireddy explains, enables the technology to automatically learn and understand the behaviors of each user, workstation, endpoint and so on—everything from how users access files to the type of network traffic they generate.

“We take different signals and combine them together into a much clearer, single profile,” says Matt Jones, E8 Security co-founder and CEO.

The goal is to help security teams prioritize the alerts that come from different vendor products, including the SIEM (security information and event management) platform.

“Most teams don’t have the capacity to address thousands of alerts,” Devireddy says. “We give them a decision engine to get there faster.”

Idea born from personal experience

Devireddy knows first-hand the challenges of working with large amounts of data while trying to address security. While working as the head of security analytics at Visa, he was responsible for creating a monitoring platform for identifying attack activity.

Ravi Devireddy, E8 Security co-founder and chief technology officer

Ravi Devireddy, E8 Security co-founder and chief technology officer

“All those years, my experience was that the amount of data we were collecting, storing, processing and trying to make sense of increased each year,” he says.

This was in the early days of big-data analytics in other sectors, such as fraud detection. But there were no cybersecurity solutions available for the same technology. So Devireddy and his team implemented a homegrown solution.

The project was a success. And planted the seed for a startup idea.

“Eventually, I see the same need for most organizations, like the Visas of the world,” Devireddy says.

Big data gets bigger

These organizations know they’re constantly being attacked and can’t always prevent a network breach, he says. But they also realize that a side effect of the increased levels of monitoring is this growing volume of security data to wade through.

Launched in 2013, E8 Security has grown to 40 employees and has brought in nearly $22 million in funding over two rounds. It launched its first product in 2015, and released its flagship offering, the E8 Security Fusion Platform, this February.

Jones says that the latest round of funding, from October 2016, will help expand the staff to keep up with the market demand and move into new verticals.

Matt Jones, E8 Security co-founder and CEO

Matt Jones, E8 Security co-founder and CEO

“I think there’s a fair amount of competitors, but by the end of 2017 or beginning of 2018, you’ll see a bifurcation where some people are getting customer traction and some are not,” he says. “We want to be in the top two to three players by the end of ’17.”

The long-term vision, in Devireddy’s eyes, is to solve a much broader problem.

“Our long view is that we can’t work our way out of this problem by adding more and more people, and we can’t produce enough security pros,” he says. “We want E8 Security to become a de facto tool that connects all aspects of the enterprise when it comes to security—on-premises, cloud, mobile, Internet of Things, all of them.”

ed-note_e8-security

This article was originally publshed on thirdcertainty.com and can be viewed in full

 

(0)(0)