Abstract Security emerged from stealth with a platform designed to centralize security analytics, speed up detection, and triage alerts so that security analysts can focus on actually managing and resolving security incidents.
The startup, which raised $8.5 million in seed funding, will use its platform to shake up the security information and event management (SIEM) market, says Colby DeRodeff, the company’s co-founder and CEO. There has been a lot of talk about “next-gen SIEM,” but not a lot of focus on addressing the underlying challenge, that the technology could not handle the scale of data being collected, nor deliver actionable alerts quickly enough, he says. Because Abstract Security handles data collection and storage differently, its detection engine provides analysts with alerts much sooner, and at a lower cost, he says.
Abstract Security keeps the security data in data streams and uses machine learning to apply pre-built and user-defined detection rules to find correlations between streams. Using the streaming model helps Abstract avoid latency, lower time to detection and reduce mean time to response, DeRodeff says. Analysts aren’t waiting 45 minutes for the system to index the data before they can interrogate it.
“The future of detection is fundamentally understanding the data sources and having detection engineering baked into the platform with powerful analytics,” DeRodeff says. “We help customers differentiate what data is important to their organization, and then give them a roadmap to become more effective at detecting and mitigating threats.”
“Abstract’s data-centric approach represents the future of detection,” said Matt Bigge, partner at Crosslink Capital, who took part in the company’s seed funding round.
Enterprises are storing terabytes of data, but the majority of the data they are sitting on is not useful or relevant for detecting security issues and incidents, DeRodeff says, estimating that as much as 95% of collected log data is not usable for detection purposes. He describes customer meetings where the customer would be unable to detect attack simulations.
“They were not collecting the right data,” DeRodeff says, noting that enterprises face a data conundrum. Security teams can define the detection rules based on the type of data they have, but they also decide what data to collect based on the detections they want to have.
Abstract Security’s platform “bifurcates” security and compliance, DeRodeff says, by directing security-relevant data into streaming databases and storing everything else separately. This increases detection effectiveness and lowers computing and storage costs, while still helping enterprises meet their compliance obligations.
“In today’s shifting cyber landscape, understanding which data is vital for security and which is collected for compliance or forensics is crucial. Otherwise, organizations pay a hefty price for unnecessary data that simply isn’t needed in their high-fidelity analytic packages,” says strategic advisor Tom Reilly. Reilly is also an investor in the company.
Beta customers span a variety of industries, including a major insurance provider, a global healthcare provider, an F500 company in the financial services space, and a B2B tech company, the company said.
Both Reilly and Bigge note the founders’ experience and understanding of the market as reasons to invest in the company. Bigge calls DeRodeff a “known entity,” as one of the early employees at Arcsight and played a role in the 2008 IPO and acquisition by HP in 2010. DeRodeff was also the chief strategy officer and co-founder of threat intelligence company Anomali, as well chief technology officer of Verodin, a security instrumentation platform provider. DeRodeff’s experience in SIEM, threat intelligence, and data validation means he understands what customers need and has the ability to execute the company’s goals, Bigge says.
Abstract Security will become an essential part of the modern technology stack, Bigge says.
This post was originally published on 3rd party site mentioned in the title of this site
