SIEM startup RunReveal reels in $2.5M to reduce cybersecurity false positives – SiliconANGLE News

3 minutes, 10 seconds Read

Cybersecurity startup RunReveal Inc. today launched its first product into general availability and disclosed the completion of a $2.5 million seed round.

Costanoa Ventures led the investment. According to RunReveal, the capital will help finance hiring initiatives and the development of additional products.

RunReveal offers a SIEM, or security information and event management, platform that can sift through the telemetry generated by a company’s infrastructure to find breach indicators. It’s positioned as a simpler alternative to the established SIEM products on the market. RunReveal says that the platform eases cybersecurity teams’ work by reducing the number of false positives they must process.

In cybersecurity, false positives occur when a breach detection tool flags a benign event as malicious. At some companies, there can be hundreds of such erroneous alerts per day, which makes it more difficult to spot real breaches. The need to filter false positives also creates a significant amount of work for cybersecurity teams.

According to RunReveal, its SIEM includes a feature called correlated alerting that addresses the challenge. It reduces false positives by taking multiple data points into account to determine if a suspicious event might be malicious.

In a traditional SIEM, a user action can be flagged as malicious even if there’s only one unusual detail about it. A login request, for example, might trigger an alert if it’s sent at an unusual time of day but otherwise doesn’t diverge from normal user activity patterns. This low alerting threshold is one reason some cybersecurity tools generate a significant number of false positives. 

RunReveal’s SIEM platform only flags an event as malicious if it’s unusual in not one, but multiple ways. For example, a login request sent at an unusual time of day might only trigger an alert if it was also made from an unknown device. Events that diverge from usual activity patterns to a lesser extent are logged as well, but they’re lumped into a single daily notification to avoid creating a large number of false positives.

“We enable security teams to respond faster by collecting and instantly correlating suspicious activity across all of their cloud and SaaS tools,” said RunReveal co-founder and Chief Executive Officer Evan Johnson.

RunReveal provides a custom query language that administrators can use to investigate the potential breaches its SIEM platform detects. PQL, as the syntax is called, makes it possible to retrieve data about a cyberattack from the affected systems and run analyses. RunReveal says that carrying out complex computations on cybersecurity data is easier with PQL than using the more widespread SQL syntax. 

RunReveal’s SIEM platform also provides a number of other productivity features for cybersecurity teams. According to the company, a speed-optimized search engine enables users to surface large amounts of breach data in under a second. Built-in data visualization features make it possible to turn technical information into more easily understandable graphs.

“We see RunReveal as opening new avenues in the SIEM market, with companies requiring pragmatic approaches to the latest security threats,” said Costanoa Ventures partner John Cowgill. “For too many companies, existing SIEM products are too expensive, too difficult to implement and too hard to use.”

Image: RunReveal

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy


This post was originally published on 3rd party site mentioned in the title of this site

Similar Posts