Automated analysis of big data can help prioritize security alerts, neutralize threats

Modeling, machine learning gives security vendors tools to tailor solutions efficiently, effectively

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Every year, companies are increasing their cybersecurity budget and pouring money into new products and services. The problem is, these offerings often come from separate vendors and don’t integrate with one another.

This disparity overwhelms security practitioners to the point that they simply ignore security alerts. According to Cisco, 44 percent of alerts are not being investigated.

Related: Uninvestigated security threats can swamp an organization

E8 Security, a Silicon Valley startup, wants to be the vendor that security teams turn to for solving that problem.

ed-note_e8-securityThrough behavioral intelligence, machine learning, artificial intelligence and big-data analytics, E8 Security says it helps “connect the dots” to enable faster detection and investigation of threats within a network.

The company was among hundreds of vendors promoting leading-edge cybersecurity systems at the RSA 2017 cybersecurity conference last week in San Francisco, which drew 43,000 attendees.

“Over the past five to eight years, organizations have increasingly deployed tools to collect information, and the data has exponentially increased,” says Ravi Devireddy, company co-founder and chief technology officer. “We’re solving that challenge for these teams.”

How it works

To identify anomalous activity, the E8 Security Fusion Platform first maps the network, teaching itself what the baseline is rather than relying on analysts’ security rules. Then, the platform uses so-called multidimensional modeling to monitor behaviors of users, devices and within the network.

FireEye estimated that in 2015, the median lapse between time of compromise and time of discovery was 146 days, and 56 days for internal discovery. The E8 Security Security Platform doesn’t detect the actual intrusion, but it works to significantly reduce the time gap between compromise and discovery.

Devireddy says that frequently, by the time security teams find the bad actor or activity within the organization, the data is lost.

Ravi Devireddy, E8 Security co-founder and chief technology officer
Ravi Devireddy, E8 Security co-founder and chief technology officer

“By the time they realize this, it’s too late,” he says. “We’re trying to reduce that (detection) time to a few minutes or a few hours, once the attack is happening.”

The multidimensional modeling, Devireddy explains, enables the technology to automatically learn and understand the behaviors of each user, workstation, endpoint and so on—everything from how users access files to the type of network traffic they generate.

“We take different signals and combine them together into a much clearer, single profile,” says Matt Jones, E8 Security CEO.

The goal is to help security teams prioritize the alerts that come from different vendor products, including the SIEM (security information and event management) platform.

“Most teams don’t have the capacity to address thousands of alerts,” Devireddy says. “We give them a decision engine to get there faster.”

Idea born from personal experience

Devireddy knows first-hand the challenges of working with large amounts of data while trying to address security. While working as the head of security analytics at Visa, he was responsible for creating a monitoring platform for identifying attack activity.

“All those years, my experience was that the amount of data we were collecting, storing, processing and trying to make sense of increased each year,” he says.

This was in the early days of big-data analytics in other sectors, such as fraud detection. But there were no cybersecurity solutions available for the same technology. So Devireddy and his team implemented a homegrown solution.

The project was a success. And planted the seed for a startup idea.

“Eventually, I see the same need for most organizations, like the Visas of the world,” Devireddy says.

Big data gets bigger

These organizations know they’re constantly being attacked and can’t always prevent a network breach, he says. But they also realize that a side effect of the increased levels of monitoring is this growing volume of security data to wade through.

Launched in 2013, E8 Security has grown to 40 employees and has brought in nearly $22 million in funding over two rounds. It launched its first product in 2015, and released its flagship offering, the E8 Security Fusion Platform, this February.

Matt Jones, E8 Security CEO
Matt Jones, E8 Security CEO

Jones says that the latest round of funding, from October 2016, will help expand the staff to keep up with the market demand and move into new verticals.

“I think there’s a fair amount of competitors, but by the end of 2017 or beginning of 2018, you’ll see a bifurcation where some people are getting customer traction and some are not,” he says. “We want to be in the top two to three players by the end of ’17.”

The long-term vision, in Devireddy’s eyes, is to solve a much broader problem.

“Our long view is that we can’t work our way out of this problem by adding more and more people, and we can’t produce enough security pros,” he says. “We want E8 Security to become a de facto tool that connects all aspects of the enterprise when it comes to security—on-premises, cloud, mobile, Internet of Things, all of them.”

Read more stories related to behavioral analysis:
Machine learning underlying SIEM systems gets smarter at neutralizing cyber threats
Virtual analysts leverage human knowledge to help solve cybersecurity challenges
Machine learning helps organizations strengthen security, identify inside threats