Automated analysis of big data can help prioritize security alerts, neutralize threats

Modeling, machine learning gives security vendors tools to tailor solutions efficiently, effectively

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Every year, com­pa­nies are increas­ing their cyber­se­cu­ri­ty bud­get and pour­ing mon­ey into new prod­ucts and ser­vices. The prob­lem is, these offer­ings often come from sep­a­rate ven­dors and don’t inte­grate with one another.

This dis­par­i­ty over­whelms secu­ri­ty prac­ti­tion­ers to the point that they sim­ply ignore secu­ri­ty alerts. Accord­ing to Cis­co, 44 per­cent of alerts are not being investigated.

Relat­ed: Unin­ves­ti­gat­ed secu­ri­ty threats can swamp an organization

E8 Secu­ri­ty, a Sil­i­con Val­ley start­up, wants to be the ven­dor that secu­ri­ty teams turn to for solv­ing that problem.

ed-note_e8-securityThrough behav­ioral intel­li­gence, machine learn­ing, arti­fi­cial intel­li­gence and big-data ana­lyt­ics, E8 Secu­ri­ty says it helps “con­nect the dots” to enable faster detec­tion and inves­ti­ga­tion of threats with­in a network.

The com­pa­ny was among hun­dreds of ven­dors pro­mot­ing lead­ing-edge cyber­se­cu­ri­ty sys­tems at the RSA 2017 cyber­se­cu­ri­ty con­fer­ence last week in San Fran­cis­co, which drew 43,000 atten­dees.

Over the past five to eight years, orga­ni­za­tions have increas­ing­ly deployed tools to col­lect infor­ma­tion, and the data has expo­nen­tial­ly increased,” says Ravi Devired­dy, com­pa­ny co-founder and chief tech­nol­o­gy offi­cer. “We’re solv­ing that chal­lenge for these teams.”

How it works

To iden­ti­fy anom­alous activ­i­ty, the E8 Secu­ri­ty Fusion Plat­form first maps the net­work, teach­ing itself what the base­line is rather than rely­ing on ana­lysts’ secu­ri­ty rules. Then, the plat­form uses so-called mul­ti­di­men­sion­al mod­el­ing to mon­i­tor behav­iors of users, devices and with­in the network.

Fire­Eye esti­mat­ed that in 2015, the medi­an lapse between time of com­pro­mise and time of dis­cov­ery was 146 days, and 56 days for inter­nal dis­cov­ery. The E8 Secu­ri­ty Secu­ri­ty Plat­form doesn’t detect the actu­al intru­sion, but it works to sig­nif­i­cant­ly reduce the time gap between com­pro­mise and discovery.

Devired­dy says that fre­quent­ly, by the time secu­ri­ty teams find the bad actor or activ­i­ty with­in the orga­ni­za­tion, the data is lost.

Ravi Devireddy, E8 Security co-founder and chief technology officer
Ravi Devired­dy, E8 Secu­ri­ty co-founder and chief tech­nol­o­gy officer

By the time they real­ize this, it’s too late,” he says. “We’re try­ing to reduce that (detec­tion) time to a few min­utes or a few hours, once the attack is happening.”

The mul­ti­di­men­sion­al mod­el­ing, Devired­dy explains, enables the tech­nol­o­gy to auto­mat­i­cal­ly learn and under­stand the behav­iors of each user, work­sta­tion, end­point and so on—everything from how users access files to the type of net­work traf­fic they generate.

We take dif­fer­ent sig­nals and com­bine them togeth­er into a much clear­er, sin­gle pro­file,” says Matt Jones, E8 Secu­ri­ty CEO.

The goal is to help secu­ri­ty teams pri­or­i­tize the alerts that come from dif­fer­ent ven­dor prod­ucts, includ­ing the SIEM (secu­ri­ty infor­ma­tion and event man­age­ment) platform.

Most teams don’t have the capac­i­ty to address thou­sands of alerts,” Devired­dy says. “We give them a deci­sion engine to get there faster.”

Idea born from per­son­al experience

Devired­dy knows first-hand the chal­lenges of work­ing with large amounts of data while try­ing to address secu­ri­ty. While work­ing as the head of secu­ri­ty ana­lyt­ics at Visa, he was respon­si­ble for cre­at­ing a mon­i­tor­ing plat­form for iden­ti­fy­ing attack activity.

All those years, my expe­ri­ence was that the amount of data we were col­lect­ing, stor­ing, pro­cess­ing and try­ing to make sense of increased each year,” he says.

This was in the ear­ly days of big-data ana­lyt­ics in oth­er sec­tors, such as fraud detec­tion. But there were no cyber­se­cu­ri­ty solu­tions avail­able for the same tech­nol­o­gy. So Devired­dy and his team imple­ment­ed a home­grown solution.

The project was a suc­cess. And plant­ed the seed for a start­up idea.

Even­tu­al­ly, I see the same need for most orga­ni­za­tions, like the Visas of the world,” Devired­dy says.

Big data gets bigger

These orga­ni­za­tions know they’re con­stant­ly being attacked and can’t always pre­vent a net­work breach, he says. But they also real­ize that a side effect of the increased lev­els of mon­i­tor­ing is this grow­ing vol­ume of secu­ri­ty data to wade through.

Launched in 2013, E8 Secu­ri­ty has grown to 40 employ­ees and has brought in near­ly $22 mil­lion in fund­ing over two rounds. It launched its first prod­uct in 2015, and released its flag­ship offer­ing, the E8 Secu­ri­ty Fusion Plat­form, this February.

Matt Jones, E8 Security CEO
Matt Jones, E8 Secu­ri­ty CEO

Jones says that the lat­est round of fund­ing, from Octo­ber 2016, will help expand the staff to keep up with the mar­ket demand and move into new verticals.

I think there’s a fair amount of com­peti­tors, but by the end of 2017 or begin­ning of 2018, you’ll see a bifur­ca­tion where some peo­ple are get­ting cus­tomer trac­tion and some are not,” he says. “We want to be in the top two to three play­ers by the end of ’17.”

The long-term vision, in Devireddy’s eyes, is to solve a much broad­er problem.

Our long view is that we can’t work our way out of this prob­lem by adding more and more peo­ple, and we can’t pro­duce enough secu­ri­ty pros,” he says. “We want E8 Secu­ri­ty to become a de fac­to tool that con­nects all aspects of the enter­prise when it comes to security—on-premises, cloud, mobile, Inter­net of Things, all of them.”

Read more sto­ries relat­ed to behav­ioral analysis:
Machine learn­ing under­ly­ing SIEM sys­tems gets smarter at neu­tral­iz­ing cyber threats
Vir­tu­al ana­lysts lever­age human knowl­edge to help solve cyber­se­cu­ri­ty challenges
Machine learn­ing helps orga­ni­za­tions strength­en secu­ri­ty, iden­ti­fy inside threats