Abstract Security has emerged stealthily with a platform designed to centralize security analysis, accelerate detection and triage alerts so that security analysts can focus on actually managing and resolving security incidents.
The startup, which has raised $8.5 million in seed funding, will use its platform to shake up the security information and event management (SIEM) market, says Colby DeRodeff, the company’s co-founder and CEO. There’s been a lot of talk about “next-generation SIEM,” but not much focus has been placed on addressing the underlying challenge, which is that the technology can’t handle the scale of data collected, nor provide actionable alerts quickly enough , he claims. Because Abstract Security handles data collection and storage differently, its detection engine provides analysts with alerts much earlier and at a lower cost, he says.
Abstract Security maintains security data in data streams and uses machine learning to apply predefined and user-defined detection rules to find correlations between streams. Using the streaming model helps Abstract avoid latency, reduce detection times and reduce average response time, DeRodeff says. Analysts don’t wait 45 minutes for the system to index data before they can query it.
“The future of sensing is fundamentally about understanding data sources and integrating sensing engineering into the platform with powerful analytics,” DeRodeff says. “We help customers distinguish what data is important to their organization and then provide them with a roadmap to become more effective at detecting and mitigating threats.”
“Abstract’s data-centric approach represents the future of sensing,” said Matt Bigge, partner at Crosslink Capital, who took part in the company’s seed funding round.
Companies store terabytes of data, but most of the data they’re sitting on isn’t useful or relevant to detecting security issues and incidents, DeRodeff says, estimating that up to 95% of the log data collected isn’t actionable for purposes of detection. He describes client meetings where the client would not be able to detect attack simulations.
“They weren’t collecting the right data,” DeRodeff says, noting that companies face a data conundrum. Security teams can define detection rules based on the type of data they have, but they can also decide what data to collect based on the detections they want to achieve.
Abstract Security’s platform “bifurcates” security and compliance, DeRodeff says, directing security-relevant data into streaming databases and storing everything else separately. This increases the effectiveness of detection and reduces processing and storage costs, while still helping companies meet their compliance obligations.
“In today’s changing cyber landscape, understanding which data is vital to security and which is being collected for compliance or forensics is critical. Otherwise, organizations will pay a high price for unnecessary data that is simply not needed in their analytics packages at high fidelity,” says strategic advisor Tom Reilly. Reilly is also an investor in the company.
Beta customers span a variety of industries, including a major insurance provider, a global healthcare provider, an F500 company in the financial services sector and a B2B technology company, the company said.
Both Reilly and Bigge see the founders’ experience and understanding of the market as reasons to invest in the company. Bigge calls DeRodeff a “known entity,” as he was one of Arcsight’s first employees and played a role in its 2008 IPO and HP acquisition in 2010. DeRodeff was also responsible for strategy and co- founder of threat intelligence firm Anomali, as well, chief technology officer of Verodin, a provider of security instrumentation platforms. DeRodeff’s expertise in SIEM, threat intelligence and data validation means he understands what customers need and has the ability to deliver on the company’s goals, Bigge says.
Abstract Security will become an essential part of the modern technology stack, says Bigge.