Exabeam

Auto Added by WPeMatico

Cribl raises $200M to help enterprises do more with their data

At a time when remote work, cybersecurity attacks and increased privacy and compliance requirements threaten a company’s data, more companies are collecting and storing their observability data, but are being locked in with vendors or have difficulty accessing the data.

Enter Cribl. The San Francisco-based company is developing an “open ecosystem of data” for enterprises that utilizes unified data pipelines, called “observability pipelines,” to parse and route any type of data that flows through a corporate IT system. Users can then choose their own analytics tools and storage destinations like Splunk, Datadog and Exabeam, but without becoming dependent on a vendor.

The company announced Wednesday a $200 million round of Series C funding to value Cribl at $1.5 billion, according to a source close to the company. Greylock and Redpoint Ventures co-led the round and were joined by new investor IVP, existing investors Sequoia and CRV and strategic investment from Citi Ventures and CrowdStrike. The new capital infusion gives Cribl a total of $254 million in funding since the company was started in 2017, Cribl co-founder and CEO Clint Sharp told TechCrunch.

Sharp did not discuss the valuation; however, he believes that the round is “validation that the observability pipeline category is legit.” Data is growing at a compound annual growth rate of 25%, and organizations are collecting five times more data today than they did 10 years ago, he explained.

“Ultimately, they want to ask and answer questions, especially for IT and security people,” Sharp added. “When Zoom sends data on who started a phone call, that might be data I need to know so I know who is on the call from a security perspective and who they are communicating with. Also, who is sending files to whom and what machines are communicating together in case there is a malicious actor. We can also find out who is having a bad experience with the system and what resources they can access to try and troubleshoot the problem.”

Cribl also enables users to choose how they want to store their data, which is different from competitors that often lock companies into using only their products. Instead, customers can buy the best products from different categories and they will all talk to each other through Cribl, Sharp said.

Though Cribl is developing a pipeline for data, Sharp sees it more as an “observability lake,” as more companies have differing data storage needs. He explains that the lake is where all of the data will go that doesn’t need to go into an existing storage solution. The pipelines will send the data to specific tools and then collect the data, and what doesn’t fit will go back into the lake so companies have it to go back to later. Companies can keep the data for longer and more cost effectively.

Cribl said it is seven times more efficient at processing event data and boasts a customer list that includes Whole Foods, Vodafone, FINRA, Fannie Mae and Cox Automotive.

Sharp went after additional funding after seeing huge traction in its existing customer base, saying that “when you see that kind of traction, you want to keep doubling down.” His aim is to have a presence in every North American city and in Europe, to continue launching new products and growing the engineering team.

Up next, the company is focusing on go-to-market and engineering growth. Its headcount is 150 currently, and Sharp expects to grow that to 250 by the end of the year.

Over the last fiscal year, Cribl grew its revenue 293%, and Sharp expects that same trajectory for this year. The company is now at a growth stage, and with the new investment, he believes Cribl is the “future leader in observability.”

“This is a great investment for us, and every dollar, we believe, is going to create an outsized return as we are the only commercial company in this space,” he added.

Scott Raney, managing director at Redpoint Ventures, said his firm is a big enterprise investor in software, particularly in companies that help organizations leverage data to protect themselves, a sweet spot that Cribl falls into.

He feels Sharp is leading a team, having come from Splunk, that has accomplished a lot, has a vision and a handle on the business and knows the market well. Where Splunk is capturing the machine data and using its systems to extract the data, Cribl is doing something similar in directing the data where it needs to go, while also enabling companies to utilize multiple vendors and build apps to sit on top of its infrastructure.

“Cribl is adding opportunity by enriching the data flowing through, and the benefits are going to be meaningful in cost reduction,” Raney said. “The attitude out there is to put data in cheaper places, and afford more flexibility to extract data. Step one is to make that transition, and step two is how to drive the data sitting there. Cribl is doing something that will go from being a big business to a legacy company 30 years from now.”

Powered by WPeMatico

Cyber risk startup Safe Security lands $33M from UK telco BT

Safe Security, a Silicon Valley cyber risk management startup, has secured a $33 million investment from U.K. telco BT. 

Founded in 2012, Safe Security — formerly known as Lucideus — helps organizations measure and mitigate enterprise-wide cyber risk using its security assessment framework for enterprises (SAFE) platform. The service, which is used by a number of companies, including Facebook, Softbank and Xiaomi, helps businesses understand their likelihood of suffering a major cyberattack, calculates a financial cost to customers’ risks and provides actionable insight on the steps that can be taken to address them.

This funding round saw participation from Safe Security’s existing investors, including former Cisco chairman and chief executive John Chambers, and brings the total amount raised by Safe Security to $49.2 million.

BT said the investment, which is its first major third-party investment in cybersecurity since 2006, reflected its plans to grow rapidly in the sector. Philip Jansen, BT CEO said: “Cybersecurity is now at the top of the agenda for businesses and governments, who need to be able to trust that they’re protected against increasing levels of attack. 

“Already one of the world’s leading providers in a highly fragmented security market, this investment is a clear sign of BT’s ambition to grow further.”

The startup’s co-founder and chief executive Saket Modi said he was “delighted” to be working with BT.

“By aligning BT’s global reach and capabilities with SAFE’s ability to provide real-time visibility on cyber risk posture, we are going to fundamentally change how security is measured and managed across the globe,” he said.

As part of the investment, which will see Safe Security double its engineering team by the end of the year, BT will combine the SAFE platform with its managed security services, and gain exclusive rights to use and sell SAFE to businesses and public sector bodies in the U.K. BT will also work collaboratively with Safe Security to develop future products, according to an announcement from the company.

Safe Security’s competitors include UpGuard, Exabeam and VisibleRisk.

Powered by WPeMatico

JASK and the future of autonomous cybersecurity

There is a familiar trope in Hollywood cyberwarfare movies. A lone whiz kid hacker (often with blue, pink, or platinum hair) fights an evil government. Despite combatting dozens of cyber defenders, each of whom appears to be working around the clock and has very little need to use the facilities, the hacker is able to defeat all security and gain access to the secret weapon plans or whatever have you. The weapon stopped, the hacker becomes a hero.

The real world of security operations centers (SOCs) couldn’t be further from this silver screen fiction. Today’s hackers (who are the bad guys, by the way) don’t have the time to custom hack a system and play cat-and-mouse with security professionals. Instead, they increasingly build a toolbox of automated scripts and simultaneously hit hundreds of targets using, say, a newly discovered zero-day vulnerability and trying to take advantage of it as much as possible before it is patched.

Security analysts working in a SOC are increasingly overburdened and overwhelmed by the sheer number of attacks they have to process. Yet, despite the promises of automation, they are often still using manual processes to counter these attacks. Fighting automated attacks with manual actions is like fighting mechanized armor with horses: futile.

Nonetheless, that’s the current state of things in the security operations world, but as V.Jay LaRosa, the VP of Global Security Architecture of payroll and HR company ADP explained to me, “The industry, in general from a SOC operations perspective, it is about to go through a massive revolution.”

That revolution is automation. Many companies have claimed that they are bringing machine learning and artificial intelligence to security operations, and the buzzword has been a mainstay of security startup pitch decks for some times. Results in many cases have been nothing short of lackluster at best. But a new generation of startups is now replacing soaring claims with hard science, and focusing on the time-consuming low-hanging fruit of the security analyst’s work.

One of those companies, as we will learn shortly, is JASK. The company, which is based in San Francisco and Austin, wants to create a new market for what it calls the “autonomous security operations center.” Our goal is to understand the current terrain for SOCs, and how such a platform might fit into the future of cybersecurity.

Data wrangling and the challenge of automating security

The security operations center is the central nervous system of corporate security departments today. Borrowing concepts from military organizational design, the modern SOC is designed to fuse streams of data into one place, giving security analysts a comprehensive overview of a company’s systems. Those data sources typically include network logs, an incident detection and response system, web application firewall data, internal reports, antivirus, and many more. Large companies can easily have dozens of data sources.

Once all of that information has been ingested, it is up to a team of security analysts to evaluate that data and start to “connect the dots.” These professionals are often overworked since the growth of the security team is generally reactive to the threat environment. Startups might start with a single security professional, and slowly expand that team as new threats to the business are discovered.

Given the scale and complexity of the data, investigating a single security alert can take significant time. An analyst might spend 50 minutes just pulling and cleaning the necessary data to be able to evaluate the likelihood of a threat to the company. Worse, alerts are sufficiently variable that the analyst often has to repeatedly perform this cleanup work for every alert.

Data wrangling is one of the most fundamental problems that every SOC faces. All of those streams of data need to be constantly managed to ensure that they are processed properly. As LaRosa from ADP explained, “The biggest challenge we deal with in this space is that [data] is transformed at the time of collection, and when it is transformed, you lose the raw information.” The challenge then is that “If you don’t transform that data properly, then … all that information becomes garbage.”

The challenges of data wrangling aren’t unique to security — teams across the enterprise struggle to design automated solutions. Nonetheless, just getting the right data to the right person is an incredible challenge. Many security teams still manually monitor data streams, and may even write their own ad-hoc batch processing scripts to get data ready for analysis.

Managing that data inside the SOC is the job of a security information and event management system (SIEM), which acts as a system of record for the activities and data flowing through security operations. Originally focused on compliance, these systems allow analysts to access the data they need, and also log the outcome of any alert investigation. Products like ArcSight and Splunk and many others here have owned this space for years, and the market is not going anywhere.

Due to their compliance focus though, security management systems often lack the kinds of automated features that would make analysts more efficient. One early response to this challenge was a market known as user entity behavior analytics (UEBA). These products, which include companies like Exabeam, analyze typical user behavior and search for anomalies. In this way, they are meant to integrate raw data together to highlight activities for security analysts, saving them time and attention. This market was originally standalone, but as Gartner has pointed out, these analytics products are increasingly migrating into the security information management space itself as a sort of “smarter SIEM.”

These analytics products added value, but they didn’t solve the comprehensive challenge of data wrangling. Ideally, a system would ingest all of the security data and start to automatically detect correlations, grouping disparate data together into a cohesive security alert that could be rapidly evaluated by a security analyst. This sort of autonomous security has been a dream of security analysts for years, but that dream increasingly looks like it could become reality quite soon.

LaRosa of ADP told me that “Organizationally, we have got to figure out how we help our humans to work smarter.” David Tsao, Global Information Security Officer of Veeva Systems, was more specific, asking “So how do you organize data in a way so that a security engineer … can see how these various events make sense?”

JASK and the future of “autonomous security”

That’s where a company like JASK comes in. Its goal, simply put, is to take all the disparate data streams entering the security operations center and automatically group them into attacks. From there, analysts can then evaluate each threat holistically, saving them time and allowing them to focus on the sophisticated analytical part of their work, instead of on monotonous data wrangling.

The startup was founded by Greg Martin, a security veteran who previously founded threat intelligence platform ThreatStream (now branded Anomali). Before that, he worked as an executive at ArcSight, a company that is one of the incumbent behemoths in security information management.

Martin explained to me that “we are now far and away past what we can do with just human-led SOCs.” The challenge is that every single security alert coming in has to go through manual review. “I really feel like the state of the art in security operations is really how we manufactured cars in the 1950s — hand-painting every car,” Martin said. “JASK was founded to just clean up the mess.”

Machine learning is one of these abused terms in the startup world, and certainly that is no exception in cybersecurity. Visionary security professionals wax poetic about automated systems that instantly detect a hacker as they attempt to gain access to the system and immediately respond with tested actions designed to thwart them. The reality is much less exciting: just connecting data from disparate sources is a major hurdle for AI researchers in the security space.

Martin’s philosophy with JASK is that the industry should walk before it runs. “We actually look to the autonomous car industry,” he said to me. “They broke the development roadmap into phases.” For JASK, “Phase one would be to collect all the data and prepare and identify it for machine learning,” he said. LaRosa of ADP, talking about the potential of this sort of automation, said that “you are taking forty to fifty minutes of busy work out of that process and allow [the security analysts] to get right to the root cause.”

This doesn’t mean that security analysts are suddenly out of a job, indeed far from it. Analysts still have to interpret the information that has been compiled, and even more importantly, they have to decide on what is the best course of action. Today’s companies are moving from “runbooks” of static response procedures to automated security orchestration systems. Machine learning realistically is far from being able to accomplish the full lifecycle of an alert today, although Martin is hopeful that such automation is coming in later phases of the roadmap.

Martin tells me that the technology is being used by twenty customers today. The company’s stack is built on technologies like Hadoop, allowing it to process significantly higher volumes of data compared to legacy security products.

JASK is essentially carving out a unique niche in the security market today, and the company is currently in beta. The company raised a $2m seed from Battery in early 2016, and a $12m series A led by Dell Technologies Capital, which saw its investment in security startup Zscaler IPO last week.

There are thousands of security products in the market, as any visit to the RSA conference will quickly convince you. Unfortunately though, SOCs can’t just be built with tech off the shelf. Every company has unique systems, processes, and threat concerns that security operations need to adapt to, and of course, hackers are not standing still. Products need to constantly change to adapt to those needs, which is why machine learning and its flexibility is so important.

Martin said that “we have to bias our algorithms so that you never trust any one individual or any one team. It is a careful controlled dance to build these types of systems to produce general purpose, general results that applies across organizations.” The nuance around artificial intelligence is refreshing in a space that can see incredible hype. Now the hard part is to keep moving that roadmap forward. Maybe that blue-haired silver screen hacker needs some employment.

Powered by WPeMatico