Big data service provider Cloudwick today launched a security analytics product at Black Hat USA that the company claims can ingest more than 100 million events per second of telemetry data. This includes network packets, netflow, logs, and alerts.
Cloudwick calls the new platform CDL, which stands for cyber data lake. It’s a converged system comprised of a Cloudwick managed hardware appliance with integrated software. It can also be deployed as a virtual appliance on Amazon Web Services (AWS), using AWS Direct Connect to connect the data center appliance to the cloud.
Mark Schreiber, general manager at Cloudwick, said most other platforms can ingest 100,000 events per second, while some high-performing products can do 500,000 per second.
After the appliance captures the data via an ingestion pipeline, it stores it in an on-premise data lake. Then the software layer — called CDL Manager — provides access to security and compliance teams, and uses machine learning, advanced analytics, and artificial intelligence to detect threats and prevent future attacks.
Uses cases include compliance, incident response and investigation, risk and vulnerability management, and securing the cloud.
In addition to AWS, Cloudwick worked with other technology partners to develop the platform. These include Solarflare, LogTrust, Bricata, Corelight, Protectwise, H20.ai, and Graphistry.
Cloudwick developed proprietary software for the product and is seeking patents for some of it. It also used open source Apache Hadoop and Apache Spark and integrated technology from Bricata, Corelight, and Solarflare into the platform.
Intel provided funding to Cloudwick to develop the product.
The company began working on the platform two years ago, when Intel approached the team looking for a vendor to develop “next-gen technology to power security,” Schreiber said.
‘Democratizing’ Security Analytics
The platform “democratizes” security analytics data, he said, meaning that it makes the data accessible to the enterprise, which can use various applications and tools to analyze it.
“One of the other challenges was this siloed security,” he said. “If you look at the next-generation of technology required to combat today’s threats, it really requires the democratization of data into a Salesforce-type model. You don’t want to have 10 vendors managing 10 petabytes each. You want to have one capture, one platform, and then providing access to all of your analytics vendors internally and externally.”
Schreiber said he can’t name any CDL customers but says verticals include banking, finance, insurance, and healthcare.
In an email, 451 Research analyst Eric Ogren said Cloudwick has some “nifty ideas,” but only time will tell if the company can execute its vision.
“I am big on analytics driving the modern security strategy,” Ogren said. “That is, security operations will start with intelligence gleaned from analytics and can then in real-time apply preventive features This will take a few years, but it is going to happen. The key is to get past the security myopia to bridge IT and cloud information — Cloudwick gets this and is well positioned to capitalize.”
This idea of democratizing security data is also the driving force behind another product being unveiled this week at Black Hat — this one from Jask. Startup Jask launched in June with $12 million in Series A funding, led by Dell Technologies Capital. Its security platform called Trident focuses on predictive security and aims to automate threat analytics in the enterprise security operations center.
Ogren said the company faces challenges including “falling in love with a boil the ocean vision,” meaning talking about analyzing petabytes to shine light on the unknown without articulating what security problems they can solve.
“Cloudwick has an advantage in performance (assuming they do not Pinocchio when talking with us) and in being a cloud service (keeps away from legacy on-prem stuff),” he explained. “The trick will be to keep defining the problem in ways to keep ahead of the market.”
The company also will have to convince chief security officers that “traditional security operations thinking” is not the way to prevent attacks.
“Cloudwick will be asked by enterprise CSOs for capabilities that they see in existing products, or be asked to solve the security operations labor problem,” he said. “Cloudwick’s job should be to put the SOC [security operations center] out of business entirely.”