“Nobody is doing predictive risk [assessment],” said Gaurav Banga, CEO and founder of Balbix. He also founded endpoint security company Bromium and served as its CEO for more than five years. “There are a number trying to do surface dashboards, but they are fundamentally dealing with trying to analyze in the rearview mirror. What we are building is a front-looking radar.”
Balbix’s platform uses predictive analytics and artificial intelligence (AI) to automatically measure breach risk and calculate resilience. Specialized sensors deployed across the enterprise continuously discover and monitor all devices, apps, and users across hundreds of attack methods and indicators of business impact.
Self-learning algorithms analyze this telemetry data and use it to build a risk model.
“We create a real-time risk heat-map,” Banga explained. “This is clickable, it is searchable, it’s a color-coded map of the enterprise.”
This map prioritizes mitigation projects by identifying the areas of highest risk and developing actionable insights.
It also predicts breach scenarios by analyzing factors that point to the future likelihood of a security breach; for example, user clickthrough behavior indicating high phishing risk.
“It also generates reports directed at people who don’t understand the nuances of security, like board members,” Banga said. “Our customers are telling us they have never seen this level of automation to give them real time dashboards.”
The startup has more than a dozen customers in the technology, financial, energy, and manufacturing sectors, he added. These include semiconductor company Cavium and professional services firm Aon.
“Anybody who has more than a few machines,” can use the security platform, Banga said. “Shops from a few hundred machines all the way to hundreds and thousands. Almost everybody has the same problems when you go down to the level of TCP/IP.” He’s referring to Transmission Control Protocol/Internet Protocol, which are communications protocols used to interconnect network devices.
Before founding Balbix, Banga said he asked customers: what security problem did they have that he should solve? A few months ago, as a follow-up, his team surveyed 600 executives, primarily CIOs and CISOs. Of the respondents, 250 were Fortune 500 companies. The survey found three key areas of concern:
- Mitigating a growing attack surface.
- Preventing attack propagation.
- Measuring breach risk.
“We validated this is the data that is missing,” Banga said. “This is the predictive viewpoint that they all believe will help us get ahead of the adversaries. We think we have come up with something that can be used pretty much on day 1 to get ahead of the adversary.”