In recent months a flurry of security startups have emerged from stealth mode (would you expect anything less?) and unveiled new products that use the latest technologies including machine learning, artificial intelligence (AI), and blockchain to prevent — and predict — attacks.
So much focus on machine learning and AI, in fact, that ESG Global analyst Jon Oltsik, in his Black Hat 2017 wrap-up, wrote “enough about machine learning and artificial intelligence…talk use cases rather than supervised modeling.”
Still, as enterprises shift their thinking to not if but when they will experience a breach, a comprehensive security strategy becomes key to a company’s survival and profitability. This is driving an approach that uses analytics, and combines operational data with anti-phishing and ransomware protection, said 451 Research analyst Eric Ogren.
“There’s a recognition that all companies are going to be hacked,” he said. “So it’s more of how do we not just take hygiene and incident response; how do we roll it into overall detection and remediation. It’s breaking down security silos.”
With that in mind, SDxCentral has compiled a list of ten security startups that we think are worth keeping an eye on in 2017 because of their business models, their technical innovation, and their early inroads in the market.
The 8.4 billion connected devices in use worldwide is expected to skyrocket to between 20 billion and 50 billion by 2020. This ecosystem of everything from smartphones to webcams and keyboards presents a complex security challenge.
Internet of Things (IoT) security startup Armis says its product lets enterprises see unmanaged devices in their network — IoT blind spots. Its agentless security platform integrates with existing IT infrastructure and gives businesses visibility into and management over any device, on or off the corporate network.
Armis’ founders are Israeli army veterans turned Silicon Valley tech leaders. They started the company in late 2015. Its headquartered are in Palo Alto, California, and it has an office in Tel Aviv. It emerged from stealth mode in June and has raised $17 million.
This startup emerged from stealth mode last month with more than $30 million in total funding. It spent the past two years refining its security analytics platform that uses machine learning and data science to automate the data analytics process.
Awake’s platform uses automation to capture and process data in a network. It leverages patterns, problem solving, and machine learning to build a data model designed to identify and track devices, users, and domains. Real people can then use a “human-friendly vocabulary” to investigate captured data. Results of that human interaction are then captured for use in future data processing and investigations.
Balbix’s breach-risk platform uses predictive analytics and AI to automatically measure breach risk and calculate resilience. Specialized sensors deployed across the enterprise continuously discover and monitor all devices, apps, and users across hundreds of attack methods and indicators of business impact.
Self-learning algorithms analyze this telemetry data and use it to build a risk model — a real-time, clickable, color-coded risk heat map of the enterprise. This map prioritizes mitigation projects by identifying the areas of highest risk and developing actionable insights.
The startup announced the general availability of its predictive breach-risk platform and $8.6 million in investor funding in June.
It leverages the technology’s inherent authentication functionality to assign digital IDs to users.
Converting user IDs to digital IDs has historically been a challenge for vendors of software-defined perimeter (SDP) security. It typically involves a third-party certification process, or an enterprise could set up its own certification system.
Using blockchain, however, simplifies the certification process of digital IDs used for security and eliminates the need for third-party certifiers.
IBM acquired Bricata CEO/President and co-founder John Trauth’s earlier startup, CyberTap Security, in 2013 for an undisclosed price. This experience, and the success of SourceFire, which Cisco acquired that same year for $2.7 billion, made Trauth realize the need for updated intrusion detection and prevention technology, he said. “This is a mature market space but it’s so ripe for breathing innovation into it with updated detection engine technology and infrastructure,” he said.
The company’s sensors — hardware and virtual appliances — integrate signature inspection, anomaly detection, and malware conviction engines, with all three engines sharing the workload and expanding the scope and accuracy of attacks.
“Combining those three different types of detection gives you an amazing amount of context and telemetry around a particular attack,” Trauth said. “It enables you to detect where the bad guy got in and where that malware is spreading. It also significantly decreases your time to detection and to detainment.”
Bricata launched in 2014 and announced it raised $8 million in Series A last week, bringing its total funding to about $10.5 million. Its customers include financial services and healthcare organizations.
This startup built enterprise network visibility software based on the Orwellian-named open-source code Bro. Its flagship product, Corelight Sensor, is used to investigate and prevent all manner of security threats including ransomware, denial of service, unauthorized access, misconfiguration, malware infection, insider threat, port scanning, advanced persistent threat (APT), and phishing or other mail-based attacks or incidents.
Computer scientist Vern Paxson, who started developing Bro more than 20 years ago, is Corelight’s chief scientist. Corelight CEO Greg Bell spent more than 15 years at Lawrence Berkeley National Lab — an early adopter of open-source Bro.
The company, which launched last month, is based in San Francisco and has raised almost $9.5 million.
Traditional firewalls provide security by permitting trusted IP addresses to access the network. But these can fail because hackers can fake IP addresses.
Edgewise takes a different approach — a zero-trust networking model — that secures data centers and hybrid cloud environments by using machine learning to validate the identity of applications, users, and hosts controlling the addresses.
Edgewise CEO Peter Smith, a former Infinio Systems VP, and Harry Sverdlove, previously the CTO of Carbon Black (formerly known as Bit9), founded the Burlington, Massachusetts-based company last year. Last month, the company emerged from stealth mode with $7 million in funding for its zero-trust network security technology.
Elastic Beam focuses solely on application programming interfaces (APIs), which 88 percent of enterprises use in their business. These represent a security risk because they make it easier for hackers to reach into business applications, systems, and databases.
The startup’s software detects and block attacks on APIs from hackers without credentials. It also prevents hackers from reconnecting after termination.
In addition to securing APIs, the product produces detailed reports on API activity for forensic or compliance reporting. And it uses decoy APIs to trap hackers.
Co-founders Bernard Harguindeguy and Uday Subbarayan brought the startup out of stealth mode in June. Harguindeguy is a former CEO of web security company GreenBorder, the first security company Google acquired in 2007. Subbarayan was a founder of API management startup Apigee, which Google acquired for $625 million in 2016.
Jask uses AI to monitor and secure networks. It focuses on predictive security, and aims to automate threat analytics in the enterprise security operations center.
CEO Greg Martin and fellow security veteran Damian Miller started the San Francisco-based company. The two worked together at ArcSight before HP bought the security software vendor for $1.5 billion in 2012. Martin also founded security company ThreatStream, which rebranded as Anomali last year.
The startup has raised $14.5 million to date.