In spite of tremendous progress in threat detection technology, breaches continue to happen. In fact, the average time an attacker has on the network before he is detected is still well over 200 days. And that in spite of investment of hundreds of thousands of dollars on systems (like ArcSight, Splunk, QRadar and numerous others) that can collect, store and analyze security data.
Compared to 15 years ago, data and compute power is no longer the bottleneck. Intelligence has become the long pole. SIM solutions are not smart enough compared to security analysts. It does not take a lot of sophistication to evade detection. As a result, the burden of threat detection falls a lot on shoulders on Security Analysts – who have to triage and investigate alerts – to make sure they are responding to biggest threats to their enterprises. However, security analysts are simply not fast enough. They can barely investigate even 1% of all the data in depth. The rest of it is left to SIM solutions that are no where as intelligent.
Our mission is to create a much more intelligent threat detection system by leveraging Security Analysts better. By capturing and automating their intelligence, we can bring to bear real security intelligence that can scale to billions of events every day. – less