It’s a truism in the computer security world that the bad guys have gained the upper hand. Just think about all the major security breaches over the past few years for evidence.
The black hats’ victories have led doomsayers like FBI director James Comey’s to say that “There are two kinds of big companies in the United States. There are those who’ve been hacked … and those who don’t know they’ve been hacked.”
Those views have led to a major shift in the way experts think about security, according to Scott Chasin, co-founder and CEO of ProtectWise. His startup is based in Denver and has raised $17 million during the past two years and just recently emerged from stealth. Like many executives, he believes the days when software could keep hackers out of the network are gone, and now the mission is to catch them as quickly as possible once they’ve broken in and limit the damage.
“The whole industry has moved very dramatically away from detect and block to detect and respond,” Chasin said. “The reality we live in today is that the bad guys are always going to be one step ahead, so how many steps behind do you want to be?”
If industry analysts are right, the good guys are many, many steps behind. ProtectWise cites figures that say it takes an average of 205 days for an organization to realize it’s been hacked. In this situation, the first challenge for security companies is “really about closing the breach-detection window,” Chasin said. But without staff trained in forensic investigation and analysis, companies are hamstrung.
ProtectWise wants to fix that by making software that automates threat detection and analysis. The company has been developing cloud-based software it believes makes it easier for security pros to monitor their networks, detect threats, and respond to attacks before the damage spreads.
Chasin likens ProtectWise’s approach to creating a DVR that records all activity on a network. The startup’s software is always watching for attacks and keeps tabs on what’s happening, and customers can use it to replay what’s happened on their networks.
The DVR knows what to look for because ProtectWise also has made what it calls its “wisdom engine” that is continually updated with the latest threats. Together, they enable ProtectWise to offer real-time security that’s been enhanced by potential threats the startup has uncovered as it keeps going over its recordings in search of suspicious activity.
Tracking and recording network activity to spot breaches and threatening behavior isn’t a new idea. Companies specializing in security information and event management, or SIEM, include Boulder, CO-based LogRhythm, IBM, HP, Splunk, and McAfee. What makes ProtectWise unique is the way it uses the cloud to offer collective security while continually upgrading its database of threats, co-founder and CTO Gene Stevens said. When companies buy software to protect their networks, they’re usually on their own and it’s up to them to follow best practices and stay up to date.
Stevens said there’s more safety in numbers. Businesses usually don’t know what tactics hackers are using against other businesses, but if a group of hackers go after several customers at once, ProtectWise will notice. ProtectWise also will collect so much data and see so much activity it will be able to find threats faster than other companies, and when upgrades or warnings go out, everyone will get them, Stevens said.
Chasin said ProtectWise will retain “full-fidelity network traffic” much longer than competitors, eventually even for years. And he boasts about the user friendly visualizer his product offers, which does have a cool story—the interface was designed by a Hollywood professional who led design work on the recent “Tron” remake.
Moving security off premises and into the cloud might seem risky. The corporate world has grown accustomed to relying on third parties to keep sensitive files, e-mails, and customer data safe, but handing over a vital part of a company’s defenses to a startup is another thing.
Chasin said it’s an idea whose time has come.
“Most of the folks we’ve talked to understand they’ve got to come off the island and there’s safety in numbers. That’s a big part of our model,” Chasin said.
When ProtectWise makes its pitch, Chasin said potential customers understand the value of the advanced and automated threat detection and why they’d benefit. They also understand it is too costly and complicated for most companies to manage on their own. So they’re receptive of the idea, but that still means ProtectWise needs to prove itself.
The background of ProtectWise’s founders could help inspire confidence. Collectively, they have decades of experience in making Web-based applications for businesses and security software. Foremost is Chasin. In the 1990s, he co-founded and was chief technology officer of USA.Net, one of the first Web-based e-mail services. He also co-founded and was CTO of MX Logic, a Colorado-based “security as a service” company that made software that protected corporate e-mail and websites. McAfee bought MX Logic in 2009 for $140 million and Chasin became the CTO of McAfee’s content and cloud security unit, where he led McAfee’s push to offer more cloud-based and software-as-a-service security products.
That background and Chasin’s ideas also have helped with investors. ProtectWise has raised $17 million from Crosslink Capital, Trinity Ventures, Paladin Capital Group and Arsenal Venture Partners.