Startup Profile: Seculert Prioritizes Response Over Prevention - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud // Software as a Service
09:06 AM
Connect Directly

Startup Profile: Seculert Prioritizes Response Over Prevention

The cloud security newcomer Seculert aims to identify and validate data breaches to enable faster response and remediation.

Seculert's security service starts with the assumption that attackers have infiltrated your organization.

Rather than join the legion of products and services that seek to prevent intrusions, Seculert aims to detect and verify quickly that attackers inside your network are sending outbound communications. Organizations can then plug the holes and, presumably, limit damages.

The company's existence is a telling, and perhaps distressing, indictment of the state of enterprise security.

Seculert is a cloud service built on Amazon's AWS and S3 platforms. The service works by understanding how malware communicates with command-and-control systems and exfiltrates data.

Seculert collects threat intelligence from across the Internet, and it executes thousands of malware samples in sandboxes to see how the malware behaves and to identify the methods it uses to communicate.

Seculert claims it has more than 20 million profiles of unique threats.

Seculert combines this intelligence with customer log data to look for evidence that malware is actually present on the corporate network and sending communications.

[Join us at Interop Las Vegas for the hands-on workshop Go Hack Yourself: Offensive Security Tools for Enterprise Defenders.]

Customers send their outbound HTTP logs from firewalls and security proxies such as BlueCoat and Websense to Seculert for analysis.

CEO Dudi Matot says the company plans to add other protocols, but at present Seculert only analyzes HTTP logs.

Malware validation
Rather than flood customers with alerts and warnings, Matot says, the company aims to provide validated results. It combines automation and human analysis to determine if indications of malicious activity rise to the level of a live and active threat.

When potentially malicious activity reaches a certain threshold, the customer is alerted.

"Priority 1 is what we call malware that's on the network and exfiltrating data," Matot says. "The customer must take action. We call that 100% validated."

Seculert's alerts are limited to the information it gets from the HTTP logs. This information includes IP source and destination addresses, device type, time and date, the amount of data being sent, and other details.

There are a variety of security and operational products that analyze logs and other data sources to identify malicious activity. These include security information and event management (SIEM) products and network behavioral anomaly detectors. The knock against these systems is that they can overwhelm operators with information, and they sometimes require significant effort to investigate warnings.

Another class of products, data leak prevention (DLP) systems, are designed specifically to spot exfiltration of sensitive data. On the downside, rule sets and fingerprint databases must be consistently maintained and updated, and DLP systems can create false positives by flagging legitimate information sharing.

Seculert differentiates itself from all these products by correlating known malware behavior and communication techniques with actual customer traffic to identify suspicious activity, potentially providing a high degree of certainty that a response is required.

However, its use of only HTTP leaves it blind to other communication channels. And the company must stay abreast of new malware and changing communication paths to keep its information relevant.

Product: Seculert

Principals: Dudi Matot, co-founder and CEO; Aviv Raff, co-founder and CTO; Alex Milstein, co-founder and COO

DNA: Matot spent 10 years at Check Point Software Technologies. Raff helped establish the FraudAction Research Lab at RSA and was a senior security researcher at Finjan.

Founded: 2010

Funding: $15.9 million

Investors: YL Ventures, Norwest Venture Partners, Sequoia Capital

Headquarters: Petach Tikva, Israel; Santa Clara, Calif.

Early Customers: Undisclosed

Competition: SIEM and network behavioral anomaly products, data leak prevention systems

Pricing: Annual subscription that ranges from $50,000 to $500,000

Apply now for the 2015 InformationWeek Elite 100, which recognizes the most innovative users of technology to advance a company's business goals. Winners will be recognized at the InformationWeek Conference, April 27-28, 2015, at the Mandalay Bay in Las Vegas. Application period ends Jan. 16, 2015.

Drew is formerly editor of Network Computing and currently director of content and community for Interop. View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

10 Things Your Artificial Intelligence Initiative Needs to Succeed
Lisa Morgan, Freelance Writer,  4/20/2021
Tech Spending Climbs as Digital Business Initiatives Grow
Jessica Davis, Senior Editor, Enterprise Apps,  4/22/2021
Optimizing the CIO and CFO Relationship
Mary E. Shacklett, Technology commentator and President of Transworld Data,  4/13/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll