When it comes to detecting threats to your IT infrastructure, sometimes security systems can be too good.
In large companies especially, the plethora of security alerts coming in can overload staff, who have to try and triage their way through reams of alerts that may or may not signal a major emergency.
As much as IT security is a matter of shoring up defences and hardening systems to keep snoopers out, Eran Barak, CEO of security startup Hexadite, believes it is even more a matter of big data.
"No one can possibly go through the log files that record intrusion attempts and figure out what they mean in the context of an attack," Barak said. "Security today is very much a big data play not only because of the volume of data that must be checked, but because of the sophistication of attacks."
Malware can sit around for months before it is activated, and the chances of tracking it down under those circumstances — where a file is surreptitiously installed onto a system but doesn't do anything — are extremely low, because administrators don't even know what they are looking at, Barak said.
And the problem is widespread in enterprise — even endemic. Other vendors products "are fine, but they require a great deal of knowledge and patience, because operators have to go through extensive log information to figure out what alerts get top priority", Barak said. "By the time the staff figures out what is going on, the attack could be at full force."
In the past several weeks since Hexadite came out of stealth mode, the company has been inundated with inquiries by customers who are overwhelmed with remediation tasks. "We already have several large customers in the US and Europe, and more are signing up all the time," Barak said. "We're obviously fulfilling an important need."
For all the talk about how security technology has become very sophisticated, the vast majority of applications and services concentrate on detection. Of course, you can't solve a problem unless you know it's there, but once a problem is identified it needs to be dealt with — and there are significantly fewer solutions around to do that, none of them automated.
Hexadite aims to bring that automation to corporate IT environments — and Barak believes the system is robust enough to allow administrators to rely on that automation to protect their environments. Hexadite comes with a pre-defined library of alerts and behaviours that look at all actionable information from the network and endpoints to gain a holistic view of what’s really happening.
The system's analysis is built on algorithms that took years to develop, Barak said, that takes into consideration the minutiae of detail in a system, evaluating files, network connections, internet traffic, processes, and anything else going on — looking for the anomalies that can mean that a system has been compromised. Hexadite, Barak said, is intelligent enough to ferret out false alarms and network 'static'.
"In one afternoon we can review with a client their setup, taking into account their hardware and software, and install a customised version of Hexadite," Barak said. "Once installed, the system will eliminate rogue processes, prevent unwanted network or internet connections, or take any other step necessary to protect the system. All this can be done without intervention by a human being." The system also has a semi-automatic mode, which gives operators more control over responses.
In essence, Hexadite represents the 'outsourcing' of IT security — to machines. Are corporations ready to give up control of perhaps their most sensitive technology infrastructure?
Barak believes so. "As systems get more complicated and threats become more frequent, companies will have an ever harder time keeping up with cyber-security," he said.
"Many people that I've spoken to in the IT industry say that there's no reason why cyber-security, today one of the most manual work-intense areas in IT, won't follow other areas services and technologies that are now being done more cheaply because of cloud and automation."
Hexadite is also working on a cloud-based product for mid-sized and small businesses, Barak said.
Hexadite's $2.5m seed funding round was led by San Francisco-based YL Ventures, with participation by former Microsoft corporate VP Moshe Lichtman. Barak and his partners, Idan Levin and Barak Klinghofer, are veterans of companies such as Elbit and Comsec — as well as of the IDF's famous Unit 8200, which develops security solutions for the Israeli army.
"Hexadite creates a paradigm shift in the cybersecurity incident response market by automating and vastly accelerating previously manual processes," said Yoav Leitersdorf, managing partner for YL Ventures.
"Reducing complexity by intelligently automating incident response and implementing best practices across enterprises in a continuous manner is the only way we can combat the ever increasing volume and complexity of cyber threats."