In the Star Trek episode, The City on The Edge of Forever, Spock found himself in a primitive setting with the task of building a radio to contact the Enterprise.
Edith Keeler came in and saw Spock and asked him what he was doing. Spock sarcastically answered, “I am endeavoring, ma’am, to construct a mnemonic memory circuit using stone knives and bearskins.”
The normally emotionless Spock was clearly frustrated with working with tools that weren’t designed to solve the problem he was facing.
I’m sure security professionals today face the same level of frustration. It’s been well documented on this site and other publications that we are rushing headlong into the digital business era. However, security professionals are working with tools designed for an era long gone. Traditional security devices do a great job of protecting the perimeter of the business, but they don’t help protect against insider attacks, persistent threats or any of the challenges associated with security a digital organization.
One of the biggest challenges with legacy security tools is that they are designed to operate in isolation, which is why the 2015 ZK Research Security Survey found that enterprises had an average of 32 security vendors. In our opinion, that is far too many many security islands, and adding more isn’t the right answer. (I’ve never had a CSO tell me that when they add vendor 33 they’ll feel more secure.) Clearly adding more vendors and creating more islands isn’t the answer.
Solving Security Challenges in the Digital Era
This week Seceon, a start-up based in Westford, Massachusetts, launched a product aimed at solving the security challenges of the digital era. The company’s Open Threat Management Platform uses a combination of machine learning, behavioral analytics and intelligent data collection to provide enterprises with a complete solution that promises to see threats, prioritize alerts, predict insider attacks and contain and eliminate attacks in real time.
Given the difficulty in doing any one of those things, Seceon is talking a big game by claiming to do everything from threat identification to remediation. However, after a pre-briefing with the company, it appears the company can indeed walk the walk and talk the talk.
Seceon’s solution detects threats in motion by collecting data and looking for anomalies that could indicate malicious activity. The product collects and correlates information from a wide variety of sources, such as network flows, DHCP and DNS logs, security devices and other devices. The log sources include a wide variety of devices, such as servers, applications, directories, virtual machines, routers, switches, directories, firewalls, and security information and event management solutions (SIEMs).
The solution then uses a mix of machine learning procedures to set a baseline for human and machine behavior to detect and predict unusual activity. Those baselines are the inputs into a set of threat detection models and are further correlated with other data to determine and validate the types of threats, as well as the sources and possible targets. Each possible threat is assigned a risk value that is constantly updated as the environment changes and the threat evolves.
Once the threat is identified, Seceon also recommends how to remediate the problem with options to isolate the source, redirect it or rate limit it for DDoS attacks. It’s important to note that Seceon isn’t looking to replace existing security tools. Rather, it complements security devices such as SIEMs and firewalls by using them as inputs into Seceon’s Open Threat Management Platform. It also then provides information back to SIEMs, which can track and record what was detected for compliance and audit purposes.
There are two big benefits to this type of solution: automation and visibility. I’ve stated over and over that it’s impossible to secure what can’t be seen. Visibility is necessary to find insider threats, and Seceon provides a full view of the entire environment.
The automated capabilities of the system mean no manual rules to update or human intervention required. Given the speed of networks and how fast threats propagate, automation is necessary to secure a digital enterprise.
As part of the announcement, Seceon did something few start-ups do at time of launch: announce real customers—SeaChange International, a multi-screen video service provider, and Plexxi, one of the leading cloud networking vendors. With start-ups, sometimes its difficult to distinguish between vision and reality, but the two announced customers are a good indicator that Seceon can deliver on its big promises.
Spock eventually succeeded in building a radio transmitter with the primitive tools he had and saved the Enterprise crew. If your organization has an IT staff full of Vulcans, you can probably get by using legacy security tools—although you’ll have a staff full of grumpy Vulcans. However, in lieu of that kind of engineering talent, it’s worthwhile to invest in security solutions that were built for the digital era.