A new security startup co-founded by former HBGary CEO Greg Hoglund emerged from stealth today with a security-as-a-service based endpoint threat detection and incident response tool that operates without a software agent on the client machine.
Outlier Security's new Agentless Endpoint Threat Detection and Response (ETDR) offering builds on Hoglund's previous experience and work in endpoint forensic investigation. "The endpoint is a treasure trove of forensic evidence... It has all this evidence of what's really going on," says Hoglund, CEO of Outlier. "But there's been this gap where once you have an event, you need to go to the end node and do an investigation to validate that event. That's being done manually and it doesn't scale. Things are being missed, and there are a large number of false positives."
Hoglund says the idea behind Outlier's endpoint offering is to automate much of that filtering and analysis via an algorithm-based system. "We automate the best practices during the first response phase and collect data."
But one of the more unique features of the offering is that it's agentless, meaning no software has to run on the endpoint itself, security experts say. Agent-based analysis is more expensive to operate, as well as heavy on the endpoint -- but it also provides a fairly thorough record of attack information.
Hoglund maintains that the advantage of a more automated and streamlined approach without all of the false-positive analysis outweighs storing a full recording of every event that transpires on the endpoint.
Rick Holland, principal analyst with Forrester, says most of his corporate clients today don't have good visibility into what's occurring at the endpoint. "This is going to give you more visibility and context," he says of the SaaS-based endpoint approach. "But you need across-the-board visibility" in the network as well.
Holland sees Outlier fitting into a similar market as Carbon Black and CrowdStrike for detection and response services.
Meanwhile, Hoglund says his experience at HBGary in investigating advanced persistent threat attacks, rootkits, and advanced malware influenced the Outlier Security offering. "What we're doing here is automating a lot of that knowledge" of how attackers operate, he says.