With advanced attacks increasing in sophistication and frequency, organizations are investing in different types of security technologies and implementing specific control to block threats. One area that is getting a lot of attention right now is security analytics, as enterprise defenders sift through all the data at their disposal to detect issues before they become incidents, and to identify attacks before they cause any damage.
Security analytics is the “most critical and strategic” segment of the cybersecurity market, says Marc van Zadelhoff, CEO of security analytics startup Devo Technology.
Organizations always want visibility to what’s happening across three areas: Am I getting hacked? Are our insiders doing something untoward? Am I in compliance? While the questions can be technology-specific, such whether the organization’s cloud environment is getting hacked or the risks associated with software-as-a-service offerings, the driving focus behind security analytics continues to be getting better visibility over the organization’s environment.
For the large retailer sifting through 60-70 terabytes of data each day to identify bots that may be buying up all the inventory on the e-commerce platform, the security analytics tool needs to be able to handle large volumes of data. For the financial institution ingesting 15 terabytes a day of credit card transactions to find instances of credit card fraud needs analytics to be fast. When law enforcement officials call and provide specific indicators being used by a threat actor, security teams need to be able to search as far back as possible – not just 30 days’ worth -- to uncover the malicious activities. An organization worried about compliance with the European Union’s General Data Protection Regulation (GDPR) needs to be able to tell when an American entity is using European data in a way that puts the organization out of compliance.
It is against this backdrop that Devo Technology, a startup focused on log management and cybersecurity, closed $250 million in Series E funding last week. The latest round of funding values Devo at $1.5 billion, placing it solidly in the select group of cybersecurity unicorns and bringing a potential IPO within reach in the next two years, says van Zadelhoff.
Devo provides “cloud-native logging and security analytics,” meaning it compiles log files from all systems and applications in the organization’s environment into a central repository. Van Zadelhoff likens Devo to having a “AI-backed video cameras in the corner” that is looking at all the data from all the devices, endpoints, Internet of Things, point-of-sale systems, enterprise applications, and pretty much everything that in the organization’s infrastructure. The analytics engine apply machine learning algorithms and artificial intelligence technology to correlate the data to identify patterns and uncover relationships. The data is kept in its native format to give analysts flexibility on the kind of queries to perform and for compliance reasons.
AI is necessary because it isn't possible for human analysts to come up with every single rule to cover all possible patterns and potential relationships, van Zadelhoff says.
Devo’s focus is on giving analysts the ability to query large sets of data and returning the results as fast as possible. The analysts have a point-and-click user interface that lets them build sophisticated queries against petabytes of data. Devo can also store 400 days’ worth of data, making it possible to query the data to perform year-over-year comparisons.
“You need your cyber analytics to be fast,” van Zadelhoff says. “A security operations center works when you can do query and have instant results on petabytes of data.”
The entire planet is pointing towards needing to ingest more data, with data flowing from Internet of Things, mobile devices, point-of-sale systems, enterprise applications, operational technology, and many others. It gets extremely expensive – both in terms of price and computational load – to move this amount of data into on-premises analytics platforms, van Zadelhoff says. The fact that Devo is able to ingest the data and perform queries as a cloud-native applications gives Devo an edge over traditional on-premises security analytics tools, he says.
Van Zadelhoff said it plans to use the funding to expand the core platform with innovative capabilities, develop technology alliances and community, expand into new geographic markets and new verticals, and fund mergers and acquisitions. Building the community will allow customers to add on new technologies and capabilities on top of the core platform.
“I don’t want to start adding a whole bunch of more capabilities on top of it,” van Zadelhoff says. “We’re going to keep inventing on the core engine.”
Devo is the “proverbial dashboard of dashboards” in the security operations center, van Zadelhoff says. Analysts look at Devo and run queries to understand what is going on during a crisis, or to avert a crisis. “It plays a marquee, center-stage, heartbeat kind of role,” he says.