Things That Were Impossible
On Our Investment in ProtectWise
Security is a nasty business. Brilliant security researchers have told me, with a straight face, that the asymmetric nature of cybersecurity makes it an unsolvable problem. There will always be more attackers than defenders; attackers are hidden while their targets are highly public; threats can evolve incredibly quickly while defensive solutions are static by nature.
This massive, evolving problem has spawned several generations of companies. In the 90s attackers took advantage of companies and households coming online for the first time, while vendors hawked signature-based endpoint solutions, in-line filters and firewalls. A second wave of companies like Palo Alto Networks and FireEye launched to protect against specific threat vectors and attack types. These companies built large, important businesses, and are a growing part of any mature enterprise’s security stack. In the meantime, first-wave behemoths Symantec and McAfee acquired point-solution startups to fill out their product portfolios and to have more to sell to desperate customers. But none of this has been enough to withstand the growing threats of organized for-profit hacking, state-based actors and sophisticated botnets.
Attacks are becoming more sophisticated, multi-faceted and persistent. A payload may arrive piecemeal over many months and channels, assembling itself and revealing malicious intent only in a target-rich environment. These threats are distributed over time, space and people: no first or second-gen solution stands a chance. But by happy coincidence, the rise of persistent, distributed and multi-vector threats is accompanied by the growth of a new tool at a defender’s disposal.
The public cloud, personified in AWS S3 and EC2, is table stakes in traditional application architecture. The last five years of startups have built their companies on the convenience and elasticity (and lack of up-front capex) of the public cloud. But few in the security world have taken advantage of the nearly infinite scale that these services offer. Scott Chasin, cofounder and CEO of ProtectWise, is a pioneer in cloud-based security solutions — ProtectWise is his third cloud security startup. He and his cofounder Gene Stevens realized that you could now do things that were impossible before the dawn of the public cloud, and that stand to challenge the asymmetry of cybersecurity. Here are a few of those things:
First, the ProtectWise solution captures and streams your entire network’s packet traffic (after plenty of deduping and optimization) to the cloud. Petabytes and petabytes of data are stored for analysis, both now and in the future should an exploit be discovered. This solution, affectionately dubbed “network DVR,” enables insights as far back as you care to look. It also accelerates audit and remediation following an attack, as analysts will never again have to wonder what systems were touched or what data were exfiltrated.
Second, elastic compute allows the team to focus tremendous processing power when it’s needed most. The dream of a real-time correlation engine comes to life at ProtectWise where objects and session data are investigated with the context of historical traffic. The solution can piece together an attack unfolding across months, identifying every vector and component, alerting an analyst only after a threshold of certainty has been reached. That’s how ProtectWise can generate just a handful of immediately actionable alerts per day at large pilot customers, while catching more than standalone virtual execution solutions.
Finally, the economies of scale make it practical to provide real-time visibility into network traffic and threat activity. ProtectWise has invested in world-class designers to build a powerful heads-up display (HUD), which empower human analysts in an incredibly tangible way. Where other security solutions provide lip service to UI, ProtectWise levers up a good security analyst with a spectacularly rich and actionable interface, scaling their influence across an organization.
Scott and Gene have assembled a dream team of both security and scaled distributed systems experts. It is this incredible team that is applying the unique attributes of the public cloud to turn the tide on advanced, persistent cybersecurity threats. By combining best-of-breed analytics, massive scale advantages and a well-considered UI that makes the most of human analysts, victory is no longer impossible — it’s inevitable.