A new crop of emerging advanced security analytics vendors are promising to exceed security and information event management platforms and provide the visibility and context that incident responders need to investigate the riskiest threats to the network.
Framingham, Mass.-based Prelert is selling an analytics platform that can correlate information from a variety of systems and ties to Hadoop, Splunk and other data stores to uncover anomalies that could signal a serious threat. The company is expected to reveal a second round of investment funding this week to expand its engineering and field sales teams.
Prelert is recruiting partners that have professional services capabilities and managed security services providers looking to bolster their threat detection capabilities. About half of the company's sales are tied to its Splunk integration, where one-third of its customers use it to churn through gobs of machine-generated data and provide what potentially would be tens of thousands of security alerts to a handful for investigators. It also can pull in data from legacy SIEM systems to reduce alerts to a manageable level.
The company has 110 implementations and executives told CRN that they are looking to build out their partner base to gain traction in the U.S. market. In addition to being a native application on Splunk, the company has an application program interface that can be used by cloud service providers or SaaS security vendors, which can embed the engine into their security services. Alert Logic uses Prelert's analytics engine in its SaaS-based offering. Buyers are either the security architect or the chief security officers within the organization or the operations group, which uses it for application availability, the company said.
Prelert is in a race against other emerging security analytics companies, namely Scuronix, 21CT, Bay Dynamics, Fortscale, and Narus, a subsidiary of Boeing, said David Monahan, a research director at Boulder, Colo.-based Enterprise Management Associates.
"They're doing data mining; they will sit on top of that log repository and chew the data up," Monahan said. "The more systems you have to throw data into it, the greater value you are going to get out of it."
The market for more powerful security analytics is growing in financial services where large banks scour outbound data to uncover potential breach activity. The long line of retail data breaches and news about targeted attacks have prompted increased security spending, leading organizations in multiple sectors to evaluate security analytics platforms, Monahan said. Defense industry giants also use the technology because some of the more powerful platforms can churn through terabytes of data and examine millions of data points a minute. The market for the technology is only about three years old, he said.
It can take years to build out expertise and hire people who can review security data and pull relevant information out of a massive number of events, said Dan Wilson, co-founder and executive vice president of partner solutions at Accuvant, in a recent interview with CRN at the annual Intel Security Focus conference, Security analytics was a big discussion at the conference among managed security service providers with strong security and incident response practices.
"Managed services is becoming a huge opportunity because more and more someone is buying a next-generation firewall solution but they don't have the budget to get the people to go and manage it," Wilson said. "In the past clients would come and say this is exactly what we need, but now there's all this noise and different threats and they need to take a step back and assess what is in place. It's a great opportunity for the channel but it takes a great deal of understanding of the business and strong and experienced people."
NEXT: RSA, Blue Coat Building Out Security Analytics Platforms