Startup SecurityDo, Founded By Former McAfee Execs, Uses Big Data To Combat Sophisticated Attacks

SecurityDo, a tiny startup that made it to the finals of the RSA security conference's Innovation Sandbox Contest last month, claims it has come up with a unique way to combat sophisticated attacks on enterprise networks.

SecurityDo's flagship product, called Fluency, is designed to augment traditional security incident and event management technology (SIEM) systems, which rely on logs and event data.

Fluency goes beyond SIEMs to include "metaflow data," which combines flow data from network devices with information about application-level protocols, URLs and user names, among other sources, Chris Jordan, CEO and co-founder of SecurityDo, told CRN in an interview this week.

[Related: RSA 2015: What Do We Do About Internet Of Things Security?]

Sponsored post

Combining all of these data sources lets Fluency provide a better view of the structure of attacks than traditional signature-based technologies can deliver, which helps security response teams to react more quickly to breaches, and keep track of them over time, Jordan said.

Fluency consists of a hardware appliance installed in the customer's data center that gathers flow data, and a server in a private or public cloud that users log into to work with the data that's collected.

While Fluency can detect breaches, Jordan said that's not its primary function. It's geared toward helping security professionals respond to, and keep track of, Advanced Persistent Threats, which involve multiple hidden attack techniques and typically happen over an extended period of time.

"Fluency allows a [security] analyst to ask a question and get a response. It changes the way they interact with data, and they discover more because of the capacity and density," Jordan said.

After a security breach is detected and resolved, Fluency continues to track infected machines to make sure the breach doesn't get reactivated, according to Jordan.

"Once we find a problem, we can tag and track it so we can keep pace with future activity," Jordan said. "If we have only part of the attack, we can fill in gaps from the flow data. We can stay ahead of the APT by knowing all the attributes."

SecurityDo Fluency is 2,000 times faster than a traditional relational database and 160 times faster than a NoSQL database, Jordan said. The extra speed means Fluency can analyze a set of 20,000 malicious IP addresses in under a minute, something that would take days using the SIEM solutions currently on the market, he said.

"We're not replacing infrastructure the client has already but enhancing the information clients have that sits there not being used. We can take that information and make it useful," he said.

Jordan and CTO Kun Luo co-founded SecurityDo in 2013, and the startup came out of stealth mode last August. They first started working together at Endeavor Security, a company Jordan founded in 2003 and sold to McAfee in 2009, and then spent three years at McAfee working on the vendor's Network Threat Response (NTR) product.

Jordan said SecurityDo's initial target market is managed security service providers. Fluency was designed to scale to large numbers of users and also includes multitenancy, which makes it a good fit for the MSP market, he said.

SecurityDo has received an unspecified amount of seed investment funding from Lumenate, a Dallas-based solution provider and MSP that also works closely with McAfee.

Lumenate decided to invest in SecurityDo because its technology addresses the problem of network breaches in the enterprise at an economical price point, David DeYoung, vice president of business development at Lumenate, told CRN.

Since investing, Lumenate has seen a significant uptick in its services business, DeYoung said, adding that Lumenate also uses Fluency in the managed security services it sells to customers.

Though SecurityDo didn't win the RSA Innovation Sandbox Contest, its booth at the event was jam-packed with conference attendees when CRN visited, suggesting there's plenty of market interest in the Fluency product.

For now, Jordan said SecurityDo is working with Lumenate's sales force to pursue licensing and integration opportunities for Fluency, which he said is ideal for "OEM-type deals."