RSA plans to purchase emerging vendor Fortscale to provide customers with new user entity and behavioral analytics (UEBA) capabilities through its RSA NetWitness SIEM platform.
The Bedford, Mass.-based security vendor said San Francisco-based startup Fortscale can deliver tremendous time to value, help customers with speed and velocity in their Security Operations Center (SOC), and provide channel partners with a new, add-on offering, according to RSA President Rohit Ghai.
"There's a great, great upsell opportunity for channel partners," Ghai told CRN. "Speed is a great competitive differentiator."
The RSA NetWitness customer base today enjoys fantastic visibility across their ecosystem but has been yearning for better insight so that they can prioritize based on the business context around the threat, Ghai said. Fortscale's UEBA capabilities should therefore provide channel partners with a strong upsell opportunity into the existing RSA NetWitness customer base, Ghai said.
The company has its own rule-based analytics inside RSA NetWitness today, Ghai said, and has been organically working on a cloud-based analytics strategy. But Fortscale stands apart from the pack with its quick time to value and specialization around user behavior, according to Ghai.
Traditional behavioral analytics offerings require knowledge of Hadoop and the need to stand up a huge data lake infrastructure, Ghai said. But Fortscale is a software-based appliance that can be stood up quickly and has none of those barriers to entry, according to Ghai.
Fortscale helps automatically identify deviations from normal user behaviors to uncover risky and previously hard-to-detect threats. By understanding behavior, RSA said Fortscale can highlight potential risks such as shared user credentials, privileged user account abuse, and geolocation and remote access anomalies.
Thanks to Fortscale's technology, companies can now find unknown threats hidden among the huge volume of security data without heavy installation, maintenance or analyst oversight. Fortscale is designed to provide fully automatic machine learning, reduce the need for organizations to have big data experts, and detect unknown threats such as compromised credentials, insider threats and data exfiltration.
Fortscale also can address malicious behavior in which exploits have received elevated permissions, as well as automatically learn behavior specific to the environment. Finally, RSA said Fortscale requires no customization, rule authoring or ongoing care, tuning, or rule creation or adjustment.
The acquisition will provide customers with embedded UEBA capabilities integrated into the company's SIEM platform. The new RSA NetWitness UEBA offering will directly address and overcome obstacles that stand-alone offerings have encountered due to their high cost and high-touch requirements, according to RSA.
Fortscale was founded in 2014 and employs between 51 and 200 people, according to LinkedIn. The company has raised $23 million in four rounds of outside funding, according to CrunchBase, with last year's $7 million round led by investment firms Valor Capital Group and Evolution Equity Partners.
Terms of the acquisition, which was unveiled Thursday, weren't disclosed. This is RSA's first acquisition since Ghai became president of the business in January 2017.
Ghai expects the acquisition to be complete following the RSA Conference, which is being held from April 16 to 20, and said the company will focus on enabling its own sales organization and channel partners around the Fortscale technology. Ghai encouraged partners to invest their time and energy into building competency around Fortscale.
Although integration efforts will start around RSA NetWitness, Ghai said RSA is looking into integrating Fortscale into the RSA SecurID identity and access management portfolio. RSA could feed secure data into Fortscale's analytics machine, with the company's risk assessment engine helping RSA SecurID improve its risk-based authentication capability.