As cybersecurity sentiment increasingly shifts from prevention to containment, another startup has raised venture capital for an enterprise-focused platform that applies analytics to threat detection.

The Real-Time Network Threat Detection Platform appliance from Cyber adAPT, Inc. passively observes network traffic at line rate speeds up to 40Gb/sec and look for malicious activity – both malware and human-driven – using deep packet inspection. Anomalous patterns are correlated with data from threat feeds to identify possible intrusions early and reduce false positives. A partnership with Tripwire, Inc. accelerates behavior detection, and Cyber adAPT is also working with iScan Online, Inc. to estimate the cost of a breach in order to better target response strategies.

The company also announced that it has raised a $4 million Series A round from Alvin Fund, Granite Point Capital Partners, Griffin Fund II, and Fundamental Capital Management, LLC Cyber. It’s banking on the increasing awareness by enterprise IT that their networks have already been penetrated and that minimizing damage is a more realistic strategy than preventing break-ins.

The average intruder remains undetected inside a network for more than 200 days, said CEO Kirsten Bay, president and CEO. Attackers may lurk and study a victim for months before launching an attack. They leave footprints during that process that can tip off security pros before trouble starts. “We’re using the next stage of predictive analytics to predict intruder’s moves and more fundamentally to understand when they’re inside the network,” Bay said.

Unlike competing intrusion detection systems that sandbox the perimeter of the network and look only at packets passing through, the basic Cyber adAPT appliance detects anomalous behavior inside the network to expose blind spots that are otherwise undetectable, the company said. An enhanced platform called Cyber adAPT+, which is expected to be released in the fall, captures and stores metadata about network traffic for later forensic analysis.

By capturing metadata instead of full packets, the technology is able to achieve “massive data reduction,” said Devin Jones, vice president of product management. “Having full-packet capture is nice, but when you’re running 24X7, you create a very, very long history,” he said. In contrast, Cyber adAPT’s approach enables customers to capture data for much longer periods of time, which is useful in forensics.

Cyber adAPT has three customers in test right now. It’s currently targeting energy, financial, retail and  healthcare markets, but expects to broaden its focus. Entry-level pricing is $50,000, but the average enterprise can expect to spend about $250,000 for a full installation, Bay said. There’s also an on-premise subscription model starting at $9,000 a month.
Photo by Lucica via Pixabay