SS8 brings law enforcement-style forensics to the enterprise
SS8 Networks Inc., a company whose clients until now have mainly been limited to telecommunications firms, intelligence agencies and law enforcement organizations, is bringing its breach detection technology to enterprises with a platform that uses a “time machine” approach to sniff out intrusions by comparing patterns to a vast database of past activity. The company is betting that its deep understanding of communications flows and years of experience tracking criminal suspects will give it a unique edge in pinpointing cyber criminals.
The company is tackling a new approach to security driven by the reality that attackers often lurk inside breached servers for a long time while slowly siphoning away valuable data. Verizon’s 2016 Data Breach Impact Report found that data breaches often go undetected for months and that virtually no organization of any size has evaded penetration so far. These new realities have caused many Chief Information Security Officers to reevaluate their approach to security and move toward a strategy of containment rather than prevention. “No one, including CISOs, can control threats to their organization — they can only be aware and be prepared for their arrival,” wrote Gartner Inc. in a recent report.
SS8’s approach is to scrutinize historical records and match them with current patterns in near-real-time. “We can look at packet patterns and apply analytics to create high-definition records that become the Cliff Notes of the communications,” said Faizel Lahkani, president of SS8. “That is the key ingredient in how we protect infrastructures.”
The SS8 BreachDetect is described as a “time machine” that generates and stores months or years’ worth of records from all communications flows. Those are analyzed continuously against past, current and future network activity to find unidentified breaches. Each client’s records are kept confidential, though SS8 will use “anonymized” data from multiple clients in some situations.
The technology uses a set of lightweight sensors to generate unique records. A learning analytics engine analyzes, learns and matches high-definition records data with user, device and threat intelligence information and points out patterns that have historical precedent in indicating a threat.
As Lakhani described it, “What if I could wind back the clock and use that knowledge against something that occurred months ago? It’s exactly the same model intelligence agencies use with terrorists.” As an example, he cited a computer that suddenly initiates long outgoing FTP sessions that break from its usual behavior. “It’s totally normal to get patches and upgrades, but when it starts sending files things become serious,” he said.
SS8 has raised $40.5 million in funding, led by Kleiner Perkins Caufield & Byers, Intel Capital Corp. and Goldman Sachs Group Inc. The company has been around since 1994 – and raised it last funding round in 2010, according to CrunchBase – but has been a quiet player due to its focused and secretive client base. SS8 claims to supply six of the world’s largest intelligence agencies with technologies to understand criminal activity from packet analysis.
The security analytics service will be delivered on a software-as-a-service model at $1,200 per 100 megabit-per-second traffic stream. Each month of stored history costs $400.
Image by Steve Jurvetson via Flickr CC
Since you’re here …
Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!
Support our mission: >>>>>> SUBSCRIBE NOW >>>>>> to our YouTube channel.
… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.