SIEM startup RunReveal reels in $2.5M to reduce cybersecurity false positives
Cybersecurity startup RunReveal Inc. today launched its first product into general availability and disclosed the completion of a $2.5 million seed round.
Costanoa Ventures led the investment. According to RunReveal, the capital will help finance hiring initiatives and the development of additional products.
RunReveal offers a SIEM, or security information and event management, platform that can sift through the telemetry generated by a company’s infrastructure to find breach indicators. It’s positioned as a simpler alternative to the established SIEM products on the market. RunReveal says that the platform eases cybersecurity teams’ work by reducing the number of false positives they must process.
In cybersecurity, false positives occur when a breach detection tool flags a benign event as malicious. At some companies, there can be hundreds of such erroneous alerts per day, which makes it more difficult to spot real breaches. The need to filter false positives also creates a significant amount of work for cybersecurity teams.
According to RunReveal, its SIEM includes a feature called correlated alerting that addresses the challenge. It reduces false positives by taking multiple data points into account to determine if a suspicious event might be malicious.
In a traditional SIEM, a user action can be flagged as malicious even if there’s only one unusual detail about it. A login request, for example, might trigger an alert if it’s sent at an unusual time of day but otherwise doesn’t diverge from normal user activity patterns. This low alerting threshold is one reason some cybersecurity tools generate a significant number of false positives.
RunReveal’s SIEM platform correlates multiple events across multiple applications. For example, a login request sent at an unusual time of day might only trigger an alert if it was also made from an unknown device. Events that diverge from usual activity patterns to a lesser extent are logged as well, but they’re lumped into a single daily notification to avoid creating a large number of false positives.
“We enable security teams to respond faster by collecting and instantly correlating suspicious activity across all of their cloud and SaaS tools,” said RunReveal co-founder and Chief Executive Officer Evan Johnson.
RunReveal provides a custom query language that administrators can use to investigate the potential breaches its SIEM platform detects. PQL, as the syntax is called, makes it possible to retrieve data about a cyberattack from the affected systems and run analyses. RunReveal says that carrying out complex computations on cybersecurity data is easier with PQL than using the more widespread SQL syntax.
RunReveal’s SIEM platform also provides a number of other productivity features for cybersecurity teams. According to the company, a speed-optimized search engine enables users to surface large amounts of breach data in under a second. Built-in data visualization features make it possible to turn technical information into more easily understandable graphs.
“We see RunReveal as opening new avenues in the SIEM market, with companies requiring pragmatic approaches to the latest security threats,” said Costanoa Ventures partner John Cowgill. “For too many companies, existing SIEM products are too expensive, too difficult to implement and too hard to use.”
Image: RunReveal
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU