System Two Security Inc., a startup helping companies detect cyberattacks more efficiently, today announced that it has raised $7 million in funding.

Costanoa Ventures led the round. It was joined by Runtime Ventures, The Hive, Webb Investment Network and several angel investors.

System Two was launched last year by Chief Executive Officer Robert Fly and Chief Technology Officer Prasanth Ganesan. Fry previously co-founded Elevate Security Inc., a venture-backed cybersecurity startup that Mimecast Inc. acquired in January. Ganesan is a former Symantec Corp. executive.

System Two offers a software platform that uses artificial intelligence to automate detection engineering. That’s the process of developing detections, code snippets tasked with spotting malicious activity in a company’s network. System Two says that its AI can in some cases create such scripts both faster and more accurately than humans.

Building a detection is a multistep process. First, developers have to identify the data source that the script should use to find threats. A detection tasked with spotting malicious network traffic, for example, may need to analyze network traffic logs from the company firewall. After connecting a data source, software teams must specify the breach indicators that the script should search for in the collected information.

Developers’ work is further complicated by the fact that detections have to be updated over time. When hackers change their tactics, a company must adapt its detections accordingly. Code changes are also necessary if a detection accidentally flags routine user activity as malicious.

System Two’s platform is designed to ease the workflow. According to the company, the platform is powered by AI models trained on cybersecurity datasets. Developers can upload technical information about a threat and have System Two’s AI models automatically generate a detection capable of spotting it.

The platform speeds up the task of creating detections for new malware strands. It’s also capable of generating more general-purpose scripts that monitor for breach tactics rather than specific files. A company could, for example, create a detection that spots malicious attempts to log into cloud applications.

In addition to generating new detections, System Two promises to help customers more easily maintain their existing ones.

Organizations occasionally replace the cybersecurity products that protect their infrastructure. When that happens, detections have to be moved over to the new product, which sometimes requires rewriting them in a new programming language. System Two says its platform can automatically translate detections into SIGMA, YARA, Python and other syntaxes commonly used for cybersecurity tasks. 

The platform also identifies technical issues in a company’s detections. It can, for example, point out if a detection fails to spot certain types of malware or overlaps with another script, which can cause technical issues.

System Two will use the proceeds from its new funding round to further expand the platform’s feature set and hire more employees.

Image: Unsplash