Rilevera Inc., a startup focused on automating cyberthreat detection rule management, today said it has raised $3 million in seed funding to tackle detection engineering, an under-appreciated cybersecurity task that the founders say is badly broken.

The company has built a centralized platform that enables security teams to create, test, deploy and monitor detection rules across their environments. It’s intended to address the growing complexity of managing detection rules, which often break due to constant changes in data and log formats.

Detection engineering is the discipline of creating, testing and maintaining rules that identify cyberthreats based on signals such as system logs, network activity and user behavior. Detection engineers are responsible for ensuring that rules remain accurate and effective as environments and threat tactics evolve.

“The problem we solve is kind of the foundational problem of cybersecurity,” said co-founder and Chief Executive Ethan Smart. “The core of cybersecurity operations is looking for threats, both the new ones that are emerging, but also the ones that have stacked up over time. Detection engineers are the silent hero of cybersecurity, but they’re under-tooled and over-relied on.”

Although detection rules are essential for identifying known attack behaviors, the underlying data they rely on changes frequently, Smart said. This causes rules to break or generate inaccurate results, creating operational risk and additional work for security teams. Rilevera uses artificial intelligence to validate rule performance, flag issues and recommend adjustments.

The platform provides version control, health monitoring and AI-assisted tuning. It also integrates with major security information and event management platforms from Datadog Inc., Sumo Logic Inc. and others, allowing detection rules to be managed centrally and deployed across disparate systems. Smart said Rilevera’s goal is to be a system of record for detection engineering workflows.

The company is addressing a widely recognized security problem, said Andy Hunn, partner at lead investor DataTribe Foundry LLC. Detection engineers “have a Sisyphean task of trying to figure out and understand hundreds or thousands of rules that are already in place,” he said, “and new rules are being created all the time.”

Rilevera was built with input from more 30 organizations, spanning the financial services, technology and insurance sectors. Early customers include a major U.S. cryptocurrency company and one of the country’s top five insurers. Smart said that in one deployment, Rilevera determined that only 5% of the customer’s 1,000 detection rules were working as intended.

“Each organization is its own unicorn because they have different types of data and logs,” he said. “Often these out-of-the-box rules are inefficient or broken.” The platform identifies broken rules and suggests resolutions.

The company plans to use the seed funding to expand its product development team, grow its integration ecosystem and support sales and marketing.

DataTribe’s invests exclusively in cybersecurity companies. It closed a $41 million fund earlier this year.

Image: SiliconANGLE/Google Whisk