Solving Important IT Security Problems with the Preempt Behavioral Firewall

Posted by Ajit Sancheti on Jun 13, 2016 8:27:00 AM
Find me on:

“Being the founder of a startup is a very unnatural thing to do.”

Those were the words of a board member from my previous company. Most people would rather work in a more established company solving problems they deem challenging, without having to worry about customers, finances, employees, etc.

So, when we founded Preempt, a key requirement for us was to build something that was important and brought positive impact to enterprises. If we were to go through the process of doing something unnatural, it had to be worth it.

preempt-team.jpg

 

We identified three critical principles for Preempt:

  • Solve important customer problems
  • Build a transparent company culture
  • Whatever you do, do it with integrity

In reviewing IT security over the last few years, we saw that organizations have been more challenged with breaches even though they’ve invested in securing the perimeter. Hackers have shifted to weaknesses in the internal network. Unlike perimeter security, it’s hard to tell what is good or bad inside a network as organizations trust employees within the enterprise network —creating a need for more valuable solutions to identify network compromise.

Today, with more sophisticated solutions identifying insider threats and breaches, security administrators are often chasing volumes of incidents and alerts because their existing products aren’t automatically responding to threats and can’t confirm real threats.  Security vendors have failed to recognize that digesting these products are very difficult for most enterprises because of the shortage of security professionals. Coupled with the reality that you need trial, train and tune, enterprises have a hard time deploying new technologies to meet rapidly evolving threats.

Security analysts need to be more effective and quickly learn and gain insights from new technologies. Starting on Day 1. Great security solutions help security organizations throughout their lifecycle with Initial value, Ongoing value and Critical value.

For an effective breach and insider threat prevention solution, that would translate to:

  • Actionable visibility to improve security, even before a breach occurs (Initial & Ongoing value)
  • Continuous learning of user behavior & auto-validating incidents (Ongoing value)
  • Automated responses to breaches and suspicious activity (Critical Value)

To understand user behavior and how it changes, you need to characterize where/what/when/how users do things. This information is available from multiple products that customers have already deployed. The key is to increase the value of current deployments and to aggregate and enhance them with other data to better understand behavior, make insights richer and make this information actionable.

What's important, though, is to automatically update a user’s behavior as roles and jobs change. That is a hard problem to solve, especially if it is to be achieved without involving the security organization. By involving the end user through multiple actions, identity can be confirmed and behavioral profiles updated. Done effectively, it is then possible to take action when suspicious behavior occurs.

Timing is also important. Convincing security teams to deploy a solution that took automatic action even two years ago would have been difficult.  Organizations had less security products and there were fewer breaches. As breaches have increased, so have the alerts being generated. Monitoring and responding to these threats is difficult for even the most sophisticated enterprises. As a result, there is now an appetite for solutions that can take action.  Enterprises are willing to err on the side of caution so that they don’t become the next headline.  Solutions that can take automated action will be the norm in the future.

And finally, there is visibility, which is becoming as important as identifying breaches themselves. So much goes on within enterprise networks that security teams have a hard time keeping up with changes that can impact security. Visibility helps security teams prioritize time and resources as projects, users, privileged users, role change, or even which servers are not being used and could become the target of a breach. Providing visibility – continuously – is something that enterprises are going to demand, as that visibility can help avoid breaches by keeping the network secure.

So what does that mean for Preempt? Today we announced the industry’s first Behavioral Firewall, integrating User Behavior and Adaptive Response. We believe User Behavior is just the starting point. Adaptive response and enforcement is where Enterprises are headed.

Moving forward, we will create other solutions that solve key security problems for our customers. It won’t be long before we allow our customers to use its capabilities to improve the efficacy of many of their currently deployed passive security solutions and reduce overall risk. Then we have ideas on how to include employees into the security fabric of the organization so they will no longer be the weak link. Ultimately, if we succeed in what we do, enterprises will be able to deploy security solutions that are both effective and manageable, regardless of the size of the organization.

As we embark on this journey, we will remain steadfast to our founding principles. We will continue to focus on solving big and important problems for our customers while ensuring that whatever we do, meets our standards of transparency and integrity.

Ajit Sancheti
CEO, Co-Founder of Preempt

Topics: Threat Mitigation, User Behavior, CISO, Behavioral Firewall, Adaptive Response