This Israeli-American company tackles security threats from the inside out and just raised a pre-Series B round of funding
Behavior analytical security company Fortscale has announced an inter-round raise that has brought the company to a total of $16 million. Participating in the mini round were UST Global and CME Ventures, marking the Chicago group’s first investment to date in Israel.
“We are very proud that we are their first investment in Israel,” CEO Idan Tendler tells Geektime. “We provide them all the things that they were looking for in a solid investment combining machine learning, security, and big data all in one company.”
Series A investors Intel Capital and Blumberg Capital also joined in to raise the undisclosed sum that the company has called “a couple million” ahead of their Series B that they hope to have by mid summer 2016.
The company was co-founded in September 2012 by Tendler and COO Dr. Yona Hollander. With headquarters in the San Francisco Bay Area, Fortscale maintains an R&D facility in Tel Aviv.
Working primarily with the American enterprise market, the company says that they are monitoring 500,000 users globally for dozens of clients.
Keep your enemies close – and your users closer
Looking back through some of the major data thefts of the past few years, a shocking number have been carried out not by hackers breaking past the exterior defenses, but by insiders overstepping their bounds to steal sensitive material.
When Edward Snowden (in)famously copied the notorious dump of sensitive documents, he gained access by simply asking his network administrator friends for their usernames and passwords, accomplishing a feat that no hacker from the outside could have dreamed of ever achieving.
At Fortscale, they have developed a product that lets enterprises track their own users for suspicious behavior, letting them catch malicious attacks before they can cause real damage. The team claims to be one of the first movers in the field of User Behavior Analytics (UBA).
Tendler explains that he had started out looking to develop an analytics system that could leverage log repositories and use machine learning to provide security teams with valuable insights. However CSOs told him that they needed a solution for “tracking users, our own employees, since users have become the biggest threat to the enterprise and there is severe lack of visibility into user behavior.”
What emerged was a Hadoop-based platform that uses an independent machine learning framework that is installed on site to study user behavior. As the system gets to know users, it begins to understand which actions are normal for the user’s profile, and then identify actions that fall outside of those lines that could indicate a security breach. The algorithm looks at factors such as which machines and apps are being used, what times they are being accessed, and other elements to find abnormalities in behavior.
They recently released their latest version with Fortscale 2.0, saying that it has improved profiling accuracy. It creates risk scores that can differentiate between abnormal behaviors from a user while looking across similar users for the same types of actions.
Tendler gives the example of a program manager who opens an application he has never accessed before, generating a high risk score and alerting the security team to launch an investigation. However, their system is smart enough to check if all users access this app once a year. It understands that this action still falls in the “normal” category and cuts down on false positives, where cutting through the noise can be a challenge.
My take on how it stacks up to the competition
There has been a bit of a misperception in recent years regarding many of the more publicized hacks of big names like Target, the Office of Personnel Management, and Ashley Madison. In all of these cases, it has been proven or strongly suspected that the attackers either used their own log-ins or used another’s compromised credentials to enter into the system. In fact, Tendler says that malicious employees make up 80% of their cases, with only 20% being hackers who have stolen a user’s credentials. These cases all highlight that the biggest threats come from the internal users, and the need to take a new approach to protecting valuable assets.
Competing with Fortscale are big players like Palantir and Securonix with their big data capabilities. There are also the in-house security teams that are doing this work themselves without the help of more sophisticated platforms that can offer more insights.
The UBA field is likely to continue to grow and Fortscale is posed to stay at the forefront of their industry. Their team brings a winning combination of machine learning and an intelligent approach to uncovering miscreants and malfeasance.
In the lead up to their Series B that will probably occur in July, the 50-member company plans on growing their sales and marketing to get their great product out to a wider audience.