Preempt’s Israeli military intelligence-based team has developed a product aimed at tackling insider threats in real-time
Emerging from stealth this morning with their first product, the U.S.- and Israel-based Preempt Security has announced the launch of what they are calling a behavioral firewall.
Co-founded in 2014 by CEO Ajit Sancheti and CTO Roman Blachman, Preempt’s Israeli military intelligence-based team (specifically many graduates of the prestigious 8200 unit) has developed a product aimed at tackling insider threats in real-time. Along with their Silicon Valley HQ, they also have an office in Ramat Gan.
They raised their Series A back in April, pulling in $8 million from General Catalyst Partners, as well as their seed backers Mickey Boodaei and Rakesh Loonkar of Trusteer and Paul Sagan of Akamai Technologies.
Speaking with Geektime, Sancheti describes their solution as “very granular, with dynamic permissions and responses for different users based on customizable policies.”
What they have come up with basically falls into the space between a traditional firewall that is capable of keeping out intruders, and that of a smart user behavior analysis (UBA) operation.
In looking at the current UBA solutions out on the market, Sancheti says that they are focused on providing alerts and logging activity, without the ability to really take action. Their solution works on machine learning and a strong set of math that can respond to different circumstances.
At the same time, he says that the old style of firewalls is very static, tracking which users are going where and responding. “With UBA, you can learn the behavior of users, and when they do something that doesn’t match what they do, then you try to take an action. So the behavioral component and the understanding of what users are doing, what’s normal or not, is the first difference.”
One of the key selling points that Preempt believes that it has over its competition is the ability to dynamically change policies. “When user behavior changes, you absolutely want to be able to have a way to respond to the changing behavior of the users,” Sancheti explains.
“If you had a static firewall policy and somebody’s project changed, then you’d have to go off and change the rules to allow them access to new servers, block them from the old ones, etc. If you learned and the policy understood how to incorporate these changes, then it doesn’t become a big management burden for the security team because it learns the changing behavior, starting to adapt according to the nature of the user’s’ behavior.”
Finally firewalls can sometimes feel like performing surgery with a machete, cutting out large groups of people when a scalpel approach would probably yield better results. Their system is capable of responding in multiple ways, including different kinds of challenges to authenticate like 2-Step verification which he says is becoming very popular.
In speaking with Sancheti, he tells Geektime that they have already deployed their product with a number of paying customers, and are engaged with customers in the financial and education sectors, as well as hospitals and law firms that are looking for the added security.
Still a young company, he says that they do not yet have a false positive rate ready to publish.
Preempt’s approach to security is to allow companies to keep business operations flowing smoothly as much as possible. More often than not, those who are locked out are legitimate users who have not been granted the proper access. This can be from problems with the policy, or simply an understaffed IT department unable to keep up with the shifting needs for employee permissions. Their goal was to build a dynamic system with a more robust set of tools for responding to potential threats.
As the cyber security landscape continues to evolve, reacting to the nature of the threats facing companies and others, there appears to be a strong current away from rigidity, moving towards a model of fluidity. Risk of attacks are an inherent part of doing business in the connected world. So while it may seems counterintuitive to look for less stringent solutions, the technology for picking out bad actors has leaped forward immensely.
One of these areas that has shown the most progress has been in fraud detection, with PayPal being a leader in the field, examining transactions for actions that seem out of place. As passwords and login details become less effective, constantly appearing online for shockingly low amounts — how much would you pay for Mark Zuckerberg’s Twitter password? — additional protections like UBA become more important in determining who is friend or foe.
If I generally log onto my email in Tel Aviv but then suddenly show up in Russia, then I’d certainly hope for some red flags to start waving.
That’s not to say that I want to pull up the drawbridge and go on lockdown quite yet.
What is particularly appealing about Preempt’s dynamic approach is their understanding that in the modern working world, the pace of change is so rapid that the security systems will need to keep up, maintaining continuity.
This can be essential for clients like hospitals where access to the network can mean life or death for patients. Sancheti says that doctors could be given full access to get into their accounts always, whereas more restrictions could be put in place for the billing team where there is less pressure.
Competition in this space is likely to continue to grow, with companies like LightCyber offering a similar UBA service, but could come out ahead with their reimagining of the firewall’s place in security.