In an all Israeli cyber acquisition, Radware picks up machine learning technology
Tel Aviv-based DDoS protection firm Radware announced today their acquisition of Seculert, a Petach Tikva startup known for its data exfiltration prevention solution. There is no word as to how much the company sold for.
Seculert was co-founded in 2011 by CEO Dudi Matot, CTO Aviv Raff, and COO Alex Milstein. They raised a $5.3 million Series A from NVP and YL Ventures in July of 2012 and then another $10 million for their Series B in the summer of 2013.
As one of the leading names in DDoS defenses, Radware has developed what they call their Attack Mitigation System (AMS) product line for enterprise customers. Focusing on perimeter firewall protection for web apps and networks, their CTO David Aviv tells Geektime that they were looking for a solution that could take on data center security.
“We want to be able to go deeper into the data center and move into the data protection so that we will be able to protect data assets like critical files and information,” he says, explaining that they are making what he calls “a virtual data perimeter.”
Whereas their current solutions for perimeters give them real-time visibility over attempts to infiltrate the customer’s network, Aviv points out that protecting critical data from more complex threats like an Advanced Persistent Threat (APT) that work stealthily to exfiltrate information requires a different approach.
As opposed to the method of real-time detection that can identify a brute force incident like a DDoS attack, APTs can take months to even years to be discovered, if at all. Once they penetrate a data center or network, they can move laterally, changing their appearance to blend in with their surroundings, searching for valuable bits to steal. In these cases, catching them at the point of exfiltration can be crucial, just as is identifying which users and machines are involved.
What Seculert brings to the table is the machine learning capability that will be able to detect anomalies over time, combing through mountains of data for signs that something may be amiss and that someone may be trying to make off with valuable data.
“This complements perfectly our current AMS product line,” Aviv remarks to Geektime, adding that, “It lets us use our AMS products to enforce [perimeter] security policies based on the internal detection of abnormal activities within the data centers, closing the loop. This gives us a threat intelligence technology capability that we didn’t have before and we can expand our solutions from the network perimeter to the core of the data centers.”
The trend of the past few years at every security conference has been to repeat the mantra that, “the perimeter is dead,” and that we need to move onto to catching the bad guys and gals once they have made it past the wall.
While this is not incorrect, since having your outer defenses penetrated is just a matter of time and luck, it is still clear to me at least that an emphasis needs to be put on having strong outer walls as well.
Radware sees their acquisition of this new technology as plugging a big hole in their product line, and they are moving to what Aviv calls a more proactive security posture, noting that, “Now with Seculert we can detect infiltration that is trying to exfiltrate critical data, and provide an immune system for all the perimeters in order to avoid the loss of this data.”
As attacks like the one on DynDNS that took out major internet services on the East Coast of the US last year proved, you don’t need to use finesse like an APT 28 or 29 to pose a serious threat.
Botnets, the continued insecurity of IoT devices, and the persistent fact that most successful attacks utilize old school brute force means that we will need to maintain strong walls. Radware’s latest purchase will allow them to continue this work and improve with a powerful new set of tools.