This startup’s technology could end up putting most analysts out of a job, seeking out threats on a much bigger scale
Herzliya-based cyber security startup IntSights announced today the close of their Series B funding round, bringing in $15 million in new capital.
The company has developed a machine learning-based technology that is capable of crawling through the unstructured corners of the internet where hackers plan their attacks on targets like banks and other institutions, picking up on threats and automatically closing gaps in security with one click remediation.
Taking part in the round were previous backers Glilot Capital Partners, Blackstone, Blumberg Capital, and Wipro Ventures, who were joined by new comer Vintage Investment Partners in addition to a number of other unnamed strategic investors.
IntSights was co-founded in 2015 by CEO Guy Nizan, CPO Alon Arvatz, and CTO Gal Ben David. The company recently picked up their $7.5 million Series A last year in 2016, making this a very short time frame for to receive a boost in capital.
The tip of the iceberg
Threat intelligence for cyber provides an element that is as crucial for security as the perimeter. Simply put, if you do not know what is coming at you, then you will be woefully underprepared for the attack when it finally comes. While the assumption has turned increasingly in recent years to dealing with an attacker once they have made it passed your high walls, the fact remains that solid intelligence and preparation are still key parts of a solid strategy.
However combing through mountains of forums on the Dark Web and Deep Web is time consuming to say the least and can be extremely limiting. Unlike the Google-searchable parts of the web where most content is hosted, the chat boards and marketplaces where plans for hacks and selling of stolen data take a little more effort to scrape through if a researcher hopes to uncover something useful. You have to know where to look, since these layers are not indexed or are blocked off to outsiders.
“The idea is to get into the hacker’s mind and really understand how they communicate,” Nizan tells Geektime. “Once you got that figured out, you can easily train a machine to understand what is being published by hackers. Then, the machine can identify what’s the scenario even without fully deciphering the text. When there is a very big data set the machine can even notice small nuances commonly missed by human analysts, and understand the context even when the text is written in an unfamiliar language.”
It would seem that this contextual learning helps them handle mountains of data that would burn up hundreds of man hours under normal human circumstances. IntSights seems to have a good grasp of what is possible to delegate to machines and where human analysts are still needed.
Sixgill is another Israeli company offering automation of threat intelligence services that is working in the field of Dark Web investigations, making them an active competitor. Funny enough that both have embraced the image of the iceberg to represent the visibility gap between the “Clear Web” and “Dark Web”, indicating that they give their clients access to valuable, hidden information. Perhaps less dark arts and more hard work, IntSights and others are making the detection of intel a more efficient process.
Similar to how a security team receives thousands of alerts and are now using tools like behavioral analysis to cut through the noise, IntSight is giving researchers a powerful tool to pick up on more relevant information through contextual learning. If they are able to provide analysts a shorter list of potential threats with less “false positives”, then this itself is quite an accomplishment.
However, as good as they may be getting with tweaking their system, there will still be a need for an analyst at the other end to decide what is or is not a threat.
Nizan admits that, “It’s definitely not easy to build the right algorithms to replace human analysts with threat detection, but the technology we have today proves it’s possible on many aspects of cyber-security. It’s still good to have an analyst in the end for further investigation, but at IntSights we believe that the detection should be done by machines.”
Moving forward Nizan tells Geektime that they will use the funding for increased penetration of the US and European market. One of their goals is to help consolidate the amount of information that analysts have to contend with. As Nizan notes, “Security in general, and TI particularly, need to shift into platforms that can consolidate different modules and create the connections for the customer.”