AI Security Startups Target Talent Crunch


By: R. Scott Raynovich

One of the biggest issues in the cybersecurity space is a talent shortage that is slowing down the capability of organizations to add enough staff to protect against online threats and breaches. A new crop of startups is responding to this trend, building technology to automate and assist humans on security teams, using approaches such as managed services, automated analytics, machine learning (ML), and artificial intelligence (AI).

These startups are focusing on helping consolidate the reams of data, security logs, and management screens that are used by security teams worldwide, and then implementing technology that can automate the scanning, analytics, and response to threats that can be identified by watching this data.

AI Helps with Security Sprawl

At a series of security panels and discussions at the NetEvents technology summit last week in San Jose, several trends were described in the industry, which is guiding the next phase of security technology:

  • Security teams are understaffed and feel overwhelmed, which has contributed to recent security breaches because they cannot process all of the security alerts and respond to threats in time
  • ML and AI technology are seen as a substitute "human eyeballs" that can help an organization watch threat data and logs and flag rising threats faster with AI-driven analytics
  • ML and AI-driven security tools can be linked into a wider variety of tools to integrate "security sprawl" and detect anomalous behavior that may not be recognized by the human security staff
  • Managed services can be used by security teams to quickly augment their own staff.

That's where the next crop of security tools enter the picture, by assisting humans in analyzing, integrating, and processing large amounts of cybersecurity data.

Some of the security startups on hand at last week's NetEvents Summit in San Jose, Calif. included Vectra, Ziften, and Zimperium, all of which are targeting security analytics, ML, or AI. Representatives from the company said they will use ML and AI to augment and assist human teams by crunching a wide variety of data to find patterns representing security threats.

"You can't have a human squint at all this data to find patterns," said Oliver Tavakoli, CTO of Vectra, on a NetEvents panel about cybersecurity in the financial industry. "ML is good at finding patterns. Deep learning builds neural nets. ML can unlock patterns in large sets of data and allow you in real time to detecting something and making a decision."

Vectra is funded by top-tier venture capitalists including Khosla Ventures and Accel. Its customers include HBO, LiveNation, Ticketmaster, Texas A&M, and Tribute Media, among others. Vectra is focusing on using AI to automate security operations.

Texas A&M said it's using Vectra to cut the cost of staffing security teams, which has become a problem due to a lack of talent. "One of the biggest challenges we faced was the lack of cybersecurity talent, which is a huge global issue right now," said Dan Basile, an executive director of the Security Operations Center at A&M system, in a statement issued by Vectra.

Last week, Vectra announced that Vetropack Group, a leading European manufacturer for the food and beverage industry, would be using Vectra's AI-driven cybersecurity software. Vetropack officials say that offloading its security team was one of the goals in implementing Vectra's security AI platform, which can be used to analyze data from many sources, including network traffic logs, applications metadata, SIEMs, EDR tools, and firewalls.

IoT Threats Growing

Another area of focus is Internet of Things (IoT), which represents a mind-boggling number of new threats. With nearly 8 billion connect IoT devices expected this year, growing at a 30 percent annual cip, it's clear that IoT may represent one of the biggest security threats.

"IoT devices are getting smarter and smarter," said Roark Pollock, SVP of marketing with Ziften. "They are fully functioning PCs. We don't treat them the way we treat devices in enterprise networks. If you are going to have all these devices, you need to monitor the hygiene of this devices and what this device is doing.”

One of the broadening areas of technology being used to address IoT is Endpiont Detection and Response (EDR). Ziften recently cited research from Enterprise Research Group on "Trends in Endpoint Security Study," which said that 51 percent of respondents report they are looking to deploy endpoint detection and response (EDR) solutions in the next 12 to 24 months.

Ziften last week announced a series of managed security services, called Managed Assess Service, Managed Hunt Service, and Managed Respond Service, all designed to help teams augment their security teams by getting additional help in monitoring EDR, analytics, and security forensics.

For example, Ziften's Managed Respond Service allows customers to request remote and/or on-site incident response escalation for evaluation, forensics of confirmed threats to identify kill chain and root cause, and recommended policy actions.

Zimperium is another security startup focused on ML and AI in the mobile space. Mobile is a pain point for many industries, because it requires a different set of security technology from enterprise technology and because so many devices can touch organizations as part of the Bring Your Own Device (BYOD) trend. Last week, Zimperium announced its Z9 product targeting mobile malware, which it says has used a machine-learning engine to detect 100 percent of zero-day threats.

Zimperium's z9 analyzes hundreds of data points generated by a mobile devices, including applications usage, network patterns, and temperature, to identify malicious apps. It also integrates with enterprise security tools such as entrprise mobility management (EMM), security information and event management (SIEM), and single-sign-on (SSO) solutions.

It's now clear that as point cybersecurity solutions multiply rapidly, the market is shifting toward a focus on integrating security tools and using AI and ML tools to automate the long and laborious process of monitoring logs, SIEMs, and network data.