ThreatStream, a disruptive cybersecurity startup freshly flush with $4 million in Series A funding led by Google Ventures, is revolutionarily rebooting the way organizations defend against online attacks.
The Redwood, Calif.-based 20-person company has created what it says is the first real-time collaborative cybersecurity intelligence crowdsourcing cloud platform. The system, called Optic, lets businesses and public institutions faster detect, understand and intercept early indicators of threats from malicious files and IP addresses -- ideally in time to stop them before they start and wreak potentially irreversible damage.
"Instead of attempting to stop threats after they have breached your network, ThreatStream lets organizations look outside their own environments for a broader view of the attacks forming and put in place proactive defenses,” Google Ventures general partner Karim Faris explained. “It’s a smarter way to analyze threats, and take action against them.”
ThreatStream debuted its collaborative SaaS (software as a service)-based early warning system last month at the recent controversial RSA security conference in San Francisco, where it was a finalist in the event’s Innovation Sandbox Program.
The Optic platform aggregates global, local and trusted threat intel data and analytics in real-time from a private network of enterprise cybersecurity professionals from all over the web. It then optimizes them and seamlessly incorporates relevant findings into customers’ existing security infrastructure. The tool also helps users quickly determine attacker intent and whether or not attackers are targeting specific industries.
Here’s a video that shows how Optic works:
ThreatStream founder and CEO Greg Martin, who has been a technical adviser to the FBI, the United States Secret Service and NASA, walked us through a basic potential real-life scenario that illustrates how Optic helps private companies (20 are already actively using the platform) to looming threats.
“If an attacker hits Bank of America, and then JPMorgan soon after, you can assume that Wells Fargo is going to be next on the list of targets,” he said. “What our system does is enable the IT security personnel at organizations like these to join together in a safe, controlled environment, to share their day-to-day intel findings and use them collaboratively to fight back against cyberattackers. Competitors or not, they would use the platform to warn each other and strengthen their defenses.”
For the first time, Martin said, companies are empowered to warn each other in real-time about all types and caliber of threats, like the DDoS (distributed denial of service) attack that recently knocked Meetup offline for days and the recent Target credit card breach, for example.
“Companies are now able to ask one another, ‘Hey, has anyone else seen this threat before?’ and then get answers back fast from the Optic community, and use the information received to quickly defend their network.”
Martin wasn’t at liberty to share a complete list of ThreatStream customers, but did say that 1800flowers.com and defense contractors SAIC, QinetiQ North America and Northrop Grumman are all currently clients.
While the company is mainly focused on serving large enterprise corporations and government entities for now, Martin said he hopes to eventually share ThreatStream’s innovative software on an open source basis with smaller businesses and startups “so they can build their own systems to defend themselves based on ours, barring any secret sauce, competitive advantage type of stuff, of course.”
The service, which allows users to anonymize their communications, if they so choose to, and pick and choose whom they share them with (similar to Google+ Circles), is currently only available to public and private organizations in the U.S. and Canada. However, Martin confirmed that plans are underway for partnerships that would enable its expansion into Western Europe and Australia.
All Optic users are verified through a multi-step identification and vetting process that ensures that they are “trustworthy individuals who are who they say they are and are gainfully employed by the organizations they say they work for,” Martin said. With larger Fortune 2000 companies and government defense contractors already actively using the threat-sharing network, complete trust is paramount.
If a shady character does infiltrate the “self-policing” Optic system and enters false data or information, Martin said “they would get caught pretty quick by our users.”
While ThreatStream doesn’t currently contract with the National Security Agency (NSA), Martin said “if they asked to hire us tomorrow we absolutely would work with them.”
He said he would “absolutely a thousand percent” jump at the chance to help the U.S. government fend off cyber threats. However, Martin said he “would not get behind developing technology that would enable the government to spy better.”
“I’m not picking sides, but you have to realize that cybersecurity experts defending our nation against cyberattacks have one of the hardest jobs because the government’s made a sequester and cut their pay,” he said. “Meanwhile, they’re getting paid normal government wages doing something that isn’t the sexiest job, and their buddies are over in Silicon Valley making twice as much money and they’re at a startup.”
ThreatStream launched in stealth mode in 2012 as an LLC and officially came out when it became incorporated on Feb. 4, 2014. At slightly more than one year old, Martin said his firm has “just under 20” enterprise customers now paying to use the Optic platform with additional features that bolster their firewalls and overall security structures. He said approximately 1,000 users are using it with fewer features for free via a freemium trial option.
Optic pricing plans start at approximately $50,000 per year for smaller organizations and anywhere up to $400,000 per year for larger ones, Martin said, depending on the number of security structure integrations needed.
Once properly vetted, security professionals from smaller startups and businesses are welcome to join ThreatStream’s Optic network for free. “That’s our contribution back to the greater community,” Martin said.
Anyone can download ThreatStream’s free web-based Optic Splunk App, which automatically integrates threat intelligence from ThreatStream’s Optic platform into Splunk's real-time searchable online data repository to uncover, share and comment on cyber threats, though they too will have to be vetted by ThreatStream first.
The more people get involved in sniffing out and sharing threats, the better.“More and more catastrophic and increasingly sophisticated breaches and attacks are coming,” Martin said, “and if qualified cybersecurity experts don’t band together to fight the spread of cyber crime, were going to continually lose the battle... and the battle’s not going to stop any time soon.”