The goal of the new technology is to accelerate the time it takes to respond to a security incident after an alert is generated.
Security startup Hexadite
today officially announced its Automated Incident Response Solution (AIRS), providing enterprises with a new tool to organize and respond to security incidents.
Hexadite, which was founded in March 2014 and has raised $2.5 million in funding to date, focuses on incident response and benefits from the experience of the company's founders, who were trained as cyber-analysts in the Israeli Defense Forces.
Eran Barak, one of the founders and CEO of Hexadite, believes there are four elements that make up cyber-security: prevention, detection, incident response and then forensics. "We understood that there is a gap between the time that an alert is raised from any detection system until the time it is actually investigated and remediated," he said.
The name "Hexadite" has particular meaning. Barak explained that the "hexa" is a reference to hexagon and "dite" is an acronym for data investigation and threat elimination.
The idea behind Hexadite is to help fill the gap between detection and remediation with an automated system that can receive alerts, perform an investigation and then do remediation. The Hexadite AIRS platform can receive alerts from nearly any type of detection solution as well as security information and event management (SIEM) systems, including HP ArcSight, IBM qRadar and Splunk, according to Barak. AIRS can also receive alerts from FireEye, Symantec and Intel Security's McAfee products.
From a use-case perspective, Barak said that if an alerting technology, for example, identifies that a system in the enterprise network is part of a botnet, Hexadite AIRS starts a full investigation. That investigation will involve an analysis of the network as well as remediation to free the infected host machines from the botnet. In addition, the Hexadite system can block the IP address of the botnet's command and control servers on the firewall.
Barak emphasized that Hexadite is not using a big data approach to do the analysis. "We are not a big data solution; we are using the existing solutions that an enterprise has in its environment," he said. "We're not collecting data, and we're not duplicating data either."
Hexadite will make use of the data in an organization's existing systems as part of the incident response investigation. Barak explained that the Hexadite analysis makes use of a proprietary algorithm that includes a library of actions such as data collection, analysis and remediation actions.
Hexadite is not really in competition with the same vendors it is able to integrate with for security alerts, according to Barak.
"The problem that endpoint detection solutions have is that they rely on their own algorithms and their own data," he said.
In contrast, Barak said that Hexadite is able to use all the various sources of data alerts to make an incident response decision and isn't tied to any one vendor product.
The Hexadite platform can also work as part of a company's security compliance efforts. There are reporting capabilities that show an organization what is going on in a network in terms of security incidents and investigations, Barak said.
Hexadite is working on a Series A round that will be closing in the next few months to help further fuel the company's growth, he said.
Sean Michael Kerner is a senior editor at
InternetNews.com. Follow him on Twitter @TechJournalist.