Picture an IT system, then imagine a DVR unit recording everything that happens in that system, so that there's a complete record of all activity as it trudges along each day.
That fictional DVR would be a fair description of Denver-based startup ProtectWise, which exited stealth mode in March following two years of development and has started a lot of talk among industry people for its singular, data science-oriented approach to security.
ProtectWise is, in effect, a time machine; it can go back in time, check to see the events leading up to a data breach or other business issue, and provide a real-time report and clear insight on chains of events as they happen. That information becomes a list of undisputed data points leading back to the source of the hacker attack or other software glitch, enabling administrators to identify back doors, software vulnerabilities—and the intruder himself, in most cases.
Like Having Cameras on a Network
"We're entering the market at a time when digital breaches are only increasing," ProtectWise CEO and founder Scott Chasin told eWEEK. "You wouldn't open up a bank today without having cameras in the bank, in the vault, over the tellers, over the doors. And what's really interesting now is that most enterprises don't have cameras on their networks. They're not recording what's going on inside their networks.
"We look at the network as the foundation for everything. It doesn't lie. It's the representation of all the communication patterns and traffic that is occurring. If you're managing security, in the analogy of the bank, just knowing when somebody came in and out of a door is not enough. So we look at pervasive visibility as being really key."
ProtectWise doesn't just "record the videotape and put it into a storage unit," Chasin said. "We use it to continually analyze what's going on, and we do that in context with the most updated threat intelligence at the moment. If a zero-day comes down tomorrow—and chances are there will be one—how do you know you weren't breached six months ago by it?"
Here's more detail on how ProtectWise works: A virtual camera records everything that happens on a network; ProtectWise compresses the video, streams it into its software package and then processes it in real time.
It is then infused with threat detection software and stored for a year; this allows ProtectWise to view network activity at a time when most breaches aren't discovered for more than 200 days, Chasin said.
Uses Point-in-Time Data Analysis
ProtectWise then replays the stored network memory, using point-in-time analysis, to discover the previously unknown threat or attack.
"This type of deep retrospection at this level of quality hasn't existed until now," Chasin said. The ProtectWise service includes automated smart retrospection and advanced security visualization, he said.
ProtectWise works hand-in-hand with enterprise standard security software, such as firewalls, private networks and deep authentication, Chasin said.
Prior to building ProtectWise—his fourth startup—with partner and CTO Gene Stevens, Chasin most recently served as McAfee's CTO of cloud software before leaving in 2012 to approach independently some fundamental flaws he has experienced in security tech. Previously, Chasin the entrepreneur developed and sold USA.net, MX Logic and BugTraq.
Two Years in Development
ProtectWise emerged from stealth mode March 24 with $17 million in the bank from Trinity Ventures and other investors. It has enlisted a growing number of customers, including prominent companies in the entertainment, manufacturing, financial services and government sectors.
On June 23, ProtectWise appointed the former Commander of Army Cyber Command, Lt. General (Ret.) Rhett A. Hernandez, as the first member of its advisory board. The board will serve as a strategic resource for ProtectWise, Chasin said.