Endpoint security and threat intelligence specialist Webroot announced it has acquired the assets of CyberFlow Analytics, a company that applies data science to network anomaly detection.
The acquisition is designed to enhance Webroot’s ability to address the explosion of internet-connected devices, the internet of things (IoT) and an increasingly complex threat landscape.
From a technology perspective, both companies use highly advanced machine learning to solve complex security issues quickly and efficiently.
Adding the FlowScape network behavioral analytics solution extends Webroot’s leadership in machine learning-based cyber-security to the network layer.
As malware is now overwhelmingly polymorphic and advanced persistent threats (APTs) mask their activities within everyday network noise, SaaS-based FlowScape adversarial analytics and unsupervised machine learning enables Webroot to further reduce time to classify and address threats.
“As the number of attack vectors and the variety of threats continue to grow, network boundaries are becoming blurred and IoT adoption is exploding,” Tom Caldwell, senior director of software engineering at Webroot, told eWEEK. “Each of these trends provides increased opportunities for cyber-criminals to exploit digitally connected businesses and individuals. The only way to keep ahead is through security automation at the endpoint, within the network—endpoint-to-endpoint communications—and to the internet—inbound and outbound communications.”
Caldwell, co-founder of CyberFlow Analytics, said the acquisition of the FlowScape solution enhances the Webroot product portfolio by adding network behavioral analytics and new unsupervised machine learning approaches to further enhance Webroot’s ability to quickly identify and classify unknown threats.
The software-only solution deploys on premises or in the cloud to start detecting anomalies on day one, while getting more intelligent the longer it runs.
FlowScape is available for custom integration and evaluation as part of an initial pilot program, with full availability and further product integrations expected in 2017.
“Security personnel are overwhelmed by alerts, while advanced persistent threats work low and slow to hide within everyday network noise and remain undetected,” Caldwell said. “By providing early warning of those threats through integration with existing tools such as SIEMs (security information and event management), as well as with proprietary investigative dashboards, network behavioral analytics can alert security personnel to APTs, atypical BitTorrent traffic, port scanning, DDoS, ransomware, IPv4 and IPv6 high-risk anomalies and more to help them focus on critical breaches.”
He explained it can also identify risky devices connecting to a network, as well as employee policy violations and high-risk behaviors.
“The impact is the ability to detect threats faster and provide security personnel much greater visibility that they have had in the past,” he said.