Forcepoint Acquires Security Analytics Vendor RedOwl

Forcepoint expands its technology portfolio with user and entity behavior analytics capabilities from RedOwl.


Security vendor Forcepoint today announced the acquisition of privately held user and entity behavior analytics (UEBA) vendor RedOwl.

Financial terms of the deal are not being publicly disclosed at this time. To date, RedOwl has raised $21.6 million in venture capital funding.

The basic concept behind UEBA technologies is that data and usage behavior patterns can be analyzed to detect potentially anomalous user or device behaviors.

"RedOwl has been pivoting toward a real-time streaming analytics model, and that's key for Forcepoint's vision of where we want to take analytics," Heath Thompson, senior vice president and general manager of the Data and Insider Threat Security business at Forcepoint, told eWEEK. "With analytics, we want to not only provide interesting reports to our customers, we want to feed analytics information into our policy enforcement engine in real time and be able to act on the information in real time."

For RedOwl CEO Guy Filippelli, the acquisition by Forcepoint is an opportunity to accelerate his business and benefit from integration with Forcepoint's endpoint security capabilities.

"This gives us an opportunity to operationalize the analytics that we have been working on quicker than with any other partner," Filippelli told eWEEK.

RedOwl's technology has already been deployed in production alongside Forcepoint, according to Thompson, and the goal is to develop a deeper level of product integration. Thompson said the plan is to have a product in the market by early 2018 that will directly feed data from Forcepoint's endpoint sensors into RedOwl for analysis and will return information to Forcepoint's policy enforcement tools to protect organizations from real-time threats.

Forcepoint has multiple endpoint security technologies, including data loss prevention (DLP) and insider threat offerings. The company also has network security products, including web, email, cloud and firewall technologies.

Forcepoint has been in operation since January 2016, when Raytheon Websense rebranded. Raytheon acquired Websense for $1.9 billion in April 2015 and expanded further in October 2015 with the $389 million acquisition of network security vendor Stonesoft from Intel.

RedOwl's platform is not just a risk scoring engine that ranks the potential of a given security incident or user behavior, according to Filippelli. Rather, he noted that RedOwl has a behavioral sandbox that allows the platform to dynamically perform analysis and exploration of user and device behavior.

"Really what we do is security data science," Filippelli said.

Among the common types of attacks that UEBA technologies can typically detect are privilege escalation and credential abuse attacks.

Filippelli said that in his experience at RedOwl, there are many other security risks that his firm's technology has helped to discover. He added that RedOwl's UEBA platform has also been able to uncover risks that might not necessarily be security breach concerns, but could still be larger risks for the organization, such as legal or financial risks.

"There is a tremendous amount of value from detecting unintentional or simply negligent behaviors, which I do believe is a greatly under-resourced effort in the security posture of most organizations," Filippelli said.

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.