Threatstream Raises $22 Million for New Take on SIEM

Making threat and log file intelligence more actionable is a key goal for the security startup.


Security startup Threatstream Dec. 4 announced that it has raised $22 million in a Series B round of funding, which was led by General Catalyst Partners. Threatstream has now raised a total of $26.4 million in funding to date.

The company's core technology is a product called Optic, which is intended to help organizations make security information and event management (SIEM) system information more effective. The system also includes a collaboration component, enabling organizations to share and consume multiple sources of threat information in a bid to help reduce risks.

Threatstream is led by former HP ArcSight CTO Hugh Njemanze, who took over as CEO of the company in July. Njemanze is no stranger to the SIEM space, given his experience at ArcSight, which is a pioneer in the SIEM market.

Threatstream has both a commercial version and a free version of its product. "We have over 700 organizations that are using the free version of the product," Njemanze told eWEEK. "We feel there is an opportunity to build the company and convert a lot of the free users, so we need the funding to help support the enterprise customer adoption."

The free version of Threatstream differs from the full commercial enterprise release in terms of integration with other enterprise security tools. Specifically, the enterprise product can integrate with such SIEM tools as Hewlett-Packard's ArcSight Enterprise Security Manager (ESM) and IBM'S Qradar and Splunk, as well as big data tools including Cloudera's Hadoop platform.

What makes Threatstream attractive to both investors and enterprise users is the ability to collaborate on security intelligence, Njemanze claims.

"The system is designed to allow large organizations to share intelligence, even when the corporate environment is designed against sharing," he said. "Every company feels that their IT is sacred to them, which makes it hard to demonstrate legitimate reasons to share information."

Njemanze added that the promise of Threatstream is that large organizations can share intelligence in a secure manner. With Threatstream, like-minded organizations can create circles that are vetted, where information is only shared within the group.

"For example, if a bank has information that is sensitive and shouldn't be leaked out of the banking community, the information can be shared only within the vetted banking circle," he said. "That way if one bank gets hit, all of the other banks will know about the incident without having to go through the process of getting approvals to divulge information to a broader community."

The new funding will also be used to help build out Threatstream's product with additional integrations as well as an expanded app store. Njemanze said that Threatstream's app store currently has nine threat intelligence vendors included, but the company has plans to build out more to provide even more sources of information for organizations.

Njemanze said that while most of the organizations he speaks with understand the need for threat intelligence, the challenge is making sense of all the data. He explained that many SIEM vendors are working to collect intelligence, but they aren't vendor-neutral, making it difficult for an organization to leverage multiple SIEM tools from disparate vendors.

"A lot of the enterprise customers we work with will use, for example, both Splunk and ArcSight, and so it's attractive to the enterprise to look at a solution that will consider the intelligence from all the tools they are deploying," Njemanze said.

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.