Innovation Built on Innovation: a Cybersecurity Success Story
You’ve probably heard the phrase necessity is the mother of invention. That term isthe evolution of a quote from Plato’s Republic: “Our need will be the real creator.”
And in this brief cybersecurity innovation story, we will see Plato is still correct.
Cybersecurity needs spark innovation
In this case, the need starts at the top of organizations. Executives and boards of directors increasingly treat cyber risk as business risk.
Business leaders need to protect the business from a damaging and costly cyberattack.
The drive to become more secure filters down to cybersecurity and IT teams who do the work of implementing greater security. But they have a need, too.
Network defenders need to detect cyberattacks in progress on the network and stop attacks before completion.
However, there is a major obstacle to achieving this level of advanced threat detection.
The majority of traffic on their network is now encrypted. Gartner says 80-90% of traffic is this way. And most network defenders are locked out from inspecting this traffic, to detect threats, because their organization uses outdated security tools (like IDPS) that cannot see through encryption.
These encryption blind spots are enormous. And the opportunity for attackers is also massive. 91.5% of all malware arrived in encryption during Q2, 2021.
This is where Plato comes in again: “Our need will be the real creator.”
Cybersecurity innovation, IT innovation
LiveAction’s ThreatEye NV is a Network Detection and Response platform (NDR).
NDR is a fast-growing segment within cybersecurity, surging by 22% in 2020 (Gartner) and gaining momentum as organizations pursue the next generation of security tools.
With the need to detect threats within encrypted network traffic, the ThreatEye team created an innovative security platform to detect active attacks by tracking, classifying, and characterizing all uses of network traffic-without the need to break or see inside of encryption.
The platform uses long-term behavioral analysis to detect anomalies and it also correlates multiple events.
In addition, streaming Machine Learning (MLE) rapidly uncovers legitimate threats. This Encrypted Traffic Analysis (ETA) approach works regardless of encryption because it looks at behavior instead of inspecting traffic contents.
But this cybersecurity innovation, like most, had a need. In this case, the need for speed.
In a new case study, LiveAction Vice President Randy Caldejon explains the challenge his team faced:
“We’re analyzing over 150 features of network flows, and our customers want to see common aggregations such as top-n clients consuming data on the network or TLS connections with unusual entropy scores.
Our solution runs in hybrid-cloud deployments and needs to scale up to 40Gbps worth of inspected network data. High-performance is critical to ensure scalable and reliable analytics when deploying in high-throughput scenarios such as enterprise networks.”
So Caldejon and his team tested the ThreatEye NDR SaaS tool on several established time-series databases.
But the results were not real-time.
That’s when the team turned to another IT innovator, QuestDB.
“When I first tried QuestDB using test scripts to evaluate time-series databases, I initially thought I had misconfigured something because the ingestion speed seemed unrealistic. When I ran some SQL queries in the console and got near-instant results returning our full dataset, I started to get excited about QuestDB being a legitimate alternative to other systems.”
Finally, the right time-series database to ingest sensor collected data and process millions of events per second, turning data into actionable insights.
And the right choice to power the ThreatEye NV platform, and give SecOps, NetOps, and senior leaders at organizations what they need: greater cybersecurity.
So there you have it. That is the tale of how innovation, built on another innovation, became a cybersecurity success story.
Read: QuestDB/LiveAction Case Study
Meet the LiveAction team in 2022 at Cisco Live (Las Vegas) and RSA (San Francisco).