E8 Security: Defending Against The Unknown

Matt Jones, CEO Data breaches around the globe are rising like never before. Be it the recent U.S. Navy data breach, which compromised sensitive sailor data, or the payroll processing giant, ADP’s hack wherein the fraudsters gained access to ADP employees’ W-2 information.

According to findings from the Breach Level Index (BLI), there were 974 publicly disclosed data breaches in the first half of 2016, which led to the theft or loss of 554 million data records. It is time for enterprises to revolutionize their security strategies to protect their most critical data from unauthorized access. “Data breaches are occurring not because IT directors haven’t subscribed to the best security technologies or because the security personnel they hire aren’t skilled. It’s because the security operations model is broken,” points out Matt Jones, CEO, E8 Security. “If we take a look at the Security Operations Center (SOC), it’s an environment that isn’t conducive to successfully defending the organization. Either the analysts are seeing only a speck of the security environment or they’re overloaded with data and unable to understand what needs urgent attention. So even if threats are detected, critical ones are often missed.”

Being a provider of security intelligence with advanced detection, E8’s Fusion Platform uses unsupervised machine learning and expertly-designed behavior modules to detect threats even when there is no known signature available. In short, customers need not rely on security teams to create and maintain a rule set that may not be relevant for whatever new tactic attackers decide to use next. The advanced detection and analytics ensure the Fusion Platform is always a step ahead of attackers.

Inception of Advanced Analytics

E8 was founded by Ravi Devireddy, one of the pioneers in behavioral analytics, who built his own security analytics tools while working for one of the top 10 financial services firms to better detect threats that previously bypassed the company’s perimeter defenses. “Today, we offer security analysts the tools to detect and protect against the unknown and unseen, helping them defend enterprise networks and keep businesses up and running,” adds Jones. “Until recently, an analyst’s toolset only provided a glimpse into certain parts of the organization, but never the complete picture. Big data has thrown open those windows to all the goings-on within an enterprise.” However, big data by itself couldn’t address the root cause of the problem plaguing security analysts. This is where machine learning brought about a transformation, surfacing patterns and making correlations. It makes data meaningful so analysts can focus the 360-degree view of their network effectively. “This technology is the very core of our platform,” says Jones. E8 applies advanced analytics with the combination of big data and unsupervised machine learning to detect hidden threats via unusual patterns and behavioral changes across an organization’s endpoint, user, and network data at scale.

Today, the company culminates into one of the leaders in behavioral analytics, transforming the way security operations detect, hunt for, and respond to hidden threats inside their organizations.

Our security analytics technology analyzes data from the network, users, and system activities and provides a comprehensive view of malicious activity

“We’re well-positioned to surpass our competitors in the User and Entity Behavioral Analytics (UEBA) space,” adds Jones.

360 Degree Protection

Unlike legacy technologies that focus on ‘myopic’ analysis of data using signatures and pattern matching to detect individual events in network traffic or software, E8 takes an approach of modeling an organization’s behaviors based on users, device- and system-level activities, interactions, and relationships to identify unusual activity patterns and anomalies. The company’s machine learning-based threat detection technology enables security teams to identify and manage a persistent, continuous state of security compromises within their environment without having to depend on rules, signatures, or policies. The Fusion Platform takes an inside-to-outside view of the entire dataset, with ‘lateral movement’ modeling of user and endpoint activities, in addition to network traffic patterns originating from within an organization’s perimeter to identify the various stages of threat activity inside the organization.

Primarily, “Our security analytics technology analyzes data from the network, users, and system activities and provides a comprehensive view of malicious activity within the organization to eliminate the siloed view of an organization’s security posture,” says Jones. E8 offers three ways to find and solve organizational challenges; firstly, through user- and device-specific identification via Entity Fusion. The platform identifies properties such as IP address, device name, and user name for all data analyzed, so analysts instantly understand who they’re investigating and can easily examine other actions that a user or device has taken. Next is determining threats and anomalies via Signal Fusion—here the Fusion Platform combines seemingly isolated alerts from different technologies to show analysts the complete sequence of events, including why a particular action or set of actions was deemed an anomaly or an outright threat.

Lastly, through focused visibility via Data Fusion where the entire enterprise security data from endpoints, users, and networks are in one place, the platform is able to assess threats in a seamless manner. Data is analyzed by advanced machine learning-driven algorithms to provide an organized view of what’s going on within an organization at any given time as it relates to historical trends.

Flexible Technology Implementation

“We’re eliminating the tediousness associated with security operations by doing all of the correlation through the Fusion Platform—users and devices are automatically tied to IP addresses; related alerts and events are automatically grouped; and new, rare, and changed behaviors are automatically surfaced,” adds Jones.
Analysts can see more, know more, and respond faster—increasing the value of both existing technology and personnel. Part of the Fusion Platform’s ‘no-fuss deployment’ comes from its flexible form factor; it is available as hardware, software, or as a private cloud instance, and fits on top of an organization’s existing data lake. None of its threat detection capabilities rely on user-generated or maintained correlation rules or thresholds. This means the platform is not limited to detecting threat activity and indicators that are known and it does not require an army of security professionals to continuously create, review, and rewrite correlation rules as the enterprise and threat landscape changes.

Take the instance of a Fortune 50 retailer in the U.S. who recently suffered a major public security breach. The retailer identified a significant gap in the security strategy and had no scalable way to identify security threats once attackers breached their network perimeter. The breach made the company realize it had limited visibility into incidents once cyber attackers had infiltrated the network. E8 worked with the retailer to deploy its Fusion Platform, applying self-learning, multi-dimensional algorithms to identify patterns and behaviors and automatically detect anomalies. With no custom development required, E8’s platform automatically studied the retailer’s environment—without any manual intervention— modeling behaviors of more than 100,000 users and devices. With applications of multiple machine learning-based anomaly detection algorithms on diverse data sources, the platform automatically generated a risk-prioritized view of threats for analysts with contextual information for faster decisions and more effective actions. E8’s platform could identify several high-risk activities, and provided the client visibility into multiple phases of threat activity across endpoint, user, and network activities that occurred over multiple days/weeks.

Curbing Future Threats

“Everything can be, and must be improved in order to adapt to the changing world in which we live.” Operating with this belief, E8 is continuously in the process of building new behavior models that can be applied to their platform, creating new ways to retrieve and analyze supporting data, and addressing compelling problems and use cases. “2017 will be the year of accountability for the C-suite. Cyber threats will take their place next to financial and operational risk, endangering the company. CIOs and CISOs will need to enhance existing capabilities to detect threats inside their organization,” suggests Jones. New strategies will need to be implemented to identify the presence of attackers that are not considered ‘normal’ and contain those activities as quickly as possible. This operational shift will need to leverage self-learning security analytics designed to detect the early warning signs of today’s most critical cyber threats: malicious insiders, external attackers, and targeted malicious software.

"Analysts can see more, know more, and respond faster— increasing the value of both existing technology and personnel"

For the future, the company wants to continue enhancing their primary platform and guide customers toward a more productive path, bolstering organizations’ detection and response. “E8 will continue to equip security teams with the required visibility to protect the corporate assets from growing threats,” concludes Jones.

E8 Security

Redwood City, CA

Matt Jones, CEO

E8 Security is transforming security operations by dramatically reducing the amount of time it takes to identify unknown cyber threats inside the network

E8 Security