Startup Spotlight: BrightPoint Security's Threat Intelligence Management
BrightPoint Security enables organizations to share threat intelligence with peers – a tactic that has worked well for cybercriminals, points out the company's CEO.
At a recent security event in London, officials from the FBI and other law enforcement agencies said they believe a few hundred expert hackers are behind a large percentage of all the cybercrime acts committed.
To beat the bad guys, organizations need to think and act more like the bad guys, said Anne Bonaparte, CEO and president of startup BrightPoint Security. That means teaming up and organizing, an approach facilitated by threat intelligence management solutions like BrightPoint's Security Sentinel.
"We are all getting attacked," she said. "It's time to figure out how to collectively fight this fight, not in silos but together in a smart and secure way."
Joe Eandi, a former attorney, and Rich Reybok, the one-time chief security officer for Merrill Lynch founded the company in 2011. It was known as Vorstack until just last month. Bonaparte, a former VeriSign VP who joined the company in February and who has served as CEO for three other tech companies, suggested the name change.
"We do what our name says we do," she said. "'Bright' signifies intelligence and 'point' is because we pinpoint the critical threats in your network."
Analytics and Information Sharing
Bonaparte credited Reybok, BrightPoint's CTO, with creating the architecture that enables BrightPoint clients to share threat intelligence with other organizations and to speed their response times for addressing relevant security threats.
"When Rich was a CSO on Wall Street, he would talk about security threats with his peers. He wanted to complement those offline conversations with an online solution, one that would protect the privacy of its users," she said.
BrightPoint uses a "distributed analytics" approach that aims to help organizations answer three key questions: Is my organization under attack now? Are we the only ones being attacked? What should my response be?
"Existing tools like SIEMs are good for managing a repository or log store of threats, but they are not effective at pinpointing specific threats or attacks. They were not designed for that," Bonaparte said. "New tools like ours are needed to bring together data analytics with the necessary security capabilities."
The ability to pinpoint the relevance of security activities is a key differentiator for BrightPoint's Sentinel product, Bonaparte said. To do that, she said, Sentinel collects and analyzes information from sources like email, threat exchanges, internal databases and ISACs (information sharing and analysis centers) and "brings in context in an easy-to-consume way" to reveal the nature of the threat and its source (spam, botnet, etc.) so security pros can quickly make a decision on how to respond.
"The decision is what really matters. Do I immediately block? Do I conduct research? Do I flag it to watch? We enable folks to understand the level of a campaign and really drive the action."
Trust and Attribution
The company holds a patent related to a technology that allows users to share information with peers in Trusted Circles. Members of the circles establish their own policies for sending and receiving threat information and also determine the desired level of attribution, from completely anonymous - "so the only information shared is an indicator of a compromise and a time stamp," Bonaparte said – to more complete attribution for industry peers or supply chain partners.
"Attribution is a big issue," she said. "If you are going to share that you had a breach, you do not want to get nailed for a regulatory compliance issue."
Information sharing is becoming a more critical aspect of enterprise security due to cybercriminals' growing sophistication and their use of attacks that target specific industry verticals. "Companies within verticals use common architectures, so if you can crack one retailer you can likely find other retailers using some of the same systems," Bonaparte explained.
Fast Facts about BrightPoint Security
Founded: 2011 as Vorstack, relaunched in June as BrightPoint Security
Founders: Joe Eandi, Rich Reybok
Product: BrightPoint Security Sentinel
HQ: San Mateo, Calif.
Customers: About a dozen
Funding: $8.4 million, with investors including TechOperators and Aligned Partners
Ann All is the editor of Enterprise Apps Today and eSecurity Planet. She has covered business and technology for more than a decade, writing about everything from business intelligence to virtualization.
By Jeff Goldman
May 26, 2015
The bank says its domain name servers were hijacked last month.