When it comes to enterprise security, there is strength in numbers – which is why a sharing community is a key part of Optics, the threat intelligence solution from ThreatStream, the security startup that last month raised $22 million in a Series B funding round, bringing its total funding to $26.4 million.
Hugh Njemanze, ThreatStream's CEO, said community members are vetted to ensure all members are from trusted organizations and are security professionals. In addition, he said, organizations get to pick the members with whom they want to form "trust circles" and collaborate digitally on emerging threats. "They share information not only on the threats themselves, but on best practices and how to block and remediate," he said.
Members can belong to different circles and set specific levels of sharing for each. "You might have 10 organizations in a circle. All the members know who the other members are, but the actual contributions are anonymous. This makes it practical for organizations to start sharing useful information," Njemanze said, as it allays concerns that "sharing looks the same as leaking company secrets."
Customer focus is a key tenet at ThreatStream, which in October hired a vice president of customer success and is spending some of the capital it raised on growing its technical support and QA organizations, said Njemanze. Interaction with the customer community is modeled on ArcSight, the company he founded and helped lead before its sale to HP in 2010. Noting that ArcSight's annual conference had a nearly 100 percent return rate, he said the goal is to build a similar end-user community at ThreatStream.
"If you have the right types of customers in your sharing community, other organizations see a tremendous benefit from joining the critical mass community," Njemanze said.
Integration and Analytics
While ThreatStream has signed customers from the Fortune 1000 as well as large government agencies in its first 18 months, the company's product is also a great fit for smaller organizations because of its "straightforward and pain-free approach," he said. "It can be deployed over the phone in less than an hour for a live production trial."
Traditional threat intelligence solutions collect and distribute lists of known and suspected malicious actors. Security analysts then review the lists and manually enter the threats that concern them into their network analysis or SIEM tools. This can add "days of latency," Njemanze said, as the information goes through an organization's change control process. The problem is, he added, "bad guys won't wait for that."
In contrast, ThreatSteam built direct integration into tools like SIEMs. With information not being entered by hand, there is essentially no latency, Njemanze said. "Within 15 minutes of us identifying a threat, it is already being monitored on a customer's network."
In addition to the sharing community and its efficiency-boosting integrations, ThreatStream employs analytics algorithms to clean up and curate feeds – not just ThreatStream's own feed but ones from third-party vendors as well. ThreatStream has already partnered with 10 of the most prominent vendors and is working to establish relationships with others, Njemanze said. It also opened an app store that allows customers to purchase the various feeds and enjoy the benefits of its algorithms.
"Our goal is to have the majority of players available through our store," he said. "That way, they can mix and match multiple feeds to get more complete coverage."
The company is in growth mode, having added 25 employees in the past year. It has 30 paying customers -- including "some household names," Njemanze said -- and over 700 organizations use its free product.
Fast Facts about ThreatStream
Product: Optics threat intelligence platform
Founders: Greg Martin
HQ: Redwood City, California
Funding: $26.4 million, including investments from Paladin Capital Group, Google Ventures, General Capital Partners and Institutional Venture Partners
Customers: About 700 using free product and 30 paying customers