Is there money to be made on an open source unified security management platform? That's the bet being made by investors in security startup AlienVault.
AlienVault announced today that it raised $22.4 million in a Series C funding round led by venture capital firm Kleiner Perkins. To date, AlienVault has raised a total of $34 million in three rounds of funding. While AlienVault is a relatively new company, its leadership has plenty of experience in the security space.
AlienVault CEO Barmak Meftah was one of the first employees of code security vendor Fortify Software, where he held multiple roles including Chief Products Officer. Fortify was acquired by HP in August of 2010.
In an interview with eSecurity Planet, Meftah said that he was at HP for a year and a half before leaving to join AlienVault. He says he made the move because of the opportunity that AlienVault represents to the security market.
"AlienVault has taken all the necessary point security solutions -- ranging from intrusion detection to vulnerability assessment, network management, and SIEM log management -- and put it all in one form factor," Meftah said. "We go to market with a pre-integrated solution."
The AlienVault Unified Security Management platform is a corollary to the Unified Threat Management (UTM) platforms that networking vendors include in their respective portfolios. UTM solutions are all about blocking attacks against endpoints -- and typically combine firewall, IPS, and anti-virus on a single device.
"We do the other half and we bring together all the components for security visibility," Meftah said. "We don't block the attacker as our assumption is that the attacker has already gained access."
The idea is to deliver security insight into what's going on within an enterprise network. AlienVault leverages the work of 33 open source projects in a pre-integrated way to deliver all of the security insight.
Among those projects is the AlienVault-led OSSIM (Open Source Security Information Management) platform.
"We build the underlying glue and the security management platform that integrates all the open source components," Meftah said. "We provide the orchestration and the security automation layer."
AlienVault's OSSIM project is freely available and licensed under the GPLv3 open source license. The company also dual-licenses the technology, which is where the commercial Unified Security Management platform comes into play.
"You can download the open source version and you'll experience all the features that the commercial version has as well," Meftah said. "The only features that we kept just for the commercial version are features that are pertinent to enterprise scale."
Meftah noted that the open source basis for AlienVault gives his company an advantage over SIEM vendors such as HP's ArcSight or IBM's Q1 Labs. HP acquired ArcSight in 2010 for $1.5 billion, while IBM acquired Q1 Labs in 2011.
"Our open source base affords us a freemium model of selling," Meftah said. "The technical buyer has already downloaded and tried out OSSIM, so by the time the enterprise calls us, a lot of the tech people are already on board."
The commercial version of the AlienVault platform is available in multiple form factors including a hardware appliance, a virtual VMware appliance, and a cloud-ready platform that has elasticity built in to scale up or down.