New ThreatStream CEO Wants to Solve SIEM Challenge


Hugh Njemanze is no stranger to the world of security startups. In the year 2000, Njemanze founded security incident and event management (SIEM) pioneer ArcSight, that was acquired by HP in 2010 for $1.5 billion. Njemanze continued to serve as CTO until 2012.

Njemanze is starting on a new adventure and last week was named the CEO of security vendor ThreatStream. ThreatStream founder Greg Martin, who had been serving as CEO, will move into the CTO role.

Njemanze, who stayed at HP two years following HP's acquisition of ArcSight, said he enjoyed his time there, adding, "We grew faster at HP than even when we were a public company."

After deciding to leave HP and semi-retire, Njemanze said he got compelled to come back with the lure of solving the complex challenge that helping organizations make better use of SIEM data.

"SIEM promises to collect event logs from lots of sources and analyze them so you can derive intelligence about what is going on in an enterprise," Njemanze said. "What we noticed is that customers, after deploying a SIEM, don't update and make full use of the intelligence."

Njemanze likened the situation to a person who has a word processor application but doesn't actually write anything. Either way, there is no useful output from the application.

ThreatStream wants to fill that gap and provide an automated way to feed threat indicators and rules and reports that make use of intelligence, which can then be used to update the SIEM.

Without the ThreatStream technology, Njemanze explained, there is a lot of information available to enterprises -- but it's still up to the enterprise to decide what is valuable and what is not and to go through whatever change control process is required.

"Our value proposition is a signal-to noise-ratio to be more effective with enterprise tools and more currency to be able to deploy new threat information as soon as it's received, rather than waiting for a large change window," Njemanze said.

Njemanze stressed that ThreatStream is technology that gets deployed as a way to make a SIEM more effective. The goal is to complement SIEMs, rather than displacing the SIEM vendors.

HP's ArcSight and IBM's qRadar are moving in the same basic direction in an effort to help organizations make full use of log data.

"Fundamentally we're all trying to do the same thing," Njemanze said. "In our case, we're more like a Switzerland and want to integrate with all the SIEMs. We don't have a vested interest in being horizontally integrated with only one SIEM product."

Sean Michael Kerner is a senior editor at eSecurityPlanet and Follow him on Twitter @TechJournalist.