Security and related IT topics can be a little dry and tasteless at times, not to mention overly complex. There’s no question that, especially with the alarming rise of data breaches, advancing security innovation is vital to the future of technology, the enterprise and the Internet. But let’s face it, the rocket science behind security just isn’t that sexy—at least it wasn’t until we spoke to the team at ProtectWise. The company’s CEO, Scott Chasin, and CTO, Gene Stevens, both have roots going back to McAfee (sans bath salts), pre-Intel acquisition, with Chasin serving as CTO of McAfee up until the sale. The Denver Colorado security startup has raised $37 million in total VC from partners like Trinity Ventures and Crosslink Capital, and with that funding they are building something for security that’s quite amazing in the security space.
The ProtectWise security platform runs on a cloud-based infrastructure that currently utilizes Amazon AWS for storage and processing (though it can run anywhere really). The model isn’t necessarily unique, though it’s relatively new in the market and does provide virtually limitless scale. However, ProtectWise has also built a service and a suite of tools and utilities that together offer something truly innovative. What if, like your favorite episode of X-Files, you could capture your network traffic and play it back to examine what happened on it? You could watch it in real-time too, but being able to watch what you missed, for a security professional, can be huge.
By the time a zero day exploit is known in the wild, you’ve probably already been compromised. If so, how many nodes in your network were compromised? Which were they? Are they still hacked? You don’t know what you didn’t see happen and you don’t know where it might be affecting you today.
According to Chasin and Stevens, the team at ProtectWise has built the first ever “Cloud Network DVR” and “Time Machine For Threat Detection.” To see it in action, as a security geek, it may just blow your cranium.
Cloud Network DVR And Threat Detection Time Machine -
ProtectWise is an all-software solution in a time when big iron security hardware and appliances are big business. The company has engineered a software suite comprised of network sensors and an analytics platform. The sensors are security cameras, if you will, that record all network traffic on the nodes they’re installed on (a light 12MB install package we’re told) and stream it up to the ProtectWise cloud platform where it is securely stored and threat analysis is performed on it in real-time. The sensors can be configured with profiles to capture just light metadata like netflow or headers (source, destination etc.) all the way to the full payload if you want it. You can target these sensors anywhere in your network: ingress, egress, cloud assets, end points, industrial controls, wherever.
You can then playback the traffic they stream to the ProtectWise cloud analytics platform, going months back if needed, and analyze the data for threats in impressive detail. So now you can go back in time and see if, where and how you’ve been compromised retrospectively. And since it’s also based on the “wisdom” of its cloud infrastructure, not only do you get this retrospective capability, but predictive threat protection as well, as a threat database is constantly being compiled. It’s a very powerful tool in and of itself. However, the ProtectWise user interface has to be the most impressive dashboard for a security product that we’ve ever seen.
ProtectWise Dashboard: HUD, KillBox And Explorer -
Here’s where Chasin and Stevens had a stroke of genius in both form and function. With all this valuable security data of network traffic, the team wanted a way to showcase the data and threats in a more tangible manner, rather than sifting through eye chart reports and log files. So they went out and hired a Visual Effects artist named Jake Sergeant from a company called Digital Domain in LA, who worked on the grid environment for TRON: Legacy. Jake built the ProtectWise HUD you see above and its real-time threat analysis and management visualization is damn futuristic and powerful.
The dashboard is broken up into five main sections, but most of the action happens in the HUD, KillBox and Explorer. These combined dashboard sections literally let you monitor physical representations of security threats on your network at the event level, where they’re located geographically, IP addresses, as well as where they’re connected to and potentially leaking data and granting access. Here’s a quick video demo of it in action.
ProtectWise HUD Demo - Full screen mode suggested
The KillBox is especially badass because it shows attack event progression similar to the military term. It allows coordinated assessment of threat progressions and how they’re spread across the network area. Elsewhere in the dashboard, IT security managers can assign threats to be addressed within the organization. Finally, the network explorer gives you a visual representation of your entire network and you can pinpoint specific connection types, like isolating just torrent connections for example, and then examining those.
ProtectWise currently has 100 or so deployments of its product in the market with customers like Netflix, Hulu, Expedia, Pandora and Universal Music. The company has a shot at revolutionizing security solutions in the enterprise and word is its next generation network security detection, prediction and visualization platform could propel their disruptive security services even further.
Who knows, maybe they’ll call in Tom Cruise for the next rev because this stuff has Minority Report written all over it.