News, Insights and Stories from the Australian and New Zealand tech ecosystem.

Melbourne startup ResponSight looks at behavioural analytics to detect security breaches within organisations

Hollywood has long loved to show us what online hackers are capable of, from taking down US intelligence from small dark rooms to breaching security codes and stealing millions from casinos and, of course, epic battles with Bruce Willis. But what happens when they infiltrate smaller enterprises?

For the last 20 years the security industry has experienced many real challenges and as technology continues to improve so does the threat of security breaches. For enterprises, stopping hackers seems almost impossible when you look at all the breaches that occur around the world every day.

“Detecting these breaches seems to be just as hard, with some industry stats suggesting hackers can go unnoticed inside corporate networks for months,” says Jeff Paine, cofounder of ResponSight.

Melbourne startup ResponSight is an enterprise risk and security software company that provides risk solutions to large enterprises by linking behavioural risk profiles with hacker activity. Security breaches are detected through an application installed on the user’s computer that combines cloud analytics and reporting services to detect attackers and hackers.

“ResponSight is focused on a very specific area of behavioural analytics that is quite different to traditional security approaches, in that we are focusing only on the behaviour of authorised users as a way to detect attacks,” Paine said.

The startup uses behavioural risk profiling to identify security breaches in corporate networks. The technology learns authorised user behaviour over time through analysis of activity data without needing to collect any private or sensitive information.

Paine explained that, “when an attacker takes over a computer or gets into a corporate network, their activity stands out as very different to the real user, allowing for rapid response and remediation.”

The cloud service installed on the user’s computer allows ResponSight to gain access to reporting dashboards in order to send alerts to corporate security or operations personnel when a threat is found.

The worth of the security technology industry is estimated to grow to over $US170 billion globally by 2020. The market is huge and the amount of money spent on security services continues to grow with every coming technological advancement. The stereotypical version of the hacker, a nerd who plays video games and sits in his unlit room surrounded by multiple computers is a far cry from the perpetrators we face today.

In 2000, a 15 year old boy known on the internet as Mafiaboy famously took down eTrade, eBay, and Yahoo. When a teenager can shut down multiple platforms you know you have a problem. There have been multiple occurrences since, with the perpetrators growing younger and wiser every year.

Paine understands the frustration of security technology, which largely responds only after a breach has occurred. Five years ago he was working as a consultant on security services for corporate networks and discovered that there was something missing in the chain of response.

It seemed obvious that something different was required, that included non-technology factors like user behaviour as a method for isolating risky events and security breaches,” he said.

“ResponSight is trying to break this trend by taking a unique approach, since years of ‘much the same’ isn’t getting us anywhere.”

The idea for ResponSight was pitched at BlueChilli’s Disrupt@Scale startup program, where they came in as winners in February 2015. They received a small amount of seed funding from the program with BlueChilli, Black Sheep Capital, and Mirin Capital all supporting the product through investment and services.

ResponSight have now entered into pilot mode, with a number of select pilots due to be deployed over the next few months. Once the pilots are finalised Paine and his team will launch with a broader focus on financial services, professional/consulting services, and online markets.

“We’re also looking to work closely with system integrators as the ResponSight design and approach is complementary to other existing solutions, like SIEM,” said Paine.

The cyber and security sector in Australia has great skills and expertise, despite this we’re still not known globally as one of the big players or leading regions.

Paine said that “investors and advisors through to enterprise customers all have more questions, require more detail, and are more conservative than perhaps in Israel or the USA. It means things generally take longer, and cost more as a result.”

The main global competitors like Darktrace and Exabeam are taking different approaches to cyber security with similar terminology to describe their solutions, and are also trying to change the security ecosystem. Globally, Israel and the US have been leading the marketplace for years, making it that much harder for Australia to break in.

This year will see ResponSight expand their pilots and grow their enterprise customer base. Paine plans to work with integrators that will help with their global expansion and see them entering the dominating marketplaces, like Israel and the US.

“Ongoing development of the technology and expansion of our team will ensure our customers get solid technology that’s backed by great service,” said Paine.

Image: Jeff Paine and Catherine Eibner. Source: Supplied





Startup Daily