A new startup company, Threat Stack, hopes to be the first of many cybersecurity companies to provide advanced forensic protection for cloud-based companies and government agencies. The company was awarded $1.2 million by Atlas Venture and 406 Ventures to build Cloud Sight, a platform the company claims is the first of its kind to allow public- and private-sector entities with cloud-based services to protect customer data from malware and hacking attempts. The service, now in beta, will be released to the public Nov. 1. The security platform offers real-time monitoring and the recording of minute forensic data to identify attacks and suspicious behavior traits. Dustin Webber, co-founder and CEO of Threat Stack, said there is a powerful advantage to using behavior as a threat indicator as opposed to a specific piece of malware. The difference, he explained, is that while malware and specific hacking techniques may change, behavior typically doesn’t. Few Changes to Hacking Behavior “It’s more accurate because even though an attacker can change their methods of attack, it’s very hard for them to change their behavior, because you have to have a reason for being on that box (cloud system) and we’re looking for those reasons,” Webber said. Cloud Sight builds a profile of each process a user initiates, whether it makes network connections and what kind of activity it produces on a daily basis. Using those profiles, the program creates a rubric for what is considered normal activity and what isn’t. “We can play back step by step each command that was run by a person so there’s no more guessing,” Webber said. Even in the event of a successful attack, the program could save agencies thousands in diagnosis fees. Typical costs for consultants to identify how a hack was performed can be hundreds of dollars per hour, Webber said. A forensic bread crumb trail can seriously reduce, or even eliminate, this expense. While there are many cloud and data security companies, Cloud Sight is distinct from other cloud and data security companies, Webber said, since the service works directly within servers constructed with Linux or Unix operating systems. “There’s not very many companies that are focusing on Linux, or UNIX, which is strange because most of the cloud servers are Linux based and most of the servers used to hold customer data are Linux based,” Webber said. As companies and agencies leverage more and more cloud technology, both Webber, previously on General Electric’s incident response team, and Threat Stack Co-Founder Jen Andre, previously at Symantec, believe there will be a related increase in IT security needs. Is Data Secure in the Cloud? A common misconception for companies new to using cloud services, Webber said, is that just because a cloud service provider has a certain security-related certification, their data in the cloud is secure.
“The main thing about using (outsourced) cloud infrastructure means you’re outsourcing just the infrastructure, you’re not outsourcing your security concern. The big cloud providers aren’t going to take care of that for you. So it’s just something to be aware of,” Webber said. This view is shared by Jerry Irvine, CIO and IT security expert at Prescient Solutions based in Chicago. Irvine, who is also a member of the National Cyber Security Task Force, said this assumption about cloud security is common among organizations who see outsourced cloud providers as a cheap and easy way to launch digital products and services. “When you look at any of those providers and you look at their contracts, 99 percent of the time — and I would go so far as to say 100 percent of the time — in their contract it’s going to say they are not responsible for your data.” Irvine said.
That responsibility falls on the consumer of cloud services, then, not the provider.
“They assume because they’re getting rid of all this stuff that their responsibility for maintaining that environment is no longer their responsibility. It is always their responsibility,” Irvine said. Another reason the marketplace may see more security platforms like Cloud Sight, according to Irvine, is the limited access that clients have to their outsourced cloud infrastructure. Many cloud service providers do not permit clients to perform independent assessments on their hardware and systems, he explained. “Minimally, you should be able to get a third-party assessment.” Irvine said. “Otherwise, you shouldn’t do business with those types.” As for Cloud Sight, Webber sees it as a pioneering and accessible platform where real-time monitoring and advanced forensics can be used by organizations affordably. While the platform will be available in November, Threat Stack will begin charging for services on Dec. 1, according to company spokesman John Vigeant.