Over the past decade, I've been involved with EDR, NDR, and XDR startups, as well as malware sandboxing, isolation, SASE, and other security methodologies and tools. I've started thinking a lot about the current vendor landscape from the perspective of a a user - a CISO, a SOC head, an Incident Responder, a Threat Hunter.
I have a lot of empathy for CISOs, or any role really on the operator side these days. There are a few thousand vendors out there, and it seems most of them are peddling one form of Detect & Respond or another. And now with the explosion of AI capabilities, a new wave of noise, solutions, and vendors is coming. From my discussions w/ CISOs, they are being constantly bombarded by vendors, under pressure from internal stakeholders, and held to an extreme level of accountability. With so many solutions and so many vendors, how do you find and select the ones that will give you the value you need?
I didn't want to found a company around just another tool, an incremental improvement or another niche solution. Where is the real innovation? What would be a dramatically new approach that would provide real value to the users of these tools? As I have been surveying the landscape and thinking about what to do next, interviewing w/ various startups and just researching and talking to people I think I have come up with something completely new that the market needs and will embrace.
I believe that the underlying technologies of machine learning, generative AI, LLM's, predictive analysis, and so forth are going to enable a complete rethinking of how cybersecurity work gets done, especially in areas of automation, integrations, data processing, and importantly, predictive ability. The idea of predicting security events isn't new, but it hasn't really been possible before in a meaningful way. Other industries are leveraging predictive analytics much more extensively than cyber. Yes, there are a few tools starting to pop up on the security landscape that incorporate a component of prediction, but most of these companies have too narrow of a vision, or too niche of a solution to be truly interesting in my opinion.
But completely rethinking the SOC to incorporate predictive, proactive alerts, or warnings, based on an extended data set with deeper context? That I think can be a real paradigm shift. And the best part it is that it can overlay the existing SOC architectures for easy deployment, pulling additional value and insight out of the hard work already put in place by the SOC team.
What if, instead of Detect & Respond, you could Predict & Prevent?
Stay tuned.
Paul Jespersen
Co-CEO
Comments