Abstract Security Brings AI to Next-Gen SIEM

Abstract Security has emerged from stealth with a platform designed to centralize security analytics, speed up threat detection, and triage alerts so that security analysts can focus on actually managing and resolving security incidents.

The startup, which raised $8.5 million in seed funding, will use its platform to shake up the security information and event management (SIEM) market, says Colby DeRodeff, the company's co-founder and CEO. Despite plenty of talk about "next-gen SIEM," little has focused on addressing the underlying challenge: that the technology can't handle the scale of data being collected or deliver actionable alerts quickly enough, he says. But the way Abstract Security handles data collection and storage enables its detection engine to provide analysts with alerts much sooner and at a lower cost, he says.

Abstract Security keeps the security data in data streams and uses machine learning to apply prebuilt and user-defined detection rules to find correlations between streams. Using the streaming model helps Abstract avoid latency, lowers time to detection, and reduces mean time to response, DeRodeff says. In other words, analysts aren't waiting 45 minutes for the system to index the data before they can interrogate it.

"Abstract's data-centric approach represents the future of detection," said Matt Bigge, partner at Crosslink Capital, in a statement. Crosslink Capital participated in the company's seed funding round.

Enterprises are storing terabytes of data, but most of the data they are sitting on — as much as 95% of collected log data — is neither useful nor relevant for detecting security issues and incidents, DeRodeff says. He describes customer meetings where the customer would be unable to detect attack simulations.

"They were not collecting the right data," DeRodeff says, noting that enterprises face a data conundrum. Security teams can define the detection rules based on the type of data they have, but they also have to decide what data to collect based on the detections they want to have.

Abstract Security's platform "bifurcates" security and compliance, DeRodeff says, by directing security-relevant data into streaming databases and storing everything else separately. This increases detection effectiveness and lowers computing and storage costs, while still helping enterprises meet their compliance obligations.  

"In today's shifting cyber landscape, understanding which data is vital for security and which is collected for compliance or forensics is crucial," says strategic adviser Tom Reilly, who is also an investor in the company. Otherwise, organizations pay a hefty price for unnecessary data that simply isn't needed in their high-fidelity analytics packages.

Abstract Security's beta customers span a variety of industries, including a major insurance provider, a global healthcare provider, a Fortune 500 company in the financial services space, and a B2B tech company, the company said.