Intenseye raises $4M to boost workplace safety through computer vision

Workplace injuries and illnesses cost the U.S. upwards of $250 billion each year, according to the Economic Policy Institute. ERA-backed startup Intenseye, a machine learning platform, has raised a $4 million seed round to try to bring that number way down in an economic and efficient way.

The round was co-led by Point Nine and Air Street Capital, with participation by angel investors from Twitter, Cortex, Fastly and Even Financial.

Intenseye integrates with existing network-connected cameras within facilities and then uses computer vision to monitor employee health and safety on the job. This means that Intenseye can identify health and safety violations, from not wearing a hard hat to ignoring social distancing protocols and everything in between, in real time.

The service’s dashboard incorporates federal and local workplace safety laws, as well as an individual organization’s rules to monitor worker safety in real time. All told, the Intenseye platform can identify 30 different unsafe behaviors which are common within workplaces. Managers can further customize these rules using a drag-and-drop interface.

When a violation occurs and is spotted, employee health and safety professionals receive an alert immediately, by text or email, to resolve the issue.

Intenseye also takes the aggregate of workplace safety compliance within a facility to generate a compliance score and diagnose problem areas.

The company charges a base deployment fee and then on an annual fee based on the number of cameras the facility wants to use as Intenseye monitoring points.

Co-founder Sercan Esen says that one of the greatest challenges of the business is a technical one: Intenseye monitors workplace safety through computer vision to send EHS (employee health and safety) violation alerts but it also never analyzes faces or identifies individuals, and all video is destroyed on the fly and never stored with Intenseye.

The Intenseye team is made up of 20 people.

“Today, our team at Intenseye is 20% female and 80% male and includes four nationalities,” said Esen. “We have teammates with MSes in computer science and teammates who have graduated from high school.”

Diversity and inclusion among the team is critical at every company, but is particularly important at a company that builds computer vision software.

The company has moved to remote work in the wake of the pandemic and is using VR to build a virtual office and connect workers in a way that’s more immersive than Zoom.

Intenseye is currently deployed across 30 cities and will use the funding to build out the team, particularly in the sales and marketing departments, and deploy go-to-market strategies.

Reduct.Video raises $4M to simplify video editing

The team at Reduct.Video is hoping to dramatically increase the amount of videos created by businesses.

The startup’s technology is already used by customers including Intuit, Autodesk, Facebook, Dell, Spotify, Indeed, Superhuman and IDEO. And today, Reduct is announcing that it has raised a $4 million round led by Greylock and South Park Commons, with participation from Figma CEO Dylan Field, Hopin Chief Business Officer Armando Mann and former Twitter exec Elad Gil.

Reduct was founded by CEO Prabhas Pokharel and CTO Robert Ochshorn (both pictured above). Pokharel argued that despite the proliferation of streaming video platforms and social media apps on the consumer side, video remains “underutilized” in a business context, because it simply takes so much time to sort through video footage, much less edit it down into something watchable.

As Pokharel demonstrated for me, Reduct uses artificial intelligence, natural language processing and other technologies to simplify the process by automatically transcribing video footage (users can also pay for professional transcription), then tying that transcript to the video.

“The magic starts there: Once the transcription has been made, every single word is connected to the [corresponding] moment in the video,” he said.

Reduct.Video screenshot

Image Credits: Reduct.Video

That means editing a video is as simple as editing text. (I’ve taken advantage of a similar linkage between text and media in Otter, but Otter is focused on audio and I’ve treated it more as a transcription tool.) It also means you can search through hours of footage for every time a topic is mentioned, then organize, tag and share it.

Pokharel said that AI allows Reduct to simplify parts of the sorting and editing process, like understanding how different search terms might be related. But he doesn’t think the process will ever become fully automated — instead, he compared the product to an “Iron Man suit,” which makes a human editor more powerful.

He also suggested that this approach changes businesses’ perspective on video, and not just by making editing faster and easier.

“Users on Reduct emphasize authenticity over polish, where it’s much more the content of the video that matters,” Pokharel said. He added that Reduct has been “learning from our customers” about what they can do with the product — user research teams can now easily organize and share hundreds of hours of user footage, while marketers can turn customer testimonials and webinars into short, shareable videos.

“Video has been so supply constrained, it’s crazy,” he continued. “There are all these use cases for asynchronous video that [companies] haven’t even bothered with.”

For example, he recalled one customer who said that she used to insist that team members attend a meeting even if there was only two minutes of it that they needed to hear. With Reduct, she can “give them that time back” and just share the parts they need.

 

Base Operations raises $2.2 million to modernize physical enterprise security

Typically when we talk about tech and security, the mind naturally jumps to cybersecurity. But equally important, especially for global companies with large, multinational organizations, is physical security — a key function at most medium-to-large enterprises, and yet one that to date, hasn’t really done much to take advantage of recent advances in technology. Enter Base Operations, a startup founded by risk management professional Cory Siskind in 2018. Base Operations just closed their $2.2 million seed funding round and will use the money to capitalize on its recent launch of a street-level threat mapping platform for use in supporting enterprise security operations.

The funding, led by Good Growth Capital and including investors like Magma Partners, First In Capital, Gaingels and First Round Capital founder Howard Morgan, will be used primarily for hiring, as Base Operations looks to continue its team growth after doubling its employe base this past month. It’ll also be put to use extending and improving the company’s product and growing the startup’s global footprint. I talked to Siskind about her company’s plans on the heels of this round, as well as the wider opportunity and how her company is serving the market in a novel way.

“What we do at Base Operations is help companies keep their people in operation secure with ‘Micro Intelligence,’ which is street-level threat assessments that facilitate a variety of routine security tasks in the travel security, real estate and supply chain security buckets,” Siskind explained. “Anything that the chief security officer would be in charge of, but not cyber — so anything that intersects with the physical world.”

Siskind has firsthand experience about the complexity and challenges that enter into enterprise security since she began her career working for global strategic risk consultancy firm Control Risks in Mexico City. Because of her time in the industry, she’s keenly aware of just how far physical and political security operations lag behind their cybersecurity counterparts. It’s an often overlooked aspect of corporate risk management, particularly since in the past it’s been something that most employees at North American companies only ever encounter periodically when their roles involve frequent travel. The events of the past couple of years have changed that, however.

“This was the last bastion of a company that hadn’t been optimized by a SaaS platform, basically, so there was some resistance and some allegiance to legacy players,” Siskind told me. “However, the events of 2020 sort of turned everything on its head, and companies realized that the security department, and what happens in the physical world, is not just about compliance — it’s actually a strategic advantage to invest in those sort of services, because it helps you maintain business continuity.”

The COVID-19 pandemic, increased frequency and severity of natural disasters, and global political unrest all had significant impact on businesses worldwide in 2020, and Siskind says that this has proven a watershed moment in how enterprises consider physical security in their overall risk profile and strategic planning cycles.

“[Companies] have just realized that if you don’t invest [in] how to keep your operations running smoothly in the face of rising catastrophic events, you’re never going to achieve the profits that you need, because it’s too choppy, and you have all sorts of problems,” she said.

Base Operations addresses this problem by taking available data from a range of sources and pulling it together to inform threat profiles. Their technology is all about making sense of the myriad stream of information we encounter daily — taking the wash of news that we sometimes associate with “doom-scrolling” on social media, for instance, and combining it with other sources using machine learning to extrapolate actionable insights.

Those sources of information include “government statistics, social media, local news, data from partnerships, like NGOs and universities,” Siskind said. That data set powers their Micro Intelligence platform, and while the startup’s focus today is on helping enterprises keep people safe, while maintaining their operations, you can easily see how the same information could power everything from planning future geographical expansion, to tailoring product development to address specific markets.

Siskind saw there was a need for this kind of approach to an aspect of business that’s essential, but that has been relatively slow to adopt new technologies. From her vantage point two years ago, however, she couldn’t have anticipated just how urgent the need for better, more scalable enterprise security solutions would arise, and Base Operations now seems perfectly positioned to help with that need.

SecuriThings snares $14M Series A to keep edge devices under control

Managing IoT devices in a large organization can be a messy proposition, especially when many of them aren’t even managed directly by IT and often involve integrating with a number of third-party systems. SecuriThings wants to help with a platform of services to bring that all under control, and today the startup announced a $14 million Series A.

Aleph led the round with participation from existing investor Firstime VC and a number of unnamed angels. The company has raised a total of $17 million, according to Crunchbase data.

Roy Dagan, company CEO and co-founder, says that he sees organizations with many different connected devices running on a network, and it’s difficult to manage. “We enable organizations to manage IoT devices securely at scale in a consolidated and cost-efficient manner,” Dagan told me.

This could include devices like security cameras, along with access control systems and building management systems involving thousands — or in some instances, tens of thousands — of devices. “The technology we build, we integrate with management systems, and then we deploy our capabilities which are focused on the edge devices. So that’s how we also find the devices, and then we have these different capabilities running on the edge devices or fetching information from the edge devices,” Dagan explained.

SecuriThings Horizon - Screenshot - Device view

Image Credits: SecuriThings

The company has formed partnerships with a number of key device manufacturers, including Microsoft, Convergint Technologies and Johnson Controls, among others. They work with a range of industries including airports, casinos and large corporate campuses.

Aaron Rosenson, general partner at lead investor Aleph, says the company is solving a big problem managing the myriad devices inside large organizations. “Until SecuriThings came along, there were these massive enterprise software categories of automation, orchestration and observability just waiting to be built for IoT,” Rosenson said in a statement. He says that SecuiThings is pulling that all together for its customers.

The company was founded in 2016 originally with the idea of being an IoT security company, and while they still are involved in securing these devices, their ability to communicate with them gives IT much greater visibility and insight and the ability to update and manage them.

Today, the company has 30 employees, and with the new investment it will be doubling that number by the end of the year. While Dagan didn’t cite specific customer numbers, he did say they have dozens of customers with deal sizes of between five and seven figures.

Nobl9 raises $21M Series B for its SLO management platform

SLAs, SLOs, SLIs. If there’s one thing everybody in the business of managing software development loves, it’s acronyms. And while everyone probably knows what a Service Level Agreement (SLA) is, Service Level Objectives (SLOs) and Service Level Indicators (SLIs) may not be quite as well known. The idea, though, is straightforward, with SLOs being the overall goals a team must hit to meet the promises of its SLA agreements, and SLIs being the actual measurements that back up those other two numbers. With the advent of DevOps, these ideas, which are typically part of a company’s overall Site Reliability Engineering (SRE) efforts, are becoming more mainstream, but putting them into practice isn’t always straightforward.

Nobl9 aims to provide enterprises with the tools they need to build SLO-centric operations and the right feedback loops inside an organization to help it hit its SLOs without making too many trade-offs between the cost of engineering, feature development and reliability.

The company today announced that it has raised a $21 million Series B round led by its Series A investors Battery Ventures and CRV. In addition, Series A investors Bonfire Ventures and Resolute Ventures also participated, together with new investors Harmony Partners and Sorenson Ventures.

Before starting Nobl9, co-founders Marcin Kurc (CEO) and Brian Singer (CPO) spent time together at Orbitera, where Singer was the co-founder and COO and Kurc the CEO, and then at Google Cloud, after it acquired Orbitera in 2016. In the process, the team got to work with and appreciate Google’s site reliability engineering frameworks.

As they started looking into what to do next, that experience led them to look into productizing these ideas. “We came to this conclusion that if you’re going into Kubernetes, into service-based applications and modern architectures, there’s really no better way to run that than SRE,” Kurc told me. “And when we started looking at this, naturally SRE is a complete framework, there are processes. We started looking at elements of SRE and we agreed that SLO — service level objectives — is really the foundational part. You can’t do SRE without SLOs.”

As Singer noted, in order to adopt SLOs, businesses have to know how to turn the data they have about the reliability of their services, which could be measured in uptime or latency, for example, into the right objectives. That’s complicated by the fact that this data could live in a variety of databases and logs, but the real question is how to define the right SLOs for any given organization based on this data.

“When you go into the conversation with an organization about what their goals are with respect to reliability and how they start to think about understanding if there’s risks to that, they very quickly get bogged down in how are we going to get this data or that data and instrument this or instrument that,” Singer said. “What we’ve done is we’ve built a platform that essentially takes that as the problem that we’re solving. So no matter where the data lives and in what format it lives, we want to be able to reduce it to very simply an error budget and an objective that can be tracked and measured and reported on.”

The company’s platform launched into general availability last week, after a beta that started last year. Early customers include Brex and Adobe.

As Kurc told me, the team actually thinks of this new funding round as a Series A round, but because its $7.5 million Series A was pretty sizable, they decided to call it a Series A instead of a seed round. “It’s hard to define it. If you define it based on a revenue milestone, we’re pre-revenue, we just launched the GA product,” Singer told me. “But I think just in terms of the maturity of the product and the company, I would put us at the [Series] B.”

The team told me that it closed the round at the end of last November, and while it considered pitching new VCs, its existing investors were already interested in putting more money into the company and since its previous round had been oversubscribed, they decided to add to this new round some of the investors that didn’t make the cut for the Series A.

The company plans to use the new funding to advance its roadmap and expand its team, especially across sales, marketing and customer success.

Accord launches B2B sales platform with $6M seed

The founders of Accord, an early-stage startup focused on bringing order to B2B sales, are not your typical engineer founders. Instead, the two brothers, Ross and Ryan Rich, worked as sales reps seeing the problems unique to this kind of sale firsthand.

In November 2019, they decided to leave the comfort of their high-paying jobs at Google and Stripe to launch Accord and build what they believe is a missing platform for B2B sales, one that takes into account the needs of both the sales person and the buyer.

Today the company is launching with a $6 million seed round from former employer Stripe and Y Combinator. It should be noted that the founders applied to YC after leaving their jobs and impressed the incubator with their insight and industry experience, even though they didn’t really have a product yet. In fact, they literally drew their original idea on a piece of paper.

Original prototype of Accord sketched on a piece of paper.

The original prototype was just a drawing of their idea. Image Credits: Accord

Recognizing they had the sales skills, but lacked programming chops, they quickly brought in a third partner, Wayne Pan, to bring their idea to life. Today, they have an actual working program with paying customers. They’ve created a kind of online hub for B2B salespeople and buyers to interact.

As co-founder Ross Rich points out, these kinds of sales are very different from the consumer variety, often involving as many as 14 people on average on the buyer side. With so many people involved in the decision-making process, it can become unwieldy pretty quickly.

“We provide within the application shared next steps and milestones to align on and that the buyer can track asynchronously, a resource hub to avoid sorting through those hundreds of emails and threads for a single document or presentation and stakeholder management to make sure the right people are looped in at the right time,” Rich explained.

Accord also integrates with the company CRM like Salesforce to make sure all of that juicy data is being tracked properly in the sales database. At the same time, Rich says the startup wants this platform to be a place for human interaction. Instead of an automated email or text, this provides a place where humans can actually interact with one another, and he believes that human element is important to help reduce the complexity inherent in these kinds of deals.

With $6 million in runway and a stint at Y Combinator under their belts, the founders are ready to make a more concerted go-to-market push. They are currently at nine people, mostly engineers aside from the two sales-focused founders. He figures to be bringing in some new employees this year, but doesn’t really have a sense of how many they will bring on just yet, saying that is something that they will figure out in the coming months.

As they do that, they are already thinking about being inclusive with several women on the engineering team, recognizing if they don’t start diversity early, it will be more difficult later on. “[Hiring a diverse group early] only compounds when you get to nine or 10 people and then when you’re talking to someone and they are wondering, ‘Do I trust this team and is that a culture where I want to work?’ He says if you want to build a diverse and inclusive workplace, you have to start making that investment early.

It’s early days for this team, but they are building a product to help B2B sales teams work more closely and effectively with customers, and with their background and understanding of the space, they seem well-positioned to succeed.

These 3 enterprise deals show there’s plenty of action in smaller acquisitions

Since the start of the year, I’ve covered nine M&A deals already, the largest being Citrix buying Wrike for $2.25 billion. But not every deal involves a huge price tag. Today we are going to look at three smaller deals that show there is plenty of activity at the lower-end of the acquisition spectrum.

As companies look for ways to enhance their offerings, and bring in some talent at the same time, smaller acquisitions can provide a way to fill in the product road map without having to build everything in-house.

This gives acquiring companies additional functionality for a modest amount of cash. In smaller deals, we often don’t even get the dollar amount, although in one case today we did. If the deal isn’t large enough to have a material financial impact on a publicly traded company, they don’t have to share the price.

Let’s have a look at three such deals that came through in recent days.

Tenable buys Alsid

For starters, Tenable, a network security company that went public in 2018, bought French Active Directory security startup Alsid for $98 million. Active Directory, Microsoft’s popular user management tool, is also a target of hackers. If they can get a user’s credentials, it’s an easy way to get on the network and Alsid is designed to prevent that.

Security companies tend to enhance the breadth of their offerings over time and Alsid gives Tenable another tool and broader coverage across their security platform. “We view the acquisition of Alsid as a natural extension into user access and permissioning. Once completed, this acquisition will be a strategic complement to our Cyber Exposure vision to help organizations understand and reduce cyber risk across the entire attack surface,” according to the investor FAQ on this acquisition.

Emmanuel Gras, CEO and co-founder, Alsid says he started the company to prevent this kind of attack. “We started Alsid to help organizations solve one of the biggest security challenges, an unprotected Active Directory, which is one of the most common ways for threat actors to move laterally across enterprise systems,” Gras said in a statement.

Alsid is based in Paris and was founded in 2014. It raised a modest amount, approximately $15,000, according to Crunchbase data.

Copper acquires Sherlock

Copper, a CRM tool built on top of the Google Workspace, announced it has purchased Sherlock, a customer experience platform. They did not share the purchase price.

The pandemic pushed many shoppers online and providing a more customized experience by understanding more about your customer can contribute to and drive more engagement and sales. With Sherlock, the company is getting a tool that can help Copper users understand their customers better.

“Sherlock is an innovative engagement analytics and scoring platform, and surfaces your prospects’ and customers’ intentions in a way that drives action for sales, account management and customer success professionals,” Copper CEO Dennis Fois wrote in a blog post announcing the deal.

He added, “Relationships are based on engagement, and with Sherlock we are going to create CRM that is focused on action and momentum.”

RapidAPI snags Paw

It’s clear that APIs have changed the way we think about software development, but they have also created a management problem of their own as they proliferate across large organizations. RapidAPI, an API management platform, announced today that it has acquired Paw.

With Paw, RapidAPI adds the ability to design your own APIs, essentially giving customers a one-stop shop for everything related to creating and managing the API environment inside a company. “The acquisition enables RapidAPI to extend its open API platform across the entire API development lifecycle, creating a connected experience for developers from API development to consumption, across multiple clouds and gateways,” the company explained in a statement.

RapidAPI was founded in 2015 and has raised over $67 million, according to Crunchbase data. Its most recent funding came last May, a $25 million round from Andreessen Horowitz, DNS Capital, Green Bay Ventures, M12 (Microsoft’s Venture Fund) and Grove.

Each of these purchases fills an important need for the acquiring company and expands the abilities of the existing platform to offer more functionality to customers without putting out a ton of cash to do it.

What’s most interesting about the Florida water system hack? That we heard about it at all.

Stories about computer security tend to go viral when they bridge the vast divide between geeks and luddites, and this week’s news about a hacker who tried to poison a Florida town’s water supply was understandably front-page material. But for security nerds who’ve been warning about this sort of thing for ages, the most surprising aspect of the incident seems to be that we learned about it at all.

Spend a few minutes searching Twitter, Reddit or any number of other social media sites and you’ll find countless examples of researchers posting proof of being able to access so-called “human-machine interfaces” — basically web pages designed to interact remotely with various complex systems, such as those that monitor and/or control things like power, water, sewage and manufacturing plants.

And yet, there have been precious few known incidents of malicious hackers abusing this access to disrupt these complex systems. That is, until this past Monday, when Florida county sheriff Bob Gualtieri held a remarkably clear-headed and fact-filled news conference about an attempt to poison the water supply of Oldsmar, a town of around 15,000 not far from Tampa.

Gualtieri told the media that someone (they don’t know who yet) remotely accessed a computer for the city’s water treatment system (using Teamviewer) and briefly increased the amount of sodium hydroxide (a.k.a. lye used to control acidity in the water) to 100 times the normal level.

“The city’s water supply was not affected,” The Tampa Bay Times reported. “A supervisor working remotely saw the concentration being changed on his computer screen and immediately reverted it, Gualtieri said. City officials on Monday emphasized that several other safeguards are in place to prevent contaminated water from entering the water supply and said they’ve disabled the remote-access system used in the attack.”

In short, a likely inexperienced intruder somehow learned the credentials needed to remotely access Oldsmar’s water system, did little to hide his activity, and then tried to change settings by such a wide margin that the alterations would be hard to overlook.

“The system wasn’t capable of doing what the attacker wanted,” said Joe Weiss, managing partner at Applied Control Solutions, a consultancy for the control systems industry. “The system isn’t capable of going up by a factor of 100 because there are certain physics problems involved there. Also, the changes he tried to make wouldn’t happen instantaneously. The operators would have had plenty of time to do something about it.”

Weiss was just one of a half-dozen experts steeped in the cybersecurity aspects of industrial control systems that KrebsOnSecurity spoke with this week. While all of those interviewed echoed Weiss’s conclusion, most also said they were concerned about the prospects of a more advanced adversary.

Here are some of the sobering takeaways from those interviews:

  • There are approximately 54,000 distinct drinking water systems in the United States.
  • The vast majority of those systems serve fewer than 50,000 residents, with many serving just a few hundred or thousand.
  • Virtually all of them rely on some type of remote access to monitor and/or administer these facilities.
  • Many of these facilities are unattended, underfunded, and do not have someone watching the IT operations 24/7.
  • Many facilities have not separated operational technology (the bits that control the switches and levers) from safety systems that might detect and alert on intrusions or potentially dangerous changes.

So, given how easy it is to search the web for and find ways to remotely interact with these HMI systems, why aren’t there more incidents like the one in Oldsmar making the news? One reason may be that these facilities don’t have to disclose such events when they do happen.

NO NEWS IS GOOD NEWS?

The only federal law that applies to the cybersecurity of water treatment facilities in the United States is America’s Water Infrastructure Act of 2018, which requires water systems serving more than 3,300 people “to develop or update risk assessments and emergency response plans.”

There is nothing in the law that requires such facilities to report cybersecurity incidents, such as the one that happened in Oldsmar this past weekend.

“It’s a difficult thing to get organizations to report cybersecurity incidents,” said Michael Arceneaux, managing director of the Water ISAC, an industry group that tries to facilitate information sharing and the adoption of best practices among utilities in the water sector. The Water ISAC’s 450 members serve roughly 200 million Americans, but its membership comprises less than one percent of the overall water utility industry.

“Some utilities are afraid that if their vulnerabilities are shared the hackers will have some inside knowledge on how to hack them,” Arceneaux said. “Utilities are rather hesitant to put that information in a public domain or have it in a database that could become public.”

Weiss said the federal agencies are equally reluctant to discuss such incidents.

“The only reason we knew about this incident in Florida was that the sheriff decided to hold a news conference,” Weiss said. “The FBI, Department of Homeland Security, none of them want to talk about this stuff publicly. Information sharing is broken.”

By way of example, Weiss said that not long ago he was contacted by a federal public defender representing a client who’d been convicted of hacking into a drinking water system. The attorney declined to share his client’s name, or divulge many details about the case. But he wanted to know if Weiss would be willing to serve as an expert witness who could help make the actions of a client sound less scary to a judge at sentencing time.

“He was defending this person who’d hacked into a drinking water system and had gotten all the way to the pumps and control systems,” Weiss recalled. “He said his client had only been in the system for about an hour, and he wanted to know how much damage could his client really could have done in that short a time. He was trying to get a more lenient sentence for the guy.”

Weiss said he’s tried to get more information about the defendant, but suspects the details of the case have been sealed.

Andrew Hildick-Smith is a consultant who served nearly 20 years managing remote access systems for the Massachusetts Water Resources Authority. Hildick-Smith said his experience working with numerous smaller water utilities has driven home the reality that most are severely under-staffed and underfunded.

“A decent portion of small water utilities depend on their community or town’s IT person to help them out with stuff,” he said. “When you’re running a water utility, there are so many things to take care of to keep it all running that there isn’t really enough time to improve what you have. That can spill over into the remote access side, and they may not have a IT person who can look at whether there’s a better way to do things, such as securing remote access and setting up things like two-factor authentication.”

Hildick-Smith said most of the cybersecurity incidents that he’s aware of involving water facilities fall into two categories. The most common are compromises where the systems affected were collateral damage from more opportunistic intrusions.

“There’ve been a bunch of times where water systems have had their control system breached, but it’s most often just sort of by chance, meaning whoever was doing it used the computer for setting up financial transactions, or it was a computer of convenience,” Hildick-Smith siad. “But attacks that involved the step of actually manipulating things is pretty short list.”

The other, increasingly common reason, he said, is of course ransomware attacks on the business side of water utilities.

“Separate from the sort of folks who wander into a SCADA system by mistake on the water side are a bunch of ransomware attacks against the business side of the water systems,” he said. “But even then you generally don’t get to hear the details of the attack.”

Hildick-Smith recalled a recent incident at a fairly large water utility that got hit with the Egregor ransomware strain.

“Things worked out internally for them, and they didn’t need to talk to the outside world or the press about it,” he said. “They made contact with the Water ISAC and the FBI, but it certainly didn’t become a press event, and any lessons they learned haven’t been able to be shared with folks.”

AN INTERNATIONAL CHALLENGE

The situation is no different in Europe and elsewhere, says Marcin Dudek, a control systems security researcher at CERT Polska, the computer emergency response team which handles cyber incident reporting in Poland.

Marcin said if water facilities have not been a major target of profit-minded criminal hackers, it is probably because most of these organizations have very little worth stealing and usually no resources for paying extortionists.

“The access part is quite easy,” he said. “There’s no business case for hacking these types of systems. Quite rarely do they have a proper VPN [virtual private network] for secure remote connection. I think it’s because there is not enough awareness of the problems of cybersecurity, but also because they are not financed enough. This goes not only for the US. It’s very similar here in Poland and different countries as well.”

Many security professionals have sounded off on social media saying public utilities have no business relying on remote access tools like Teamviewer, which by default allows complete control over the host system and is guarded by a simple password.

But Marcin says Teamviewer would actually be an improvement over the types of remote access systems he commonly finds in his own research, which involves HMI systems designed to be used via a publicly-facing website.

“I’ve seen a lot of cases where the HMI was directly available from a web page, where you just log in and are then able to change some parameters,” Marcin said. “This is particularly bad because web pages can have vulnerabilities, and those vulnerabilities can give the attacker full access to the panel.”

According to Marcin, utilities typically have multiple safety systems, and in an ideal environment those are separated from control systems so that a compromise of one will not cascade into the other.

“In reality, it’s not that easy to introduce toxins into the water treatment so that people will get sick, it’s not as easy as some people say,” he said. Still, he worries about more advanced attackers, such as those responsible for multiple incidents last year in which attackers gained access to some of Israel’s water treatment systems and tried to alter water chlorine levels before being detected and stopped.

“Remote access is something we cannot avoid today,” Marcin said. “Most installations are unmanned. If it is a very small water or sewage treatment plant, there will be no people inside and they just login whenever they need to change something.”

SELF EVALUTION TIME

Many smaller water treatment systems may soon be reevaluating their approach to securing remote access. Or at least that’s the hope of the Water Infrastructure Act of 2018, which gives utilities serving fewer than 50,000 residents until the end of June 2021 to complete a cybersecurity risk and resiliency assessment.

“The vast majority of these utilities have yet to really even think about where they stand in terms of cybersecurity,” said Hildick-Smith.

The only problem with this process is there aren’t any consequences for utilities that fail to complete their assessments by that deadline.

Hildick-Smith said while water systems are required to periodically report data about water quality to the U.S. Environmental Protection Agency (EPA), the agency has no real authority to enforce the cybersecurity assessments.

“The EPA has made some kind of vague threats, but they have no enforcement ability here,” he said. “Most water systems are going to wait until close the deadline, and then hire someone to do it for them. Others will probably just self-certify, raise their hands and say, ‘Yeah, we’re good.’”

The Circle Expands Again. Joining SentinelOne to Solve Cybersecurity’s Data Problem.

It’s all about the data. Turns out it always was.

When we started Scalyr, we initially focused on log analytics – providing engineering teams with a detailed, reliable view into their distributed systems. But our core vision was always about data; specifically, event data.

The original Scalyr team previously worked together at Google. Google, of course, has incredible technology for working with data at scale, most famously the contents of the public web. Built on keyword indexes, Google returns high-quality search results in a fraction of a second. And yet, the internal tools used by Google’s engineering teams weren’t remotely up to the task of providing interactive access to logs and other machine event data.

The problem was that event data is fundamentally different than the natural language text that keyword indexes were designed for. The data is different, the structure is different, the usage patterns are different. Solutions designed for text struggle with event data, especially at scale.

That’s where Scalyr came in. Instead of looking for a cleverer set of compromises that would let us jam a slightly better analytics solution onto existing data management architectures, we built a new architecture from scratch, designed for large-scale, high-cardinality, highly dimensional machine data. We made some big bets: aggressive multi-tenancy, columnar layout even for poorly-structured data, a query engine that dispenses with indexes, a closely integrated streaming analytics engine that offloads repetitive queries from the main engine.

Our early offering had gaps. The user interface looked like a couple of backend engineers had built it – because that’s who we were. But it still inspired love. Users came, apparently, for the questionable UI. But they stayed for the scalability and performance. (Actually, they mostly came because they had read about our unusual architecture and wanted to try it out; and later, through word of mouth.)

That early response was everything we had hoped for. What we hadn’t anticipated was how users would keep finding new use cases, stretching far beyond log analytics. It turns out that if you give people a solution that can scale to their event data, new use cases will come out of the woodwork. And many of those use cases had nothing to do with our UI; customers were building new applications directly on our APIs.

And thus was born the Event Data Cloud: the event analytics engine at the heart of Scalyr, now available to power customer applications, analytics services, and dashboards. We found immediate interest from multiple sectors, including cybersecurity. We quickly realized that cybersecurity has much in common with log analytics: large data volumes; a mix of continuous monitoring of complex rules with bursty, ad-hoc analysis; and the ever-present tradeoff between scale, cost, and performance.

SentinelOne Meets Scalyr

Several months back, Scalyr was contacted by several passionate engineers looking to solve an interesting data problem in the realm of XDR. The folks at SentinelOne had aptly recognized that for a security company, data analytics is a strategic core competency, and long-term success requires building that competency in-house rather than relying on third-party solutions. They had been exploring the market, and saw that Scalyr’s Event Data Cloud was a perfect fit for their vision.

One of those “only in Silicon Valley” whirlwind romances ensued. Tests on real-world data showed that Scalyr’s unique architecture delivers groundbreaking cost, performance, and scalability for XDR use cases, just as it has for log analytics. Even more important, the flexibility of our architecture will power the next generation of solutions. Scalyr can ingest, correlate, and search data from any source. SentinelOne has industry-leading AI technology for analyzing and acting on data.

Today, I’m thrilled to celebrate that Scalyr is becoming part of SentinelOne. Together, we are poised to deliver the industry’s most advanced integrated and real time data lake that can ingest structured and unstructured data from any technology product or platform. This is a huge step for us; and yet, it’s precisely aligned with our existing course. The reason Scalyr and SentinelOne are such a good fit is that we share precisely the same vision around the value of event data. We will continue to develop our log analytics and Event Data Cloud solutions; but now, at a whole new level of scale and impact.

The Expanding Circle: A Bright Future

Scalyr started out by merging traditionally distinct circles of data in the log analytics world into a single, larger circle. That circle keeps on growing. What we’ve learned along the way is that the more data you have, the more use cases you find; and the more use cases you find, the more data you add. Our architecture incorporates a network effect – the farther we scale, the better it performs – meaning that as the circle grows, our customer experience only improves. As part of SentinelOne, we’ll be taking another huge step up that curve. I couldn’t be more excited!


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

My Thoughts: Securing the Enterprise’s Most Valuable Asset – Data – with XDR

2020 exposed the cybersecurity industry’s fundamental data problem – while cybersecurity solutions are put into place to protect data, their own inability to seamlessly ingest and action data from across the enterprise hinders realtime protection and response to damaging cyber attacks.

Organizations accelerated digital transformation plans to support remote workforces, driving the rapid adoption of cloud technologies. The result has been a massive growth in the amount of data organizations generate, process, and collect from myriad data sources. This has created new vulnerabilities and increased opportunity for targeted attacks that exploit security professionals’ limited visibility across complex cloud and distributed environments.

Today’s organizations require the ability to autonomously secure all enterprise data – security related or not. We’re taking a major step forward in allowing this by announcing the acquisition of Scalyr, a leading cloud-native, cloud-scale data analytics platform. The acquisition of Scalyr allows us to unlock the full potential of XDR and solve cybersecurity’s greatest data problems.

The Data Challenges of Fully Integrated XDR

XDR – the next generation of EDR – promises to go beyond endpoint devices, providing enterprises with a holistic, automated approach for securing today’s dynamic threat landscape. However, the promise of XDR has been constrained by the challenges that organizations face in ingesting, indexing, compressing, and performing analytics on data in a cost effective manner. Look at today’s vendors; few are able to effectively operationalize XDR for the enterprise.

According to Gartner, “building an effective XDR is more challenging than it might seem. Lack of data collection, common data formats and APIs, as well as products built on legacy database structures, make it difficult to integrate security tools even within the same vendor’s product portfolio”.1

For many human powered, data schema constrained cybersecurity products on the market, this data challenge is insurmountable. Many of the next-gen EDR offerings that we are often compared against are completely reliant on SIEM integrations or OEMs for point in time data correlation. This requires data to be indexed, introducing pipeline latency issues and limiting the ability to mitigate threats in real time, in addition to exorbitant search and storage costs. Streaming, realtime data, searches, and correlation is but a dream for peer vendors.

SentinelOne Delivers Fully Integrated XDR Through Scalyr

Scalyr’s SaaS platform overcomes these challenges and unlocks the full promise of XDR by allowing organizations to seamlessly ingest any data from any source and automate any action. By providing a realtime data lake and eliminating data schema requirements from the ingestion process and index limitations from querying, Scalyr can:

  • Ingest petabytes of structured, unstructured, and semi-structured data in real time from any technology product or platform
  • Take action against any data in real time
  • Assign policy, mitigate threats, and define action for every rule in an automated fashion
  • Allow organizations to rapidly analyze, query, and action data at an effective cost

All of these factors were integral in selecting Scalyr to advance the unrivaled innovation SentinelOne’s automated response capabilities and AI-powered Storyline technology deliver. Along with diverse XDR data, customers can automatically connect disparate data into rich stories and identify and take action against malicious behaviors, especially techniques exhibited by advanced persistent threats – including APT malware like Sunburst.

Our customers can extend automated response capabilities including threat mitigation, remediation, and ransomware rollback across the entire enterprise technology stack, to services and applications like Okta, ServiceNow, Slack, and more – all without human intervention.

Company Impact

Founded by the creator of Google Docs, Steve Newman, Scalyr created the industry’s first cloud-native, cloud-scale data analytics platform for log management and observability. Global brands including NBC Universal, CareerBuilder, TomTom, Lacework, Zalando, Tokopedia, and Asana use Scalyr to manage their large scale data operations. We are dedicated to continued investment in Scalyr’s solutions post-acquisition, supporting customers and evolving the platform.

Having this level of proprietary technology is a major acceleration of our efforts in bringing the industry’s most advanced AI-powered security to the entire enterprise. It also positions us to shape the ongoing convergence of cybersecurity and big data.

Few companies develop their own data stores and technology such as Scalyr’s cannot be built overnight. We developed the foundation to house and take action against all enterprise data with the Singularity XDR platform and Scalyr provides a rapid and exciting path to realize our vision. The acquisition also allows us to overcome the challenge vendors face in balancing the cost structure of ingesting and storing massive amounts of data. We’re able to deliver greater value to customers while strengthening our business model and increasing shareholder value. And, after surveying the space, we’re able to complete this transformational acquisition with the very best technology and team to align with our vision and with a shared set of values, principles, and integrity.

Today marks a new chapter in our company journey and positions us for continued hypergrowth and long-term success. I invite you to join us on the journey – whether that be replacing antivirus, replacing your next-gen endpoint technology, or looking for a home to take your career to new heights. Our company is a place dedicated to the success of our customers, to innovation, and to creating an environment for our team members to do their life’s best work. Take a few moments to engage with us and see how we’re taking cybersecurity to places not ventured before.

Tomer


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security