The company hasn’t tapped into the platform’s enforcement capability where it can block malicious behavior. He’s taking a conservative approach and checking out alerts with security analysts and manually remediating. “I’m always thinking about the maturity curve,” of new products, he says, and wants to wait to verify how accurate the Seceon platform is before he decides to use auto–response. “Once I’m satisfied, the answer is yes.”
OTM uses machine learning and data analytics to find attacks and to learn what’s normal and what activity indicates attacks, says Chandra Pandey, Seceon’s CEO.
The platform includes a library of scripts of commands via APIs to various vendors' gear to intervene when an intrusion is detected. It’s a finite list of devices, but the company has started with the major vendors in each category so the scripts are as widely useful as possible.
So firewalls could block threatening connections or users that seem involved in suspicious activities could be forced to reauthenticate and have their permissions reduced via Active Directory.
Seceon was founded in January 2015 to develop a threat detection and management platform to find attacks not picked up by SIEMS, IDSs and firewalls, says Gary Southwell, the company’s CSO.
Pricing can be based on numbers of machines at $50 per month for critical assets, $500 per month for core networking devices, with discounts for volume. Or customers can pay a flat $100,000 per year for a single server instance handling as many devices as the customer wants to include.
The company is privately funded.
Pandey and Southwell have worked together for 16 years, starting at optical Ethernet vendor Internet Photonics (bought by Ciena in 2004), Juniper Networks and BTI Systems.
Sign up for Computerworld eNewsletters.