Preempt has launched what it says is the industry’s first firewall based on tracking user behavior coupled with an instant automated ability to respond.
The “behavioral firewall,” which aims to protect enterprises from security breaches and malicious insiders, couples analysis of the behavior of users to detect threats with a response system to neutralize the threat. The system allows organizations to avert threats in real-time, said the company, which has its headquarters in San Francisco and a research and development center in Ramat Gan, Israel.
Even as companies are securing the perimeters of their businesses using firewalls, hackers have shifted their focus to weaknesses in the internal networks of companies, Preempt said. Trusted employees sometimes mistakenly give hackers access though misplaced laptops and smartphones, incorrect disposal of company information, or sending sensitive information to the wrong person, Verizon said in its 2016 Data Breach Investigations Report.
“Humans were found to be the weakest link across a vast majority of data breaches investigated” in 2015, Verizon said in the report. In 60 percent of the breaches, hackers are able to compromise an organization within minutes, the report said.
“This highlights a need for real-time visibility into breach detection and response capabilities that can instantly pre-empt these threats,” Roman Blachman, a co-founder and chief technology officer at Preempt said in a statement. Traditional firewalls tracking user behavior can perhaps detect threats, but are unable to respond, he said.
Blachman served over 10 years in the Israeli army, leading cyber security product development teams and a mobile cyber-security research team, the company said.
When identifying unusual user behavior, Preempt’s system uses a set of automated response mechanisms to a verify the threat by directly interacting with the user. If a real threat is perceived, then the system can automatically apply a policy to block, notify, or challenge users with multi-factor authentication.
“Behavioral firewalls can characterize user behavior through machine learning and other techniques to determine what is normal behavior for a specific user or a group of users within an enterprise network,” Ajit Sancheti, a co-founder of the company who has 20 years of experience in IT security, said in an email interview. Preempt’s solution not only can track user behavior but can also adapt to the changing behavior of users, as they switch from project to project, he said.
Traditional firewalls, on the other hand, are static and cannot adapt to the changing nature of user behavior as the roles and projects inside enterprises change. “Companies are attempting to characterize and understand user behavior but we have not seen any solution combine user behavior analysis with adaptive policy based response,” Sancheti said.
In April this year Preempt raised $8 million in series A financing led by General Catalyst Partners and other investors including Mickey Boodaei and Rakesh Loonkar, the founders of Trusteer and Paul Sagan, the former CEI of Akamai Technologies.