Two-year-old startup Revelstoke Security Inc. today launched itself into the security orchestration, automation and response or SOAR market with a product built on a single data plane that simplifies the process of gathering and analyzing security data.

Revelstoke has raised more than $13 million in Series A funding from ClearSky Ventures, Crosslink Capital Inc., and Rally Ventures Management LLC.

The company said its patented Unified Data Layer all but eliminates the need to code software integrations and makes it easy for users to switch between data sources, thereby eliminating lock-in.

SOAR is a term invented by Gartner Inc. to describe a class of technologies that automate security workflows and manual tasks using “playbooks” for such functions as alert management and incident response. The products are mostly used by security operations centers for threat monitoring and detection, threat intelligence, incident response and threat hunting. Because SOAR tools can require a significant amount of programming, they’re generally used only by large organizations.

Chief Executive Bob Kruse, whose 25-year cybersecurity career includes positions at Oracle Corp., F5 Networks Inc., FireEye Inc. and Obsidian Security Inc., said one of Revelstoke’s chief goals is to “solve the problem I created, which is too many point products. There are over 2 million jobs, too many alerts and too many hacks getting through,” he said. “Automation and orchestration are key because you can’t keep throwing bodies at it.”

Revelstoke is tackling the programming requirement with a no-code interface it says organizations can use to simplify such tasks as switching endpoint detection technologies. “In most platforms, if you want to switch from CrowdStrike to Sentinel One you have to completely tear it down and build from scratch in Python,” Kruse said. “Our users can go through our library of installations, drag and drop into a playbook and instantly integrate with Sentinel One. We let you switch from one vendor to another with no coding at all.”

Revelstoke integrates with point technologies through application programming interfaces, of which it expects to have hundreds by the end of the year, Kruse said. “We essentially do the coding for the user,” he said.

It also employs a high degree of automation with the option for users to fall back to custom configurations where needed. No-code and low-code playbooks automate information gathering, escalations, closures and post-mortem reporting.

“It’s like having three additional analysts on staff,” Kruse said. We can take the analysts who resolve false positives and automate the process so they can find what’s really coming at the company in terms of false alerts.”

The product is constructed on a cloud-native foundation using microservices and can scale almost infinitely, the company said. Machine learning algorithms automate and customize models for various aspects of system administration such as impact analysis, employee onboarding, risk calculation and identity management. There’s also a component that measures the product’s impact in terms of time and cost savings for specific workflows.

The company’s pricing model is novel: It charges based on the size of the customer company with no limit on the number of users or functions employed. Pricing for a one-year subscription for a 1,000-person company is $125,000, Kruse said.

Image: geralt/Pixabay

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.


Source link