San Jose, Calif-based network threat detection and response firm Vectra has closed a $100 million Series E funding round led by TCV and supported by existing investors. This brings the total raised since the firm was founded in 2010 by James Harlacher and Mark Abene to $222.5 million. Vectra uses artificial intelligence to detect 'in-progress' cyber-attacks on the network.
Vectra CEO Hitesh Sheth told SecurityWeek that the new funds will primarily be used for global market expansion. "One-third of our business today is in Europe and the Middle East, and we have just expanded our footprint into Japan, Australia and New Zealand. But there are still parts of Europe and parts of Asia with no presence. We'll be expanding our business in these areas -- and our U.S. business is still growing."
The three primary purposes for the funding are to expand into new areas, to consolidate in existing areas, and to build the brand with additional marketing. Vectra's products, based on its Cognito platform, are already stable and established. The sales model is to sell via local partners, and the additional presence will support those partners in what Sheth describes as 'symbiotic' relationships around the world.
Vectra uses artificial intelligence to detect attack footprints within network traffic metadata that might indicate a threat. "The cloud has inherent security blind spots, making it imperative to eliminate cyber-risks as enterprises move their business to the cloud," said Sheth. "The Cognito platform enables them to stop hidden cyberattacks in the cloud."
Those blind spots can often be found in the management plane of cloud-based infrastructure-as-a-service (IaaS models), and data leakage from stored databases. "The cloud is like the early days of on-prem data centers," explained Sheth. "Security is always a late add-on to services, leaving gaps." But everything that happens -- good or bad -- happens on the network; and knowledge of what happens will detect any intruder.
He gave the example of Amazon's S3 buckets, where Amazon has only lately improved the security. Vectra won't prevent people spinning up S3 buckets (although it will be aware that it has occurred), nor will it take much notice of S3 buckets in existence. "If they're lying around and there's nothing happening, we won't really care; but the moment we see data leaving them, then we would care a lot."
Sheth differentiates Vectra from other AI-based threat detection systems by stressing that it is not an anomaly detection system. "One of the biggest mistakes vendors have made is to treat this as an anomaly problem. It's not, even though we also thought that in our early years. Anomaly detection generates spectacular graphics with spectacularly bad results. You have to deconstruct the way attackers think about the network, and then you can focus on the type of behavior an attacker will use." All this can be found in the metadata.
"The problem with anomaly-based detection," he continued, "is that it is unsupervised machine learning." This is the basis of the huge number of alerts that can be generated by some systems. "The secret," he said, "is in the way you blend supervised with unsupervised machine learning."
Vectra's Cognito platform is supported by three separate applications: Cognito Stream (sends security-enriched metadata to data lakes and SIEM); Cognito Recall (a cloud-based application to store and investigate threats in enriched metadata); and Cognito Detect (real-time analytics). "They're all distinct in what they do," said Sheth, "and customers can start with any one of them. Once one has been deployed, there is no more infrastructure required to adopt either or both of the others."
Vectra closed its Series D funding round for $36 million in February 2018.
Related: Cyberattacks Against Energy Sector Are Higher Than Average
Related: Hunting the Snark with Machine Learning, Artificial Intelligence, and Cognitive Computing
Related: The Current Limitations and Future Potential of AI in Cybersecurity