Security Experts:

Confluera Raises $9M, Unveils 'Real-time Attack Interception and Defense' Platform

Palo Alto, California-based start-up Confluera has simultaneously announced a Series A funding round of $9 million and the launch of its new Real-time Attack Interception and Defense (RAID) platform.

The funding round, which was oversubscribed, was led by Ravi Mhatre of Lightspeed Venture Partners, and industry pioneers behind Symantec, Palo Alto Networks, and ServiceNow. Confluera was co-founded by Abhijit Ghosh, Niloy Mukherjee, and Bipul Sinha. Ghosh, CEO, was formerly the director of engineering at Juniper Networks; Mukherjee, chief architect, was formerly with Oracle; and Sinha is a venture partner at Lightspeed and co-founder and CEO at Rubrik.

The RAID platform, now available through Confluera's early access program, employs patent pending technology known as Distributed Execution Trail Ranking. This takes the detection of attacks in progress one step further than the more traditional machine learning-based anomaly detection systems. "The technology," says Confluera, "leverages distributed ledger principles to deterministically track infrastructure wide activity trails while continuously aggregating machine comprehended behavioral signals on these trails."

These 'trails' are scored and ranked to detect and intercept live attacks from within "a haystack of disconnected signals and automatically deliver surgical responses." The result is a system able to detect stealthy incursions designed to blend into the environment while still progressing.

"ML-based anomaly detection is an important visibility into potentially malicious activity," Abhijit Ghosh, co-founder and CEO at Confluera, told SecurityWeek. "We have anomaly detection as an important component of our security capabilities, but it's just one piece of the puzzle as we take security results from multiple sources." 

He continued, "Anomaly detectors by themselves typically produce noisy results with false positives that are individually inconclusive and require further triaging of activities around the anomalous event to understand the larger context. Our ability to deterministically track activity sequences brings the fundamental context necessary to aggregate security intelligence from multiple sources and intercept attack progressions."

The Distributed Execution Trail Ranking technology tracks activity sequences across the infrastructure in real time as a causal map of system events. It uses multimodal security intelligence to rank malicious activity sequences and intercept attack progressions. "Our technology," continued Ghosh, "is based on distributed ledger principles and built on top of a massively scalable data management framework."

One of the early adopters is American Showa. "None of the solutions in the market could detect breaches in real-time, and more importantly, remove them surgically," said Sean Henry, MIS manager. "With Confluera, we are able to accurately detect and respond to breaches in real-time without impacting our business."

A second, accounting firm CohnReznick, is attracted by RAID's ability to move from real-time detection to rapid response; an ability, he says, "that operationalizes our critical infrastructure security."

The RAID platform does three things. It tracks all activities, malicious or benign, to build a real-time map. This highlights activity trails that are contextually fused with information from all possible sources to identify any malicious intent. Surgical responses are then automatically deployed across affected entities to stop any attack progression. As a result, says the firm, the attacker's foothold is removed, costly reliance on manual triages is eliminated, and the value of existing security investments is improved by contextualizing all signals within the RAID platform.

Related: Rate of Cybersecurity Venture Funding Not Sustainable, Investors Say 

Related: Artificial Intelligence Threat Detection Firm Vectra Raises $100 Million 

Related: Fighting Alert Fatigue With Security Orchestration, Automation and Response 

view counter
Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.