Things are changing rapidly in the cybersecurity industry.
The average citizen only ever considers data security sporadically, usually when yet another commerce giant makes news for exposing its customers to the whims of unknown hackers. Meanwhile, valuable business and customer data have overflowed from data centers and into cloud-based servers, supply chain partners, service providers and a dizzying array of endpoints, from IoT devices on a factory floor to the smartphone in an employee’s pocket.
For this reason, Kerry Bailey believes the cybersecurity industry stands at a tipping point.
“The traditional security tools we have today are going to let things through,” Bailey said in an interview with Built In Seattle. “Nothing is foolproof now; there’s no silver bullet out there.”
And even as firewalls and antivirus software stretch to protect a sprawling number of vulnerable targets, the evolution of cybercriminals’ techniques is accelerating.
“As a business, security now has to be built into everything you do,” Bailey went on. “It’s a mindset. We used to say ‘protect your passwords and make sure your antivirus is up to date.’ But now you’ve got to think every day about how you’re going to protect data.”
“You’re going to be attacked, so how do you manage risk — and what’s your response when an incident occurs?”
Bailey should know. After eleven years in the Office of Naval Intelligence in the 1980s and ‘90s, he led a succession of cybersecurity firms and technical teams within enterprises like Verizon and Hewlett Packard. Last year, Bailey took the helm of Ontario-based cybersecurity company eSentire.
In the last year, the Canadian company — which has offices and “security operations centers” scattered across Europe and North America — was acquired by private equity firm Warburg Pincus, raised $47 million and recently arrived in Seattle with the acquisition of local startup Versive.
So what do they do?
eSentire is a pioneer in the field of “managed detection and response,” in which the philosophy is simple: hackers can now breach almost any network, and the goal must be to detect and eject bad actors as soon as possible. The company’s artificial intelligence algorithms monitor data coming in from endpoints, networks, cloud sources, logs and elsewhere for signs of hackers within a system — an access denial, for example, or suspicious data movement.
Once the AI identifies the activity of a potential hacker, an eSentire staffer (known internally as a “threat hunter,” surely one of the more badass job titles in tech) steps in to assess and neutralize the intruder.
“We have an appliance, which we put wherever your network structure is, and it takes in every network packet there is. Our IP is also there, and it can detect anomalies and any kind of threats that are going on,” Bailey said. This data, combined with information from endpoints and cloud servers, gives eSentire an overall view of what is going on within a system.
In addition, customers use the managed detection and response model to detect slower, more clandestine data theft by someone inside a system. To understand the way eSentire’s cybersecurity tools work, it’s helpful to picture a company’s system as a country like the United States, with numerous secured points of entry surrounding a vast, largely unmonitored internal system. Now imagine eSentire’s real-time threat identification capabilities performing the work of the TSA, while its longer-term search for internal, covert bad actors is the digital equivalent of the FBI.
“Cybersecurity is probably the best use case for AI,” Bailey said. “There’s been hype over the years about how AI’s going to save the world, but I think right now we’ve got one of the best use cases for it. We’ve got a defined problem, it finds patterns, it can take large amounts of data, we’re using it in a way that provides significant value — and humans can’t do it.”
If you look at the money we put in — it’s a big number — over half of that is going to R&D.”
Investing in Seattle
When eSentire went looking for its first acquisition, Bailey said the company was originally drawn to Seattle-based Versive for its talent.
“They had seven Ph.D.s, 22 machine learning scientists and a fantastic culture,” he said. “But when we started the due diligence, we realized their software could provide the machine scale to our 700 customers — and the amount of data we take in is terabytes.”
“Their product, combined with our security operations centers around the world, can handle insider threats and adversaries that you need deep hunting to find.”
The company plans to continue its investment in the Pacific Northwest and is on the hunt for engineers, machine learning scientists and product managers. Bailey said the company may open another security operations center in the region, and that it is investing heavily in research and development within its new downtown Seattle office.
“If you look at the money we put in — it’s a big number — over half of that is going to R&D,” Bailey said.