Bringing Understanding to Security

Some of our earliest conversations about Armorblox were with prospective customers to understand their pain points around protecting their employees and their data. Our conversations with VPs of Security, CISOs, and CIOs informed us of security organizations struggling to stay ahead of increasingly sophisticated attack vectors, while getting buried under a mountain of alerts. Through these conversations, we found a common theme: security products lack understanding.

Today’s solutions to prevent attacks are fragmented and compartmentalized across multiple product categories that do not communicate, adapt, or learn from each other. Configuring these products is expensive and time-consuming because their interfaces are difficult to use. After investing millions into products and creating thousands of policies, security teams are loath to update them because they do not know how, or find it difficult to assess the impact of any changes. As a result, policy evolution remains elusive, and organizations end up investing in thousands of additional policies to protect against slightly different evolving scenarios.

Detection efficacy is also anemic across these product categories because of very simplistic detection approaches that generate a mountain of alerts that require armies of analysts to triage. However, they have little context around why these alerts were generated in the first place, making remediation timelines painfully long.

Even siloed responsibilities lead to product stack fragmentation. Overlapping pain points but disparate budgets result in different products purchased by the CIO, CISO, CDO, or the CRO.

We know that traditional approaches of tracking metadata and detecting outliers have failed, with 94% of attacks still originating via email. Security awareness training only provides a temporary band-aid that is as effective as asking someone to pay attention to the announcements made by a flight attendant before a flight takes off. Meanwhile, security teams are frustrated and overwhelmed by the sheer number of alerts generated by products on a fragmented security stack that lack context and require weeks of training to learn how to operate.

Several macro trends in technology indicate that the time is right for a radically different solution that addresses these shortcomings comprehensively.

• Natural language processing (NLP) is going through its “ImageNet moment” today as compute costs get cheaper, tools like Tensorflow become more accessible, and new breakthroughs in research push the frontiers of natural language understanding (NLU) and machine comprehension.
• Maturing of the API-driven ecosystem makes it easier to integrate upstream into a wide variety of data sources for inspection, and also into downstream incident response and security analytics products and workflows.
• Liberal BYOD policies at work and modern, responsive web frameworks make it possible to create delightful end-user experiences to secure organizations better.
• Cloud-native architectures using Kubernetes make it possible to autoscale clusters to dynamically scale-up or scale-down based on resource requirements and provide more secure and cost-effective cloud-based solutions.

After our customer interviews, we saw the key insight that solving for their pain points required ingesting, analyzing and understanding all communications within their organizations. And we were excited that leveraging these technology trends – including the latest advances in deep learning and NLU – could help us bring understanding to security.

The Journey

Translating that insight into a functioning product that delights customers has been an amazing journey so far. We set out to build a product that solved their challenges. We wanted to create something that was broad enough for us to build and improve upon, while at the same time narrow enough for us to deliver a product to our customers quickly.

For this, we had a few goals in mind that drove our technology choices:

• A cloud-native stack that would allow us to autoscale up or down based on data volume, offer SaaS, on-prem or hybrid solutions, and remain provider-agnostic.
• An analytics-centered approach that provides exploratory, prescriptive and preventive interfaces to analyze and remediate threats.
• A multi-device and multi-channel strategy toward remediation and response that would allow us to involve all employees in protecting their organizations while increasing the contextual relevance of alerts sent to the security teams.
• A security-first vision for how we built our product that protects our customers and their data.

We have been continuously rebuilding and refining the platform with customer feedback for almost a year now. It has been an incredibly rewarding experience to engage with them, understand what we did well, and identify what we could do better to provide more value to them.

It is a fascinating journey when you get to participate from the early days in industry transformations. I was at BlueJeans Network from the very early days. In 2009, when we got funding, our core premise was that a cloud-based video bridge that connects across a disparate set of collaboration products would be the wave of the future. BlueJeans led that revolution and transformed how we collaborate at work. When I joined ThoughtSpot in 2013 in the early product development phase, our thesis was that search had become the de facto interface for finding information in our personal lives, and that it would change how we seek information in our corporate lives. As a Gartner Magic Quadrant leader, ThoughtSpot has defined and led that transformation.

We are at a similar inflection point in the world of securing organizations and their information. At Armorblox, our mission is to bring understanding to security, using deep learning and NLU, to solve security’s biggest security challenges. To empower security teams in doing their jobs better, so they have fewer, contextual alerts to process and therefore, can free up time to devote to other predictive and preventive tasks to protect their organization. To democratize alert triage by getting employees actively involved in protecting their organizations against data loss or identity-related attacks. To go beyond just metadata and pattern detection to analyze and understand the content and context behind communications to better defend and protect organizations, and provide them with a whole new way to measure and mitigate the risk that is associated with their communications with the outside world.

Collaboration and communication are the lifeblood of any organization. Protecting organizations against attacks on this core asset involves protecting their employees from people-hacking, as well as from intentional or unintentional data loss. This presents a unique opportunity for AI to actually help people keep their jobs.

We foresee a new category evolving over the next few years centered around the human layer, with the mission of protecting all human communications in an organization. We’re excited to contribute to that evolution and provide lasting value to our customers.