There's space in SIEM for a new Alien
Malware hits the Mac but is it worth worrying about?
Think all security information and event management (SIEM) vendors are owned by big businesses?
This week I met with a new vendor in the SIEM space that has undergone a major expansion with the recruitment of some seasoned security professionals. Founded in Spain in 2002 and now based in California, AlienVault began with an open-source technology, with a commercial version following a few years later.
Executive vice-president James Yares said this commercial version was created to handle capacity and volume. “The value of the company is to be democratic and make it available to everyone, its roots are in open-source SIEM and to support and enhance that, and we continue to work with the open-source SIEM,” he said.
Rather than speaking as the old head corporate head, Yares was in his fourth week at the company, while senior vice-president of international sales Richard Kirk was in his third week. Both men were previously at Fortify, and moved on following the acquisition in 2010.
Also joining them are former Fortify chief products officer Barmak Meftah as president and chief executive officer and Fortify founder Roger Thornton, who assumes the same position as chief technology officer.
John Richardson, formerly vice-president of finance at HP Fortify, will serve as vice-president of finance and administration. Jack Marshall, formerly vice-president of customer success at HP Fortify, will become vice-president of customer success, while Gail Boddy, former vice-president of human resources at HP ArcSight, will have the same role at AlienVault.
AlienVault will continue to be led by co-founders Julio Casal and Dominique Karg, who will be general manager of the new MSSP business unit and lead of the open-source SIEM community as chief hacking officer respectively.
Yares told me that AlienVault enables users to deploy and operate cost-effective unified security management solutions for better threat management and easier PCI/SOX compliance, while its solutions come integrated with sophisticated open-source security tools such as Snort, OSSEC, OpenVAS, ntop, Nagios and NetFlow.
Yares said the SIEM market is "well-established and growing quickly", and while other vendors have been bought up and it was a "ton of fun" to be acquired, it was now their job to grow a new company and make it valuable.
He said: “What we always hear from CISOs is that there is value in SIEM systems and they have stuck with the AlienVault design and what comes with it. They like how it is engineered and how its sensors make use of the open-source computing and the fast time to deployment.
“It is deep technology that others do not do and an example is its reporting capabilities. Some users have said that they put it in to see what is in the network. With this there is an opportunity to grow rapidly.
“We have had 160,000 downloads of the OSSIEM; we find that people download enough to get going and enable security teams to learn about SIEM to use it.
Kirk said: “This was built for open source so we have had to make it so it works from the ground running, but we will continue to take advantage of our open-source roots.”
AlienVault later confirmed financing of £5 million from Trident Capital with participation from existing investors Adara Venture Partners and Neotec. Trident Capital has a track record of building successful cyber security companies including: AirTight Networks, BlueCat Networks, HyTrust, Qualys, Solera Networks, Voltage Security and Sygate.
Trident managing director J. Alberto Yepez is appointed as chairman of the AlienVault board, while Trident principal Michael Biggee also joins the AlienVault board of directors.
AlienVault said that the funding will be used to accelerate research and development and aggressively expand sales and marketing to meet increasing demand for unified security management from around the world.
The company has already staked its case in 2012 with research on attacks, and if you can overlook the brands that are now part of a portfolio, there is a space ready for AlienVault.