Among the new companies I met at last week's Infosecurity Europe show was one that described its offering as "security intelligence and analytics" – or "what the SIEM does not see or what the firewall doesn't have a signature for".
Although not a start-up – it was established five years ago – this was a first move into the UK for Solera Networks.
President and CEO Steve Shillingford and CTO Joe Levy told me that its technology was about offering the extended visibility that log management and security incident and event management (SIEM) failed to achieve.
Levy said it is creating events as the impact is often not detailed, and what evades detection is what users are concerned about. He said: “This complements the SIEM and log management as there may be an instance where something has never been seen before in an attack or there is no idea what the file was.
“It is about masses of information, companies are handling terabytes of data and correlating it is hard. It is not there to block, it is just about working in real time.
“Customers want historical retrospection, when you have a security event you want to go back and see it, to go into the network and see what happened on the network. There is also better sense overall on how log data is used, and with deep packet inspection and software analytics, they are the core of our technology.”
Shillingford said it is about collecting information from layers two to seven and being able to protect that data – but said that has ended with data being held by third parties. In terms of the foundation of the company, he said that influence was drawn from what Novell had done in the early 90s; in this instance, though, it was about converting packet data into readable files to define policy.
A file is then reverse-engineered or sandboxed for deep packet inspection so that all files can be seen. “Look at the evolution of network security, the packet flows to the file level,” he said.
He added that it is a platform with a high-speed database and outer platform for analytics, and visualisation is done on the cloud and also on the box.
Last week the company launched a new version of its DeepSee platform, which it said provided the ability to "un-box" the power of security intelligence and big data analytics technology. Shillingford said this was about decoupling software from the appliance and to the virtual machine so that it can be installed onto any server.
He admitted that there had been some barriers to adoption, particularly as the rate of technology can often mean that it is out of date in two years, so the intention was to take barriers out and make software installation possible.
“There is some standalone technology, so we say run our software without our box and refresh the cycle. We are delivering this in an easy-to-deploy, software-based solution, which means that any enterprise can have full visibility, situational awareness and intelligent incident response,” he said.
Joining the company in the past 12 months as vice-president of marketing was John Vecchi, who I last met when he was in a similar position at Check Point. I asked him to summarise Solera's offering; he said other vendors are "all doing the same thing with preventative technology that is based on known signatures".
He said: “This company is doing something different, others won't say what to do when you are breached and still be secure. If you have not been breached then it will happen, so this is the next emerging market and we are now bringing technology to after the event to know what was taken from the network and if it was still there.
“It is very interesting, for me it is like the genesis of the intrusion prevention market, but now everything is next generation and this will be the next mainstream technology.”