Behavioural analytics security company Fortscale has announced an inter-round raise that has brought the company to a total of US$16 million. Participating in the mini round were UST Global and CME Ventures, marking the Chicago group’s first investment to date in Israel.

“We are very proud that we are their first investment in Israel,” CEO Idan Tendler tells Geektime. “We provide them all the things that they were looking for in a solid investment combining machine learning, security, and big data all in one company.”

Series A investors Intel Capital and Blumberg Capital also joined in to raise the undisclosed sum that the company has called “a couple million” ahead of their Series B that they hope to have by summer 2016.

The company was co-founded in September 2012 by Tendler and COO Dr Yona Hollander. With headquarters in the San Francisco Bay Area, Fortscale maintains an R&D facility in Tel Aviv.

Working primarily with the US enterprise market, the company says that it is monitoring 500,000 users globally for dozens of clients.

Also Read: Israel’s illusive networks scores a rapid US$22M Series B 

Keep your enemies close – and your users closer

Looking back through some of the major data thefts of the past few years, a shocking number have been carried out not by hackers breaking past the exterior defenses, but by insiders overstepping their bounds to steal sensitive material.

When Edward Snowden (in)famously copied the notorious dump of sensitive documents, he gained access by simply asking his network administrator friends for their usernames and passwords, accomplishing a feat that no hacker from the outside could have dreamed of ever achieving.

At Fortscale, they have developed a product that lets enterprises track their own users for suspicious behavior, letting them catch malicious attacks before they can cause real damage. The team claims to be one of the first movers in the field of User Behaviour Analytics (UBA).

Tendler explains that he had started out looking to develop an analytics system that could leverage log repositories and use machine learning to provide security teams with valuable insights.

However, CSOs told him that they needed a solution for “tracking users, our own employees, since users have become the Fort threat to the enterprise and there is severe lack of visibility into user behaviour.”

Also Read: 5 traits of an ethical hacker 

What emerged was a Hadoop-based platform that uses an independent machine learning framework that is installed on site to study user behavior.

As the system gets to know users, it begins to understand which actions are normal for the user’s profile and then identifies actions that fall outside of those lines that could indicate a security breach. The algorithm looks at factors such as which machines and apps are being used, what times they are being accessed, and other elements to find abnormalities in behavior.

The company recently released its latest version — Fortscale 2.0 — that it says has improved profiling accuracy. It creates risk scores that can differentiate between abnormal behaviors from a user while looking across similar users for the same types of actions.

Tendler gives the example of a programme manager who opens an application he has never accessed before, generating a high risk score and alerting the security team to launch an investigation. However, the system is smart enough to check if all users access this app once a year. It understands that this action still falls in the “normal” category and cuts down on false positives, where cutting through the noise can be a challenge.

How it stacks up to the competition

There has been a bit of a misperception in recent years regarding many of the more publicised hacks of big names like Target, the Office of Personnel Management and Ashley Madison.

In all of these cases, it has been proven or strongly suspected that the attackers either used their own log-ins or used another’s compromised credentials to enter the system. In fact, Tendler says that malicious employees make up 80 per cent  of their cases, with only 20 per cent being hackers who have stolen a user’s credentials.

These cases all highlight that the biggest threats come from the internal users, and the need to take a new approach to protecting valuable assets.

Competing with Fortscale are big players like Palantir and Securonix with their Big Data capabilities. There are also the in-house security teams that are doing this work themselves without the help of more sophisticated platforms that can offer more insights.

The UBA field is likely to continue to grow and Fortscale is posed to stay at the forefront of their industry. Their team brings a winning combination of machine learning and an intelligent approach to uncovering miscreants and malfeasance.

In the lead up to its Series B that will probably occur in July, the 50-member company plans on growing its sales and marketing to get its great product out to a wider audience.

Also Read: YiSpecter iOS malware bypasses security, scares Chinese users 

The article Insider threat protection Fortscale pulls millions in pre-B funding first appeared on Geektime

Image Credit: Fortscale