As reliance on digital infrastructure increases, companies across all sectors have more to lose from a breach than ever before. Changes in the way we work and the increasing use of remote devices to access and share data within the enterprise has meant that networks and access points are becoming more diverse. It is typical for individuals to use personal mobile phones for a large number of work tasks, laptops or tablets at home or abroad; and in some cases, access company networks via a new device temporarily. These behaviours have resulted in the need to expand protection from inside-only to both inside and outside of the modern enterprise.
It goes without saying that protecting the enterprise from cyber-attacks is a challenging problem. Without dwelling on a massive market size number (in the trillions of dollars), to put the pace of this problem in context: last year, the global cost in damages from cyber-crime overtook global drug trade.
From the perspective of a security team, simply put — volume and velocity of network events in the enterprise is higher than ever before. Anomalies and shifts in patterns of behaviour are often detected but flood security teams with alerts, as anomalous behaviour is a frequent occurrence in today’s enterprise networks. According to Goldman Sachs, more than 95% of alerts are not investigated with a vast majority being false positives. This volume and velocity coupled with an increase in the sophistication of cyber-attacks means the time for a malicious threat materialising is shortening.
As part of forming a view of how the cyber stack is evolving to tackle this challenging problem, we explored the mindset of the decision makers. When looking into the buyer landscape, MMC’s research team had over 30 discussions with leading CISOs (“Chief Information Security Officer”) and independent experts on the practical challenges faced and their key priorities — the top responses were consistent:
“1. Networks aren’t simple anymore, and don’t have a specified perimeter”
This included developer processes that involve temporarily hosting data in sensitive locations, to individual devices accessing shared networks.
“2. We are overwhelmed — so we can only look at 5% of alerts”
Signal-to-noise ratio is a huge issue for teams. Lack of available, experienced security analyst resource is a growing and significant pain point — shortage in cyber security professionals estimated to be 2 million globally in 2019 (Digital Skills Committee).
“3. We have to pay attention to too many different tools”
Often, more than 20 vendor solutions across the stack and a strong desire to rationalise the number of vendors. One CISO of an EU Insurer even told us they knew: “many of our single-point vendor solutions have overlapping functionality”.
We believe that a machine learning approach can be used to help address these problems. However, existing solutions we looked at were either rules-based or focus on applying AI to datasets which sit in silos — focusing in one part of the digital estate (e.g. understanding endpoints or the network). Simply surfacing the conclusions of the data from across the stack through an aggregated dashboard (e.g. via a SIEM — “Solutions Information & Event Management”) to help prioritise isn’t good enough. A bottom-up approach for combining the underlying datasets from your access points and network, and applying advanced analysis to them is needed. This may sound obvious, but the threshold for building and successfully deploying such a solution and the multi-faceted expertise required to do so is extremely high.
That is why we led a $6.4m round into Senseon, alongside our friends at Amadeus Capital, Crane Venture Partners as well as CyLon, the cyber accelerator Senseon came out of last year. Senseon’s “AI triangulation” approach understands and correlates information gathered across the network, endpoint and microservices across the enterprise. The hard work they have put into their architecture is the prerequisite to emulating the security analyst by triangulating between the “Observations”, “Hypotheses” and “Actions” they make. By applying the latest advancements in reinforcement learning to combined datasets, the number of alerts surfaced to security teams is reduced to just the credible threats, while also surfacing new types of anomalous behaviour — again, testament to their unique architecture.
CISOs no longer have to manually combine multiple pieces of software into a comprehensive defensive strategy. Through a single holistic platform, they are able to detect, solve and prevent cyber-attacks and gain a better understanding of their entire digital estate.
Senseon’s fit with our understanding of CISO’s real pain points/ priorities was just one part of our investment thesis, the business was also one of the highest scorers against our AI Investment Framework, out of more than 450 UK AI companies we have met. MMC’s investment framework is the basis on which we evaluate early stage software companies that put ML at the heart of their value proposition, the 17 factors span six competencies: strategy, technology, data, people, execution and capital.
Senseon’s performance against MMC’s AI Investment Framework
To succeed in this space, you require a deep understanding of how security teams work, the problems they face and importantly — how to ensure you achieve cut through such that you become and remain a meaningful part of the cyber security stack.
Senseon’s team has all this in spades. While the technology is impressive, we were particularly struck by the drive and ambition of the team, led by founder and CEO David Atkinson. David’s background as a military cyber specialist, where he spent over 15 years, informs his innovative approach towards cyber security. You can read more about his journey here. The team doesn’t stop at David — he is supported by some of the leading talent in threat analytics and data science, including Dr. Neil Caithness who spent 12 years developing new statistical anomaly detection techniques at Oxford University.
Unsurprisingly to us, given the challenges that came out of our research, their solution has very quickly resonated with enterprises and their customers were excited by the results they were seeing. The pull from the market has meant that Senseon have needed to swiftly focus on sales and customer support. This investment is to both fuel their impressive progress to date, whilst allowing them to continue providing their customers with a leading-edge cyber solution. Senseon’s ambition is global and we’re excited to be joining the company on its journey from here.