An intel start-up that aims to expose 'dark web'

CHANTILLY: On a recent Wednesday morning, 100 intelligence analysts crammed into a nondescript conference room here and dialled into a group call with 100 counterparts in Argentina, Brazil, Cyprus, India, the Nether lands, Romania, Spain, Taiwan and Ukraine.

As they worked their way around the room, the analysts briefed one another on the latest developments in the "dark web." The analysts employees of iSight Partners a company that provides intelligence about threats to computer security in much the same way military scouts provide intelligence about enemy troops, were careful not to name names or clients in case someone, somewhere was listening on the open line.

For the last eight years iSight has been quietly assembling what may be the largest private team of experts in a nascent business called 'threat intelligence.' Of the company's 311 employees, 243 are so-called cyberintelligence professionals, a statistic that executives there say would rank iSight, if it were a government-run cyberintelligence agency, among the 10 largest in the world, though it is impossible to verify given the secretive nature of these operations.

The company's focus is what John P Watters, iSight's chief executive, calls "left of boom," which is military jargon for the moment before an explosive device detonates.

Watters, a tall, 51-year-old Texan whose standard uniform consists of Hawaiian shirts and custom cowboy boots, frequently invokes war analogies when talking about online threats. "Our business," Watters continued, "is tracking the arms merchants and bomb makers so we can be left of boom and avoid the impact altogether."

ISight's investors, who have put $60 million into the company so far, believe that its services fill a critical gap in the battle to get ahead of threats. Most security companies, like FireEye, Symantec, Palo Alto Networks and Intel's security unit, focus on blocking or detecting intrusions as they occur or responding to attacks after the fact. 

ISight goes straight to the enemy. Its analysts — many of them fluent in Russian, Mandarin, Portuguese or 21 other languages — infiltrate the underground, where they watch criminals putting their schemes together and selling their tools. 

The analysts' reports help clients — including 280 government agencies, as well as banks and credit-card, health care, retail and oil and gas companies — prioritize the most imminent and possibly destructive threats. 

Security experts say the need for such intelligence has never been greater. For the last three years, businesses have been investing in "big data" analytic tools that sound alarms anytime someone does something unusual, like gain access to a server in China, set up a private connection or siphon unusually large amounts of data from a corporate network. 

The result is near constant and confusing noise. "Except for the most mature organizations, most businesses are drowning in alerts," said Jason Clark, the chief security officer at Optiv, a security firm. 

The average organization receives 16,937 alerts a week. Only 19% of them are deemed "reliable," and only 4% are investigated, according to a study released in January by the Ponemon Institute, which tracks data breaches. By the time criminals make enough noise to merit a full investigation, it can take financial services companies more than three months, on average, to discover them, and retailers more than six months. 

"Just generating more alerts is wasting billions of dollars of venture capital," said David Cowan, an iSight investor and a partner at Bessemer Venture Partners. The last thing an executive in charge of network security needs is more alerts, he said: "They don't have time. They need human, actionable threat intelligence." 

Mr Cowan and others point to what happened to Target in 2013, when the retailer ignored an alert that ultimately could have stopped criminals from stealing 40 million customers' payment details from its network. 

A year earlier, iSight warned its clients that criminals were compiling and selling malware that was specifically designed to scrape payment data off cash registers. Had Target received that warning, the blip on its network might not have gone unnoticed. 

"Target faced the same problem every retailer does every day," Mr. Watters said. "They are awash in a sea of critical alerts every day. Without threat intelligence, they had roulette odds of picking the right one." 

Gartner, the research firm, estimates that the market for threat intelligence like iSight's could grow to $1 billion in two years from $255 million in 2013. Gartner predicts that by 2018, 60% of businesses will incorporate threat intelligence into their defensive security strategy. 

ISight, which plans to file for an initial public offering of stock next year, hopes to capitalize, as do the dozens of other cyberthreat intelligence outfits now flooding the market, each with a slightly different approach. 

Source : The Times Of India - Tech