Human brains may not be the most fashionable algorithmic tool in the tech business these days, but a Cambridge, Ont.-based cybersecurity company has just completed a $14-million investment round by insisting that they stay front and centre.
eSentire offers "cybersecurity as a service" to over 450 clients, targeting mid-sized corporations, especially in the financial-services sector. It aims itself at companies that probably have a dedicated IT department, but not a cybersecurity department. Companies at this scale might purchase a device that sits on their network to automatically monitor for security breaches – a solution eSentire's CEO, J. Paul Haynes, calls the "blinky light solution": a box that sits on the network and blinks reassuringly. But in an era of rapidly evolving attacks, he says, this isn't enough.
"Technology alone can't solve the problem," he says. "You need human analysts that are using grey matter. It's phenomenally effective for certain kinds of pattern matching and threat detection."
eSentire's model works by putting a device of its own on its clients' networks, which allows them to monitor, with their clients' blessing, the entirety of their network traffic. From there, eSentire uses a blend of algorithms and its analysts' real-time know-how to detect suspicious activity.
Firms like eSentire are especially geared towards responding to attacks that typically start by conning a victim into opening a malware-laden piece of e-mail. From there, the malware often shuts off the target computer's anti-virus software, and commandeers the system, giving a remote third party the same access that the real user has.
The hackers might be doing a smash-and-grab-style operation, looking for easily monetizeable information like credit card numbers or bank accounts. Or, they might be playing a longer game, trying to manipulate financial markets, or looking for intellectual property to either steal or use to embarrass the target.
Mr. Haynes says the techniques that cybersecurity companies use to implement fully automated protection don't cut it anymore. This typically meant watching for an exploit to happen in the wild, but only developing an automatic way to counter it once it's reached a certain threshold. But attacks are becoming more and more diversified.
"We can't assume we've ever seen it before, and you can't rely on algorithms to get a perfect match," he says. "What you have to rely on now is a set of signals or behaviours that suggest something bad is happening."
And that's where half of the firm's 100-odd staff who are involved in continuous monitoring come in, constantly balancing demands across various clients' networks, and alerts that are coming in in real-time.
"They do deep digs, they do escalation, there's collaboration on certain projects. It's importance there's a balance of things going on," says Eldon Sprickerhoff, the company's founder and chief security strategist. "They'll have 15 minutes of relative calm and then two minutes of sheer insanity."
He describes the job as "one third cybersecurity, one third air-traffic control, and one third World of Warcraft" – metaphorically, a team-based quest to root out an adversary's techniques. Ultimately, he says, their goal is to deliver security about 80 per cent algorithmically, and 20 per cent through human intervention.
That quest should pay dividends for clients: Since its perspective spreads across multiple clients, eSentire can apply the lessons its analysts learn from attacks on one network to others, in near-real time, as they emerge and propagate.
The company just completed a $14-million Series C investment round led by Georgian Partners, a Canadian growth equity firm. The company says it will hire 40 more staff, and is preparing to expand overseas, with a United Kingdom operation. Its advisory board, meanwhile, has attracted names like Gus Hunt, the former chief technology officer of the CIA, no less.
"There's an assumption when you buy a piece of equipment that promises the blinky light solution, that now we're good because we have this system," says Mr. Haynes. "But there's no system out there that perfectly deals with every single attack. You have to assume that every thing could go south."
Editors' Note: A previous version of this story incorrectly identified Georgian Partners as an American growth equity firm, when in fact they are based in Toronto, Ont.