Today we announced that ProtectWise has emerged from stealth with more than $17 million in financing from Crosslink Capital, Trinity Ventures, Paladin Capital Group, and Arsenal Venture Partners to completely rethink the way enterprises approach network security.

After nearly two years of product development and beta testing with more than a dozen companies from the technology, entertainment, media, finance and healthcare industries, we are ready to share with the world what we've been working on. It's been challenging to keep it a secret.

Introducing the first ever virtual security camera in the cloud

ProtectWise is the industry's first cloud platform for enterprise network security that delivers continuous real-time and automated retroactive threat detection and response based on correlated, community-scaled intelligence and analysis afforded by its cloud form factor.

How does it actually work? Our Cloud Network DVR is a virtual camera in the cloud that records everything on the network and allows security professionals to see threats in real time and goes back in time - days, weeks, months and even years of historical data - automatically to discover previously unknown threats. It is always recording full-fidelity network traffic, making it possible to rewind and replay events automatically. By harnessing the power, elasticity and scale of the cloud, ProtectWise provides an integrated solution with complete visibility and detection of enterprise threats and accelerated incident response. We've coupled this with an amazing visualization heads-up-display that gives the enterprise real-time situational analysis and also serves as a forensic workbench for impact analysis and investigation.

What we've built is simple in concept:

  1. A virtual camera for every network segment that records everything, all the time. It's a platform that can record network traffic from multiple networks and unify it into a single haystack in the cloud for centralized analysis creating an unlimited, full-fidelity retention window.
  2. A time machine for threat detection. It's a time machine that provides complete visibility into threats to provide both real-time and back-in-time analysis that happens automatically and continuously.
  3. A Beautiful Visualizer. Powerful, interactive event visualization that gives security professionals the tools they need to see the state of network security at-a-glance, quickly pivot into deep dive forensics and ultimately, respond faster and more accurately to security incidents.

But to understand what we've built, it's important to understand why it needed to be built.

protectwise-hud-threat-card-number-2-screen-shot-2015-03-06-at-2.41.41-PM.png Threat Card in the Heads Up Display of the ProtectWise Visualizer

Defense in Doubt

Having been around the security and SaaS industries for many years, we didn't want to merely iterate on current security technology model--primarily because this model is broken. The enterprise network security landscape is littered with costly, point solutions that emit uncorrelated alerts for enterprise security teams struggling to keep up. Clearly, this model of preventative, point-in-time security does not scale. And in light of the incessant revelations of high-profile corporate network breaches, it's not working.

Point products don't integrate well. And the prohibitive cost of hardware to retain event information and correlate threat intelligence and the limited forensic windows keep organizations from seeing all but real-time alarms. What's more, today's enterprise security teams operate as islands with very little outside context of current attack techniques and a limited situation view. Most security teams are deluged with alerts but have no way to correlate and prioritize them.

In light of what we call this state of Defense in Doubt, we wanted to develop a new approach to network security; one that leverages advances in cloud technologies to improve the visibility and detection of threats and speed incident response. By shifting network security to the cloud, we've been able to eliminate some of the current constraints and blind spots that characterize network security point products.

An Unlimited, Full-Fidelity Retention Window

At best, most existing network recording solutions provide only a 2-week retention period. And to achieve this limited window requires a significant investment in hardware. Even solutions that offer retrospection--the ability to look back in time at historic traffic to uncover threats--don't offer it as an automatic and continuous service. It requires security staff to pull information manually from disparate pieces of hardware and correlate them--trying to recreate what happened. This is not only time consuming, but often impossible.

ProtectWise is always recording everything that happens on a network and centralizing the information in our cloud platform, where it is continuously analyzed. To see what happened in the past hours, days, weeks or even months, all you need to do is use the DVR-like controls in our Heads Up Display to get a complete record of what happened. You can even quickly download the full PCAP.

protectwise-screen-shot-killbox-observations-and-pcap-download-2015-03-06-at-2.22.18-PM.png Killbox Observations and PCAP Download

The Addition of the Z-Axis of Time to Threat Detection

The ability to retain a full fidelity record of network traffic for as long as you want means that it is available for continuous analysis both in real-time and equally important, retroactively. Our technology is created to retroactively analyze network traffic automatically, to identify attacks or vulnerabilities that too often are discovered months after they've been exploited. The idea is that with new information (zero-day threats, attacks on other companies, vulnerability disclosures, etc.) or advances in technology, security teams would be able to either identify past security events that still required remediation or could eliminate security holes that could lead to a future attack.

Correlated, Community-Scaled Threat Detection

Finally, we wanted to be able to provide our customers with a "safety in numbers" effect which is only feasible by leveraging cloud economies of intelligence. A threat detected in one customers network traffic, whether in real time or retrospectively, automatically triggers inspection of all customers' traffic. We believe this collective security is the only way to combat the constantly evolving sophistication of today's threats.

Network Security as a Utility

Our SaaS delivery model means the Cloud Network DVR deploys in minutes, delivering rapid threat detection, identification and incident management, ROI performance reporting for existing security solutions as well as immediate assurance as to whether or not a network has been impacted by past threats. It requires no on-premises storage or maintenance and scales quickly to meet future network security needs.

Seeing is Believing

We think it's a powerful offering. But the best way to determine this, is to put it to the test. So we offer a free version of our service. You can register to get started today and see for yourself what your existing security solutions have been missing.

And stay tuned for more details on how we architected our platform to handle the massive scale of network traffic, how we protect the privacy of data, address bandwidth concerns, and a look at the types of threats we've been detecting that other solutions have been missing.

Today is really just the beginning of our story and what we believe is the beginning of a new and better path to enterprise network security.