- Apr 26, 2017
- 89
Belmont, Mass-based start-up GreatHorn announced Wednesday completion of a $6.3 million Series A funding round led by Techstars Venture Capital Fund and .406 Ventures.
The firm, one of Gartner's 'cool cloud vendors', is bringing machine-learning technology to the continuing threat and problem of targeted spear phishing. Spear-phishing, and the related Business E-mail Compromise (BEC) scam, are two of today's most pernicious threats -- the former is the first stage of the majority of successful breaches; and the latter, according to the FBI in May 2016, is responsible for losses "now totaling over $3 billion."
Both threats have proved resilient against traditional defenses because of their use of finely tuned and targeted, narrow-band social engineering. Effectively, each threat is new and unique, probably contains no payload to analyze, and is delivered before it can be recognized and blocked. The same problem exists for malware: new versions are delivered and get through signature-based anti-virus defenses before detection is added to the defense.
The solution against malware has been a shift of emphasis towards the recognition of malware behavior, using machine-learning to understand and detect that behavior. Conceptually, GreatHorn takes a similar approach to spear-phishing and BEC. It monitors email across the cloud both in metadata and content. It builds a behavioral graph that can detect anomalies in email behavior.
"We're not looking for a single smoking gun, we do not rely on any single indicator," CEO Kevin O'Brien told SecurityWeek. "What we do is plug into cloud email systems like Google and O365, and we look at all of the mail that gets sent and received. Then we build a social graph -- we start to understand how, for example, a CFO receives messages from the CEO, what those messages look like, how often they come, are they a bi-directional flow or received only. And we look at all the mechanisms of authentication buried in the metadata. We develop a fingerprint that can be coupled with the social graph.
"When you start to do that, not just for a single company but globally for hundreds of thousands of mailboxes every minute you start to see patterns of how email communication works. From there we think of it in terms of anomaly detection, and we can begin to identify anomalous messages -- things that could be spear-phishing or BEC attempts. We're not looking for things that might match an out of date blacklist, we have a unique lens on how individuals inside of a company, or inside of an industry sector, or even around the world, send mail."
It is this new application of machine-learning on big data to detect the anomalies in e-mail that could detect and prevent spear-phishing that has attracted the investors. "Advanced and targeted social engineering threats represent one of the most pernicious and dangerous challenges to organizations in both the public and private sector," explained Techstars Ventures Partner Ari Newman. "GreatHorn brings fresh thinking and a cloud-native, intelligent platform that can protect these organizations. We've been thrilled with the progress and execution GreatHorn has shown over the last few years and are excited to step up our investment in the company."
"GreatHorn," added .406 Ventures Partner Greg Dracon, "is at the forefront of next-generation cybersecurity, understanding that changing human behavior is difficult and that security awareness training is not nearly enough for employees faced with sophisticated phishing techniques that look real from presumably trusted contacts." Both Newman and Dracon are joining GreatHorn's board of directors.
Existing investors including ff Venture Capital, SoftTech Ventures and RRE Ventures also participated in the funding round.
The firm, one of Gartner's 'cool cloud vendors', is bringing machine-learning technology to the continuing threat and problem of targeted spear phishing. Spear-phishing, and the related Business E-mail Compromise (BEC) scam, are two of today's most pernicious threats -- the former is the first stage of the majority of successful breaches; and the latter, according to the FBI in May 2016, is responsible for losses "now totaling over $3 billion."
Both threats have proved resilient against traditional defenses because of their use of finely tuned and targeted, narrow-band social engineering. Effectively, each threat is new and unique, probably contains no payload to analyze, and is delivered before it can be recognized and blocked. The same problem exists for malware: new versions are delivered and get through signature-based anti-virus defenses before detection is added to the defense.
The solution against malware has been a shift of emphasis towards the recognition of malware behavior, using machine-learning to understand and detect that behavior. Conceptually, GreatHorn takes a similar approach to spear-phishing and BEC. It monitors email across the cloud both in metadata and content. It builds a behavioral graph that can detect anomalies in email behavior.
"We're not looking for a single smoking gun, we do not rely on any single indicator," CEO Kevin O'Brien told SecurityWeek. "What we do is plug into cloud email systems like Google and O365, and we look at all of the mail that gets sent and received. Then we build a social graph -- we start to understand how, for example, a CFO receives messages from the CEO, what those messages look like, how often they come, are they a bi-directional flow or received only. And we look at all the mechanisms of authentication buried in the metadata. We develop a fingerprint that can be coupled with the social graph.
"When you start to do that, not just for a single company but globally for hundreds of thousands of mailboxes every minute you start to see patterns of how email communication works. From there we think of it in terms of anomaly detection, and we can begin to identify anomalous messages -- things that could be spear-phishing or BEC attempts. We're not looking for things that might match an out of date blacklist, we have a unique lens on how individuals inside of a company, or inside of an industry sector, or even around the world, send mail."
It is this new application of machine-learning on big data to detect the anomalies in e-mail that could detect and prevent spear-phishing that has attracted the investors. "Advanced and targeted social engineering threats represent one of the most pernicious and dangerous challenges to organizations in both the public and private sector," explained Techstars Ventures Partner Ari Newman. "GreatHorn brings fresh thinking and a cloud-native, intelligent platform that can protect these organizations. We've been thrilled with the progress and execution GreatHorn has shown over the last few years and are excited to step up our investment in the company."
"GreatHorn," added .406 Ventures Partner Greg Dracon, "is at the forefront of next-generation cybersecurity, understanding that changing human behavior is difficult and that security awareness training is not nearly enough for employees faced with sophisticated phishing techniques that look real from presumably trusted contacts." Both Newman and Dracon are joining GreatHorn's board of directors.
Existing investors including ff Venture Capital, SoftTech Ventures and RRE Ventures also participated in the funding round.