Netenrich on Tuesday launched its Resolution Intelligence platform, which aims to leverage machine learning (ML) and artificial intelligence (AI) to correlate all the data in a security operations center (SOC) and assign the right task to the right level person, creating efficiencies and making it possible for SOCs to identify threats and act on them.
SC Media spent some time this week talking to Raju Chekuri, president and CEO of Netenrich, who explained the company’s history over the past 14 years, its decision to become a SaaS product, and how it intends to go public in the next few years.
Can you give us a general history of Netenrich? What was the original vision 14 years ago?
When we kicked off Netenrich the idea was to really focus on operations. We wanted to transform how operations were done. People were just beginning to outsource infrastructure operations and we were going to get in there and do as much as possible remotely and through shared services operations. That was the early phase. We targeted channel and SMBs. Phase two was to the mid-market client base and doing some serious work in multi-cloud environments and complex networks and VMs. Today, in phase three, we want to bring security and operations together in a very unique way led by our Resolution Intelligence platform. We launched it on Tuesday and we’re looking to scale it as the next phase of operations.
So were the initial operations around HR and remote network support?
We always stuck to infrastructure operations. We worked on the networks for offices and retail stores or data centers or workloads in data centers where companies were going to VMware and Citrix. We helped a lot of SMBs and we used to have 550 MSPs about 10 years ago. In the next phase, people were moving to cloud, more software-defined networks and data centers, so we marketed to larger MSPs that could go after middle-market accounts and help us scale.
When did you see cloud-native and SaaS as the direction the company had to go?
First, the cost of buying servers and putting them into data centers and managing all that is extremely high. To keep it running becomes expensive until you get to a certain scale, so cloud makes a lot of sense. Number two, even six years ago when you talked to Azure or anyone else, the cloud was infrastructure-as-a-service, 'I have a VM in the cloud,' that’s what they were selling. Today, it’s gone beyond that. Now, with fast layers you can manage SQL servers, your data lake is there, and even load balancers. The agility you have is much faster than doing it in the data center. That agility is important to us, the pace of innovation is much faster, so that’s why we’re in the cloud.
Talk to us about the new product, the Resolution Intelligence platform. How will it support multi-cloud environments?
If you look at the operations industry, there are many tools that focus on telemetry and observability. Machines are putting out signals and correlating data and give teams data that something is going up or down. Enterprises have to create teams to ingest this data. More teams come in, more automation engineers come in. And on top of that, people are using multiple tools to analyze multiple cloud platforms. So the NOCs and SOCs swell and they still get hacked and the systems are not working. About four years ago we decided to make it a data problem. We wanted to ingest all the telemetry into our ActOn Data Lake and look at risk, impact, and what to act on. The idea behind the Resolution Intelligence platform is for machines to do a lot of the drudgery. Once more than two or three variables come into play, humans can’t process that well. Our product becomes a pre-processing platform that NOCs or SOCs can use.
What are some of the benchmark outcomes that NOCs and SOCs can expect?
We believe that the entire Tier 1 and Tier 2 layer can be reduced by 70%. And then Tier 3 can get a lot more intelligent with contextual data to act on. Today, when telemetry comes into a NOC, it comes into the Tier 1 person and then he hands it off to Tier 2 person. The Tier 2 person then looks at it and says all his pings look fine and it may even go to the Tier 3 person. It goes back and forth like a hot potato and, frankly, it’s a waste of time. With our platform we can do a lot of pre-processing by machine learning and tell the right people what to do. The real value proposition is how Resolution Intelligence aims to change secure ops through data analytics and provide prioritized and ranked actions analysts need to take. The actions and resolution is extremely important because most security point solutions can tell SOCs what to look for, however, may not offer the top tier actions analysts need to take. Also, the way that companies or service providers tackle secure ops has become outdated. There’s a need to take a different approach in using AI/ML to shift secure ops to be more proactive, predictive and data analysis-driven. It’s all about the convergence of network and secure ops. At the end of the day, if you unplug your digital assets from network, you won’t have any cyber security issues. Essentially, the outcome of security analytics should provide clear actions to IT operators on what they need to do to mitigate these cyber security and operational risks. If we can make that happen, NOCs and SOC can come together more efficiently and bring tremendous efficiencies to their businesses. The sole purpose of Resolution Intelligence is to work hard to get the industry to move towards RiskOps which enables the convergence of NOCs and SOCs.
How does the platform assign tasks to the right people?
The Resolution Intelligence platform uses AI/ML to provide automated insights and actions into incidents that need immediate attention. It does all the heavy lifting a Tier 2 and Tier 3 analyst would do, empowering the Tier 1 analyst with expertise if they were at levels of Tier 2, Tier 3 analysts. In making this happen, the platform does all the heavy lifting, such as analysis, threat hunting, and correlating information for context. Usually this work gets done manually, and it’s time-consuming and takes a heavy impact on resources. With AI/ML, analysts can start pivoting, look at file hash, IP, can dive down deeper. The platform enables efficiencies, scale and speed to identify point-of-time of the attack or incident. Analysts can then understand where the threat came in and understand what happened. The platform uses AI/ML to take proactive and predictive approaches across secure ops. Traditional security tools look at a single point of telemetry to understand if a ransomware attack was an incident patch issue, or did EDR catch it? Our platform analyzes deeper, looking at all security telemetry, following the MITRE ATT&CK framework and threat intelligence. We then apply data analytics to deliver context, insights and the action to take. We learned that we can’t win the cyber war on point products. For us to win, secure ops is all about data analytics.
Netenrich has been self-funded since its inception. Do you expect that to change or will you remain on the current course?
We feel that with the SaaS platform, we will scale much faster. We will obviously explore all options, but I would say that in three or four years, Netenrich will be on track to become a public company. If we want to go global, expand into Europe and Asia, and work with the world’s largest cloud providers, we’ll need to go public. It’s possible that we may do an interim funding round in six to nine months, however, we have an eye towards going public in a few years.