News, news analysis, and commentary on the latest trends in cybersecurity technology.

Abstract Security Brings AI to Next-Gen SIEM

The startup's AI-powered data-streaming platform separates security analytics from compliance data.

Fahmida Y. Rashid, Managing Editor, Features

March 26, 2024

2 Min Read
Source: YAY Media AS via Alamy Stock Photo

Abstract Security has emerged from stealth with a platform designed to centralize security analytics, speed up threat detection, and triage alerts so that security analysts can focus on actually managing and resolving security incidents.

The startup, which raised $8.5 million in seed funding, will use its platform to shake up the security information and event management (SIEM) market, says Colby DeRodeff, the company's co-founder and CEO. Despite plenty of talk about "next-gen SIEM," little has focused on addressing the underlying challenge: that the technology can't handle the scale of data being collected or deliver actionable alerts quickly enough, he says. But the way Abstract Security handles data collection and storage enables its detection engine to provide analysts with alerts much sooner and at a lower cost, he says.

Abstract Security keeps the security data in data streams and uses machine learning to apply prebuilt and user-defined detection rules to find correlations between streams. Using the streaming model helps Abstract avoid latency, lowers time to detection, and reduces mean time to response, DeRodeff says. In other words, analysts aren't waiting 45 minutes for the system to index the data before they can interrogate it.

"Abstract's data-centric approach represents the future of detection," said Matt Bigge, partner at Crosslink Capital, in a statement. Crosslink Capital participated in the company's seed funding round.

Enterprises are storing terabytes of data, but most of the data they are sitting on — as much as 95% of collected log data — is neither useful nor relevant for detecting security issues and incidents, DeRodeff says. He describes customer meetings where the customer would be unable to detect attack simulations.

"They were not collecting the right data," DeRodeff says, noting that enterprises face a data conundrum. Security teams can define the detection rules based on the type of data they have, but they also have to decide what data to collect based on the detections they want to have.

Abstract Security's platform "bifurcates" security and compliance, DeRodeff says, by directing security-relevant data into streaming databases and storing everything else separately. This increases detection effectiveness and lowers computing and storage costs, while still helping enterprises meet their compliance obligations.  

"In today's shifting cyber landscape, understanding which data is vital for security and which is collected for compliance or forensics is crucial," says strategic adviser Tom Reilly, who is also an investor in the company. Otherwise, organizations pay a hefty price for unnecessary data that simply isn't needed in their high-fidelity analytics packages.

Abstract Security's beta customers span a variety of industries, including a major insurance provider, a global healthcare provider, a Fortune 500 company in the financial services space, and a B2B tech company, the company said.

About the Author

Fahmida Y. Rashid

Managing Editor, Features, Dark Reading

As Dark Reading’s managing editor for features, Fahmida Y Rashid focuses on stories that provide security professionals with the information they need to do their jobs. She has spent over a decade analyzing news events and demystifying security technology for IT professionals and business managers. Prior to specializing in information security, Fahmida wrote about enterprise IT, especially networking, open source, and core internet infrastructure. Before becoming a journalist, she spent over 10 years as an IT professional -- and has experience as a network administrator, software developer, management consultant, and product manager. Her work has appeared in various business and test trade publications, including VentureBeat, CSO Online, InfoWorld, eWEEK, CRN, PC Magazine, and Tom’s Guide.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights