CIA-backed In-Q-Tel backs Interset.
In-Q-Tel, the venture capital firm backed by the CIA and other stealthy “three-letter agencies” is investing in Interset, a specialist in user behavior analytics. That puts Interset into some pretty interesting company. In-Q-Tel has invested in Palantir, Mesosphere, Cliqr, and some 250 tech companies.
In English, behavior analytics is the practice of looking for unusual user activity patterns from application logs, Microsoft Active Directory, etc. in hopes of nipping bad behavior—data theft or sabotage—in the bud. If Joe Shmoe typically works from 8 a.m. till 5 p.m. and uses Sharepoint for certain tasks but then starts logging into Sharepoint at 4 a.m., that’s worth a look. Or perhaps he starts downloading large Word files in a way he’s never done before, all of those red flags can add up to what could be a threat.
“We look for insider threats which can manifest in a few ways,” said Dale Quayle, chief executive of the Ottawa-based Interset. “Maybe a malicious person inside the company or a badguy on the outside who’s compromised an insider’s credentials. We look at different behavior patterns, changes in the time of day they access things that may signal some sort of change.”
In-Q-Tel’s backing gives security startups a sort of credibility that Fortune 500 companies might consider as they make their own security purchase decisions.
“We talk to the agencies to understand their mission objectives and then go off and make investments against that,” said Steve Bowsher, managing general partner of In-Q-Tel, told Fortune.
As is typical, In-Q-tel did not disclose the size of its investment but the company’s technology picks are often closely watched. Interset had about $20 million in VC backing up until now.
According to an In-Q-Tel filing with the SEC, In-Q-Tel frequently invests with other “top-tier venture capital firms.” On average, it said, “for every dollar that IQT invests in a company the venture capital community has invested more than fifteen dollars, helping to deliver crucial new capabilities at lower cost to the government.”
Insider threats are a big ongoing problem for any agency or company with information worth taking or subverting—which means pretty much any agency or company.
“We look at attack vector as a pervasive problem and we think Interset brings a machine learning capability to it. You can pretty much point at multiple data sources and apply multiple models against them,” said Peter Kuper, a partner at In-Q-Tel.
Interset technology can be applied against a company or agency’s existing Hadoop clusters or can be sold with Cloudera, Hortonworks , or MapR Hadoop implementations, Quayle said.
For more on cybersecurity investment, watch:
In addition to the various application logs, Interset will still soon add support for Netflow, the Cisco protocol for collecting and monitoring network traffic, which is critical, according to Kuper.
The more information you can throw at the system, the better, he noted.