San Francisco-based adaptive threat prevention Preempt has announced the expansion of its Preempt platform, significantly enhancing its capability against eliminate security breaches and internal threats. It is designed to assess identity, behavior and risk to challenge anomalous behavior in real time, without the false positives that waste a SOC team’s time.
Preempt was founded in 2014, began coding at the beginning of 2015, and had product out 18 months later. The company formally launched in the summer of 2016, with its head office in San Francisco and its research and development facilities in Israel.
“We are now coming up on three dozen customers, in financials, health, legal and now, industrial,” said Ajit Sancheti, Preempt’s CEO and co-founder. Preempt emphasizes their platform’s enterprise scalability, but the product also sells further downmarket.
“We have many paid customers with under 100 users, and some with 40,000 users,” Sancheti indicated. “We are in trials today with customers who have over 100,000 users. It’s extremely scalable, but it works across the board.”
Sancheti indicated that the design philosophy behind the product has evolved in the short time since its inception.
“We were initially focused on user behavior,” he said. “The problem for enterprises is that they don’t have people to chase down all the threats that are identified. So we do both the detection AND the response, with the responses tied to the behavior. What has happened over time is that we are realizing more and more that we need to cover a broad combination of identity, behavior and risk, especially since most breaches involve credentials and privilege escalation.”
The agentless Preempt platform provides continuous tracking of the identity, behavior and risk of every enterprise user, and adapts responses based on risk.
“While Privilege Account Management solutions are for privileged users only, we work with every user in the enterprise,” Sancheti said. “We allow enterprise employees the ability to access what they need to access without compromising security, while using identity as a way to figure out what’s going on.”
Anomalous or risky behaviors can be challenged or redirected without disrupting user productivity, through real-time responses that can adapt as situations change. If the risks increase, the solution’s customizable policies can challenge users to verify their identity, reduce user privileges, force password changes, or ultimately block them.
The original platform had multi-dimensional data analysis, behavioral analytics, continuous risk assessment, adaptive response enforcement, around a policy engine and a behavioral firewall that detects, challenges and responds to both threats and risky behavior without getting a security analyst involved.
“We have now added Threat Hunter, which provides a free-form way for analysts to proactively search events and investigate reports,” Sancheti stated. “We have also expanded Any App, to easily expand secure authentication to any on-premise or cloud app. Because we sit on the network in front of domain controllers, we can easily trigger a multi-factor authentication. In this one simple way, we have added secure authentication to many applications – not just name and password.”
Sancheti said that these capabilities are particularly valuable as organizations move more applications to the cloud.
“We are now allowing enterprises to make transition to the cloud a lot easier, to make that movement as seamless as possible because they don’t lose any of the security benefits,” he indicated.
Like most security startups, Preempt started selling direct to build up a base of reference customers, but they are on a course towards a 100 per cent channel model.
“We started selling mainly direct, with just a few partners,” Sancheti said. “This is very high touch, and typically, you need 50-100 customers before the channel gets interested. However, in the last 90 days many larger security resellers have become our partners, and we now have almost 20 partners, including ones like Optiv and Guidepoint.”
The goal is now to get to a 100 per cent channel model.
“We are close to that now,” Sancheti said. “Channel partners are now the trusted advisors to enterprises, something that has become even stronger in the last couple of years. They have a good understanding of what customer challenges are. That’s why the security-focused resellers are where we want to be. Otherwise, you just tend to have good meetings, that don’t go very far.”
