Cybereason strengthens XDR offering with acquisition of empow and its predictive response technology

The empow technology uses machine learning to correlate inputs from the entire cyber ecosystem, including endpoint, network, identity and application telemetry, to determine where an attacker has been, and where it is going.

Yonatan Striem-Amit, Cybereason’s CTO

Cybereason, which began as an EDR [Endpoint Detection and Response] vendor in 2012, and expanded into the growing XDR [Extended Detection and Response] space last year, has significantly strengthened their XDR capabilities with the acquisition of empow, a security analytics company based in Tel Aviv, and with an office in Boston.

“Their founding team is out of Israel, and the principals were part of Radware,” said Yonatan Striem-Amit, Cybereason’s CTO and one of its co-founders. “They built an incredible technology that really complements our vision, and provides a clear one plus one equals three story.”

Ironically, empow started out selling a next-gen SIEM, product, which they still sell, and which is branded iSIEM. They moved from there into the XDR product, iXDR, that attracted Cybereason. They also sell a third product, iCOR, an AI-correlation engine.

“Their XDR will be integrated into ours,” Striem-Amit said. “They share the same core IP which will be brought into our engine as part of the main Cybereason XDR offering.”

The iCOR AI-correlation engine will also be integrated into the Cybereason XDR. Striem-Amit explained that empow sold it as a separate product because they targeted different customers and use cases with it, but that Cybereason sees it as making much more sense integrated as part of the holistic XDR offering.

“Another reason that it was sold separately is that their main product was that next-generation SIEM,” Striem-Amit said.

That empow SIEM, on the other hand, is not in Cybereason’s plans

“We aren’t going to continue chasing the SIEM market,” Striem-Amit stated. “XDR has overtaken SIEM in its importance in security. Empow has had some decent success with SIEM but we believe that the opportunity of going together with them in XDR is much more exciting.”

The secret sauce in the empow offering is their patented prediction technology. It is a machine learning prediction algorithm that anticipates attacker intent and next steps, and also indicates where it has been, by seamlessly correlating inputs from the entire cyber ecosystem, combining endpoint, network, identity and application telemetry.

“This is a really revolutionary technology around predictive analytics,” Striem-Amit said. “It is based on the trajectory of an attack, where it is likely to go and where it may have been. It gives defenders a superpower by providing them with a good view of the trajectory of the adversary.”

For the partner ecosystem, Striem-Amit indicated that this solves a critical problem.

“It solves a critical problem for them by bringing everything into one cohesive experience, integrating separate things like firewall, endpoint and SaaS,” he said. “That’s very exciting.”

It also addresses another partner program of providing this kind of protection at scale, effectively and in a user-friendly way.

“Every partner trying to provide security value has security telemetry coming in from all kinds of systems all over,” Striem-Amit indicated. “Their problem is to balance efficiency with all this. This is an answer to this problem of how you scale efficiencies and bring more assets under coverage at scale.” Empow will enable Cybereason to accelerate integrations with more than 70 leading IT and security vendors, including firewall providers, email and web gateways, cloud infrastructure, and threat intelligence vendors.

Striem-Amit said the deal came about after Cybereason studied empow for a long time.

“We have been looking at the landscape for many years, as we put together our own XDR offering,” he noted. “So we had followed hem for many years. Coming together didn’t  make sense initially but as we advanced more, it began to make sense.”

Empow also has a reseller and MSSP channel.

“There is some overlap with our own channel,” Striem-Amit said. “They had more MSSPs who were more focused on SIEMs, although many partners in that area also have been moving towards XDR.”