Startup Cyber adAPT takes on threat detection

Cyber adAPT, a startup springing from DARPA funded research, is shipping its first products that detect network compromises and gather data that can be used later for forensic analysis of breaches.

The company's appliance-based platform monitors network traffic looking for suspicious communications that might indicate a breach and correlates it with threat feeds to improve its accuracy.

The company just landed a $4.1 million Series A round from Alvin Fund, Granite Point Capital Partners, Griffin Fund II, and Fundamental Capital Management. It started work about 15 months ago and grew out of Irvine Sensors, which had done research funded by the Defense Advanced Research Projects Agency.

The goal is for the platform to perform predictive threat analysis in which it would determine where threats are moving, the goals of the attackers, where the attack is likely to pivot and what assets it is likely to pivot to, and what phase the attack is in.

The company competes against Cyphort, Damballa and Vectra Networks. At the moment its customers are concentrated in energy and retail industries, but it hopes to expand to Fortune 1000 companies in petroleum, finance and healthcare.

It makes two appliances, Cyber adAPT and Cyber adAPT+. Both are 1U rack-mount devices. The first is a detection device that polls real-time traffic, analyzes it and overlays the results with data from threat feeds in order to correlate network activity with indicators of compromise. This helps reduce false positives that might result from just analyzing network traffic alone.

Cyber adAPT+ performs detection but adds packet capture and stores metadata about network traffic that allows forensic analysis of how compromises happened once they have been found.

They are generally deployed on tap or span ports of core routers and switches to monitor communication among critical business assets.