Confluera: Stop and Remediate Cyberthreats in Real-Time

Follow Confluera on :

Abhijit Ghosh, Co-Founder & CEO There is a common thread that binds the major cyber attacks in recent years. Once hackers manage to infiltrate the enterprise environment through one of many gateways— consumer malware, vulnerable application, or social engineering—they carry out elaborate campaigns, rather than a single-point attack. After gaining an initial foothold in the enterprise network, they execute several phases of internal reconnaissance to discover the environment, solidify their position in the network, escalate privileges, and create ingress points. The hackers’ lateral progression from one system to another could span weeks or even months before they arrive at the “crown jewels” such as customer information, intellectual property, sales numbers, and other critical data. This multi-stage plan-of-attack, a.k.a. the cyber kill chain is a menace that enterprises are yet to successfully mitigate. Why? It boils down to their inability to track an attacker’s movements through different phases of an attack involving several machines. Despite having dozens of security products and tools at various endpoints and the network, enterprises are unable to track malicious actions of sophisticated attackers across their infrastructure; while some products examine network traffic, others focus on applications or user behavioral analysis. As such, security analysts get scattered insights (from various endpoints and network devices) and cannot deterministically connect the dots to identify the full context i.e. the attacker’s intent. As a result, security analysts end up playing correlational guesswork.

Confluera has brought to market a first-of-its-kind Autonomous Detection and Response platform built to deterministically detect and stop attackers that scour an enterprise infrastructure. The platform is unique in and of itself when compared to other cybersecurity products. According to Abhijit Ghosh, co-founder & CEO of Confluera, a lot of focus in cybersecurity goes into preventing a hacker’s entry via anti-virus software, firewalls, and other infrastructure security solutions. However, once the attacker has breached the environment, enterprises are helpless since the attacker is able to blend into the network and operate in stealth. “We are bringing the critical capability to track the attacker’s movements, pinpoint their exact location, and perform surgical mitigation, in real-time,” he adds.

"Until our solution, it was impossible to get a real-time aggregate view of what’s going on in the enterprise across their entire security stack"

So, how does the Confluera platform accurately track hackers in real-time?

Once deployed in a client’s infrastructure, the Confluera platform gathers granular telemetry from the hosts at system level to build a map of events and entities that describe the activity sequences within and across the hosts. The platform understands the relationships between various processes and connections, and hence it can connect activities across endpoints. This capability to connect various systems events across hosts is crucial, and a feature that Ghosh notes is missing from the enterprise environments, even though multiple cybersecurity solutions are deployed. Security analysts collect data from platforms “that don’t speak to each other,’’ he added. The activity sequencing combined with native behavioral detection capabilities allows the Confluera platform to accurately identify how attacks are progressing and if/when a hacker is getting closer to critical assets.

We are bringing the critical capability to track the attacker’s movements, pinpoint their exact location, and perform surgical mitigation, in real-time

To augment its intrinsic detection capabilities, Confluera also leverages insights from other security products in a client’s environment - anti-viruses, IDS, and IPS solutions, and more.

The Confluera platform has a three core capabilities: 1) build a real-time map of all activities within an enterprise infrastructure, 2) use native behavioral detections, along with security signals from other security products to contextually fuse with the activity sequences to rank attacks in progress, and 3) deploy surgical responses automatically across all affected entities to stop the attack progression. Essentially, the Confluera platform is a massively scalable distributed data management framework built for activity chaining across an enterprise infrastructure with multimodal security intelligence applied on top to surface and intercept sophisticated attacks.

From Reactive Investigation to Real-Time Mitigation

In the world that predates Confluera, enterprises tried to stop sophisticated attacks through a ton of manual procedures to identify the cyber kill chain. Security analysts manually examined multiple sets of events on different machines from various users, they correlated signals and insights in an attempt to decipher the same. For example, if an alert from machine #5 mirrored a malicious activity in machine #7, analysts tried to connect the dots, albeit without concrete data, to deterministically connect the two logs. In fact, several studies have indicated that enterprises ignore over 30 percent of the security alerts due to fatigue that comes with this type of excessive human intervention.

Conversely, since Confluera’s telemetry keeps a tab of every activity across the infrastructure, security analysts can avoid the task of perennial monitoring. “To study risky behavior across systems and follow up on each signal manually is a tedious process, and infeasible to execute. Our platform brings autonomous detection and response capability,” says Ghosh. However, highlighting the intensiveness of the process, Ghosh comments that the real-time behavioral threat detection “is easier said than done.” The Confluera platform counters the same by “building an attack story as it happens” and upgrades the detection and response capabilities of enterprises from “reactive to proactive.”

Say Goodbye to Big Hammer Responses

To move their cybersecurity principles from reactive to proactive, enterprises are pulling out all the stops. According to Gartner, a sum of $125Bn will be spent on cybersecurity solutions and services in 2019. Although Confluera acknowledges the need for the investments, Ghosh and his team take the onus on themselves to educate clients on tactical methods to counter a data breach. Since the current technologies to detect attack campaigns are largely based on probabilistic correlations, the solutions lack actionable intelligence to counter a sophisticated attack.

Confluera constantly reiterates the necessity for a holistic solution with the following cybersecurity guidelines to its clients:

• Enterprise attack surface is huge. Assume the attacker is already in your infrastructure.
• The reactive post-incident analysis is ineffective in stopping a sophisticated attacker.

• Since the attacker trips multiple wires across the infrastructure moving through the cyber kill chain, it is vital to keep track of activities and movements to identify the attack as a sequence of malicious actions.

• Comprehensive visibility into malicious actions comes from aggregated security functions. Integrate security results in the context of tracked activity sequences to identify threats.

• Avoid a big hammer response!

The final dictum cannot be ignored since containment-first response strategies have historically perturbed business continuity and even hindered actual remediation of the attack. When an enterprise becomes aware of a breach through one of its endpoint security solutions (even if the attacker hasn’t reached the crown jewels), they typically quarantine all the critical applications, reimage their servers, and scramble to a resolution. Confluera, on the other hand, gives enterprises the capability to avoid hitting the panic button. Since an enterprise can deterministically conclude if a malicious activity could turn into a potential breach, they can undertake a surgical response rather than disrupting their everyday business operations.

These guidelines represent Confluera’s first engagement with a new client. Once the client’s pain points are discussed in detail, team Confluera demonstrates through a demo the live progression of a cyber kill chain, and how Confluera deterministically tracks activities, and automatically ranks threats to surgically stop attacks in real-time, and frees up security analysts.

Winning over the Cybersecurity Community

Such live demos were also on display when Confluera wowed audiences at Black Hat USA 2019, the world’s leading information security event. In one such demo, Confluera exhibited how an attacker hopped across five different machines in an enterprise network. This demo was modeled around the infamous Equifax breach, and Confluera engineers simulated live attacks, used the Confluera platform to track the attack progression, and intercept the attack it in real-time. The audiences were floored by the visualization and the demo allowed Confluera to secure POCs, new clients, and pursue new business opportunities. Subsequently, Confluera had another regional platform launch on October 14, 2019, in New York City, an event that was attended by the top CIOs, CISOs, and security leaders from the local market.

Displaying such veracity, Confluera’s goal is to cement itself as “the de facto cybersecurity product for data centers and cloud infrastructure” and emerge as the go-to solution for any enterprise environment. Since coming out of stealth in July, Confluera has already turned heads in the cybersecurity community, and the company plans to make further noise in the coming months. Although a lot of its early customers are from the financial and automotive sectors, Confluera’s solution can be applied to enterprises of all sizes across industries, even for SMBs that rely on MSPs for their cybersecurity solutions.

It would be fascinating to see where Confluera goes from here. Founded by former key engineers from Oracle, Juniper, LinkedIn, and Rubrik, and funded by the pioneers behind Lightspeed Venture Partners, Symantec, Palo Alto Networks, and ServiceNow, Confluera will look to build on its strong foundation. Just a few months into its commercial launch, the 19-member team is already working on platform enhancements and building a global clientele. “Until our solution, it was impossible to get a real-time aggregate view of what’s going on in the enterprise across their entire security stack. In a crowded market space, we are bringing a fundamental capability that can change the landscape of security operations,” concludes Ghosh.


Palo Alto, CA

Abhijit Ghosh, Co-Founder & CEO

Offers an autonomous detection and response platform built to deterministically detect and stop attackers navigating through an enterprise's infrastructure. One of the Most Promising Critical Infrastructure Protection Solution Providers, Confluera has introduced to market ConflueraIQ, a first-of-its-kind real-time Attack Interception and Defense Platform that, when deployed in a client’s infrastructure, gathers granular telemetry from various assets in the network. Through the acquired telemetry, the platform builds a contextual map of events and entities that describe the activity progression, before deterministically connecting activity chains from one machine to another. This process allows ConflueraIQ to accurately pinpoint how attacks are progressing and when a hacker is growing closer to critical assets