Respond Software, a cybsersecurity platform that automates decision-making through emulating human reasoning, has raised $20 million in a series B round of funding led by ClearSky Security, with participation from CRV and Foundation Capital.
Founded out of Mountain View, California, in 2016, Respond Software touts its robotic decision automation (RDA) software that “combines the best of human judgement with the scale and consistent depth of analysis in software,” according to the company. It uses “decision bots” that work out-of-the-box, with no need to train the system or implement any rules or scripts.
The platform is less about stopping advanced threats than it is about filling the role of a tier-1 security analyst, and it covers all alerts that are generated by a company’s network and endpoint sensors. In fact, Respond Software claims that its virtual analyst can serve as the equivalent of having 14 full-time human security analysts working round-the-clock — and toilet breaks aren’t needed.
“Its role is to monitor and triage events and alerts as they come in, deciding which ones are false positives and which are real security incidents — and which are important enough to either escalate to the incident response team or, if the enterprise is smaller, remediate or block themselves,” Respond Software CEO Mike Armistead told VentureBeat. “Think about it as a modern ‘expert system’ that emulates the judgment of an expert analyst, done at [the] scale, speed, and consistency of a machine.”
The hunger is clearly there for automation in cybersecurity, and it’s this demand that Respond Software is looking to capitalize on, with its so-called “decision bots” designed to behave like human security analysts. The core “decision engine” is basically a mathematical model that is pre-trained by analysts, incident responders, and other experts within Respond Software and its broader network.
“The training is a bit of a trade secret, but suffice it to say that our team of security experts assign probabilities to outcomes based on evidence and factors across numerous dimensions,” Armistead continued. “It is not unlike how people are trained to analyze a security situation and determine if its malicious and at what priority should it be placed. Our experts train the model in a similar way.”
Though it is good to go out of the box, it can improve post-integration by taking on feedback and other contextual data to adjust its probability scoring. It also adopts what Armistead refers to as “collective learning,” whereby activities and results from across all its users helps to improve the algorithms for everyone.
“We adjust model probabilities and can escalate based on threat vectors so all customers benefit,” he said.
The global cybersecurity workforce is estimated to be short by nearly 2 million people in the coming years, which is partly why automation is emerging as a big force across the industry. Numerous startups have raised big bucks to automate and scale cybersecurity protections, while BlackBerry recently doled out $1.4 billion for AI-powered advanced threat platform Cylance.
“The lack of skilled security analysts, coupled with the exponential growth of security-related data, has enterprises in crisis mode and increasingly recognizing that the status quo won’t cut it,” said ClearSky Security managing director Jay Leek.
Armistead founded and then sold another cybersecurity company called Fortify to HP back in 2010, and subsequently worked at HP Enterprise. Fortify had raised around $20 million from notable investors such as Kleiner Perkins, and thus Armistead likely had little friction in securing the $12 million raised when he launched Respond Software out of stealth back in 2017. With another $20 million in the bank, it’s now well-financed to push its platform into more enterprises.
“We founded Respond Software to give cybersecurity teams a product that emulates — at scale — the judgment of expert security analysts, effectively giving those operations an extra team to help defend their organization,” Armistead said. “This new funding will enable us to deliver on the tremendous response our RDA software has received thus far, so more security teams can monitor and triage security events 24/7/365 at unprecedented speed, scale and consistency.”