Splunk has acquired threat detection startup Caspida for $190m in a bid to bring data science-based behaviour analytics to its cyber security offerings.
Caspida's technology uses machine learning to automatically analyse the behaviour of people in a company to identify security threats linked to workers with trusted access and privileges to a company's IT systems and data.
Normal cyber security systems and software are designed to stop threats from outside a company's firewall or to prevent malware from spreading, but Caspida identifies suspicious internal activity based on behaviour, not direct hacking.
People with such permissions can bypass traditional security systems that look for hacking activity, but analysing user behaviour inside an IT network can detect anomalies and suspicious activity.
Caspida's analytics technology presents its findings as risk ratings with supporting evidence which is fed back to security analysts allowing them to take action to prevent a cyber attack or take action to solve an attack in progress.
Splunk chief executive Godfrey Sullivan explained in an open letter to customers that the evolution of internal cyber security threats is prompting a need to look beyond traditional security measures.
"Most of these threats are hard to detect using traditional signature- and rules-based approaches because they usually employ trusted access owned by insiders or gained from compromised credentials or systems," he said.
"Recent high-profile breaches have shown us the significance of identity and user credentials as an attack surface."
Sullivan added that the acquisition of Caspida is part of the company's strategy to expand its cyber security portfolio, and will provide access to technology that enables more advanced and insider threat detection.
"This acquisition is aligned to our strategy of expanding our cyber security offerings and will enable us to bring advanced analytical capabilities to our customers," he said.
Splunk did not reveal any further details about the acquisition, despite V3's request for comment.
But it would appear that the company is completely absorbing Caspida, given Splunk's prediction that Caspida employee retention incentives may have a minor effect on its business outlook.
Russian Taiga smartphone promises snoop-proof communications - coming soon to employees of Russian state-owned firms
Eugene Kaspersky's ex outs smartphone that claims to prevent apps from spying on users
Deloitte accused of leaving its internal Active Directory server exposed to the internet with RDP open
Deloitte accused of lax systems administration and security practices over email hack
Lax systems administration practices blamed for exposing millions of sensitive client emails
The new processors support Intel's Optane memory acceleration technology