Sqrrl, the big data startup whose founders used to work for the NSA, plans to announce Thursday that it is shifting its focus to cyber security with a new release of its enterprise service. The startup is also taking in a $7 million Series B investment round, bringing its total funding to $14.2 million, said Ely Kahn, a Sqrrl co-founder and vice president of business development.
The heart of Sqrrl’s technology is the NSA-developed and open-sourced Apache Accumulo NoSQL database, which the company, like other open-source-reliant companies such as Docker or Hortonworks, sells premium services around.
While the Accumulo technology, based on Hadoop, provided a way for companies to store and analyze all their data similar to how they could with other big data vendors like Splunk, Kahn said his team found that their biggest customers were using the technology for cybersecurity purposes. Just a hunch, but I bet the whole “ties to the NSA” thing probably leads to people wanting to give it a go for their security challenges.
Sqrrl’s technology spools together many different types of data sets, from intrusion detection logs to human resources information, and puts that in a single platform that can be used for discovering bad actors that may be loitering in a company’s infrastructure.
Because the Accumulo NoSQL database can function as a graph database (graph databases are a class of NoSQL databases, said Kahn) the Sqrrl team can dump all that data into the system and then receive a picture of the network that contains all the users, devices and servers and how they are connected together.
Sqrrl dashboard
“We are able to take all these disparate data sets and defuse them into this linked-data model,” said Kahn.
Graph databases seem to be getting a lot of action these days (DataStax just bought out a graph-database company called Aurelius) and it’s often that people use the technology as a way to map out their infrastructure and learn about vulnerabilities.
Given this traction of using graph databases for security purposes it makes sense that Sqrrl would want to ride this wave, and its Sqrrl Enterprise 2.0 product line now contains security specific features including a visualization tools like bar charts and pie charts, and a dashboard for users to create reports based from the data.
“It’s a big data analytics platform with a focus on cybersecurity,” said Kahn. “It has a database foundation, but it now has advanced visualization capabilities that supports the incident-detection lifecycle.”
This might sounds similar to Argyle Data, which built fraud-detection software on top of the Accumulo database, but Kahn said that startup is more focussed on using its technology to prevent telephone scams and the like and that solving problems related to fraud requires different types of data sets than the ones Sqrrl analyzes to detect anomalies.