Red Lambda: Security Revolution Or Just Evolution?

Security statistics are depressing. The bad guys seem to be overwhelming the good guys, even when the good guys are well-known security vendors. So when an emerging company, such as Red Lambda, claims to have software that significantly improves the odds for the good guys, you need to pay close attention.

As an industry analyst, I am briefed by vendors large and small (and in-between, as well). Large vendors have a rich variety of products, and trying to keep track of everything is a little like being a ringmaster at a three-ring circus. Smaller companies (especially startups) tend to focus on one (or, at most, a few) products.

That can be somewhat limiting, so in examining a smaller company, I look for a defensible value proposition that enables it to clearly differentiate itself from the competition and enable it to compete effectively with larger, established companies that have all the resource advantages (large installed base, solid distribution channels and a well-endowed R&D infrastructure, among other things). That is not to say that the smaller companies cannot compete with the giants; as we well know, many have done so successfully. However, for every truly successful startup, how many more struggleto gain traction and profitability, have modest success or are, frankly, failures?

Most startups have a decent story or at least enough salesmanship skills to get hard-nosed or even reluctant venture capitalists to supply funding. Still, many of thesecompanies are a variation on a theme. SSD startups are popular today, but identifying the winners and losers is hard, at best. Others may have brilliant ideas, but marketforces may make success difficult--for example, a maker of a software product that is best sold through a service provider, but the service provider cannot make as much onthe service engagement as it would prefer or demand.

Other startups have a clearer path to success. They offer a compelling value proposition, and adoption by many, many enterprise customers is a reasonable assumption. Now, it is too soon to say whether Red Lambda will be in the winner’s circle (as there is many a slip between cup and lip). However, pay attention to what Red Lambda can do.

Security is always a major topic on the CIO agenda. The number of technologies that address security issues, from oldies, such as firewalls, to newer technologies, such assecurity event appliances, is mind boggling. Yet threats keep on mounting. Anti-virus technology has to meet new threats quickly after the fact. Responding to threat vectorsin real-time is difficult, especially when the threat is hard to identify. And the bad guys seem to possess deep knowledge of the seams or holes in the software aspects of the information infrastructure, including applications, database systems and operating systems.

At the same time, the IT infrastructure is also undergoing great change because of the adoption of virtualization and cloud technologies, which, among other things, includes increased mobility of both virtual machines and data. That, in turn, increases exposure to potential and actual threats.

Then there is the explosive growth in data not only in volume, but also in variety and velocity. Security has to cover all of this; otherwise, there are gaps that can lead to breaches in data security. Red Lamdba refers to this as the "need for data-driven security for big data IT environments." But what they mean by "big data" is not specific data sources (as it is usually defined by system and storage vendors), but rather the entirety of an enterprise's data.

Red Lambda’s solutions examine all operational data--by which they mean all the metadata--about what is happening in a network environment, including log files. They do not touch the actual business data (such as emails and database transactions) at this time, but operational data is where the anomalies that represent threat vectors can be detected. Operational data sources can include telemetry, traffic, device, sensor, events and transient application data from IT systems, as well as external contextual data such as news, closed caption, weather, social, geographical and global threatfeeds.

Red Lambda can also examine streams of incoming data in real time for decision-making, or it can be used to examine what has already happened in the IT informationinfrastructure so that corrective action can be taken to rectify what has already occurred.

The company’s secret sauce lies in what is called universal anomaly detection in real time (which means before a threat can do its nefarious thing). How can you detectwhat is bad when you have never seen it before? There are clues, such as attempts to change configuration data or to store executable files. In fact, a post (not real-time)analysis of familiar log data showed that the majority of threats could be detected using log information. Red Lambda does that on torrents of streams of data in real time.

The analytics revolution is well-represented by Red Lambda, which has math gurus designing sophisticated algorithms. For those of you whose eyes glaze over at the sight of high-powered math, please feel free to skip the next paragraph.

Red Lambda uses the term "neural foam" to describe its "neural network" analysis approach. Now, original neural networks in artificial intelligence and data miningrequired significant user training, which is not possible for real-time detection. Instead, Red Lambda does not just examine individual sessions of data; it examines them allto create clusters of correlated data. IT can compress billions of individual events into a few hundred clusters, identify the virtual fingerprints and display graphically data into a visual form that security analysts can drill down into to determine what anomalous behavior is threat oriented and what is not.

Red Lambda is a software-only company whose foundational product is AppIron, which enables a grid architecture connected to all devices that are subject to potential threats. The architecture enables inbound data streams to be fully processed in parallel, and data only comes to rest after it has been acted upon.

MetaGrid is the software that sits on top of the base operational software engine AppIron and actually does the work, such as detecting operational anomalies. Forexample, Wikileaks is known for releasing U.S government documents that the government did not want released. In at least one case, the person who accessed the data to give to Wikileaks downloaded gigabits of information. MetaGrid understands the directionality of data and, as such, may have detected that this was an anomaloussituation and stopped it. But MetaGrid does not just analyze real-time data; in one case, it was used as part of a cleansing process to detect anomalous situations in a year’s worth of carrier call records, which can amount to billions of records per day.

First the caveats. No one security product can do everything or is a panacea, not even Red Lambda. Next, other vendors are likely to claim that they do most if not all or even more of what Red Lambda does (even though they really can’t). Third, it is too early to get detailed feedback from a significant number of Red Lambda users, and no independent benchmarks have been done. Fourth, Red Lambda’s business execution (such as the right product development strategy and go-to-market strategy) has yet to be demonstrated.

So it is much too premature to determine whether or not Red Lambda will ever be a heavyweight contender in the security space or simply act as a complement to existing technologies. That may depend upon whether its technology turns out to be evolutionary or revolutionary (for which Red Lambda used the term "disruptiveevolution"). However, the company has a very exciting idea that seems to offer a breath of fresh air in the security industry. The bad guys are extremely clever, but hopefully innovative good guys can be even more clever. If so, then the good guys have a chance of winning, and Red Lamdba should be one of the companies earning a well-deserved reward.

At the time of publication, Red Lambda is not a client of David Hill and the MesabiGroup.