Jasvir Gill, Founder & CEOWith the promise of protecting CEOs, Virsa created the first compliance software application that could be used to stay within the legal parameters of Sarbanes-Oxley. The company became astoundingly successful, being acquired by SAP for $400 million and placing Jasvir in a senior vice president position of their SAP GRC software business unit. A year later, Jasvir would again take the reins of his own company. In 2007, AlertEnterprise was born, and much like Virsa, it came at a time when security breaches were the cause of huge, controversial incidents.
"The software combines predictive risk analytics, machine learning and artificial intelligence to correlate complex threats across IT, physical security and OT"
With events such as the Washington Navy Yard shooting and the killing of three at a start-up in Santa Clara looming as consequences of security failures, AlertEnterprise was founded with the realization that the day's security threats were different than what was it before. No longer was cybersecurity solely a matter of IT threats—it could now be classified into a variety of threats, with varying motivations for attack and different ways of thwarting each attempt. As the company progressed, Ray Lane, Partner Emeritus with legendary venture capital firm Kleiner Perkins (and former Oracle president and one time chairman of the board at Hewlett Packard) invested in the company as well.
Redefining “Cybersecurity”
“One of the areas that’s very satisfying for us was the fact that just a few years ago, Gartner Research issued a document that they called ‘definitions’ and they redefined what cybersecurity meant. Cybersecurity was a combination of IT security, application security, physical security, OT security and more. They're now calling that digital security,” explains Jasvir Gill, Founder and CEO, AlertEnterprise. For a while now, AlertEnterprise has spearheaded an entirely different view of cybersecurity in the digital age. Big enterprises are now starting to take note that cybersecurity is more than just IT—it’s IT, OT and physical security put together.
What Jasvir refers to as “blended threats” are best observed in how AlertEnterprise works as business layer that sits on top of the existing IT, Physical Security and OT systems and allows security operators and operational managers to seewhat’s going on.
In a utilities industry scenario, when a relay technician goes to a critical substation in the middle of the night and swipes his badge, the software goes into the system and, from an analytics perspective, looks at how many times this person has been in the facility outside of work hours. Within 10-15 minutes of the entry event, the software can detect an unauthorized disabling of a protective relay that could create a blackout or cascading outage. The software generates an alert back to the security operation center immediately.
This combination of IT and OT eventually leads to the physical security perspective, which is deciding whether or not to send a guy out with a wrench or with a gun at the most crucial moment. Events like Washington Navy Yard reinforce the importance of being able to make that decision quickly. When the shooter was issued his badge as a contractor, much of his behavior history was not readily available because the information was on different sides of the system. If AlertEnterprise is at play, the individual risk score capabilities would label him a high risk person right away, and enable the authorities to act accordingly.
Improving All Aspects of Digital Security
Whether it’s keeping up with NERC CIP requirements that could rack up penalties of up to a million dollars or preventing high cost incidents that could shut oil and gas plants down for months, businesses love AlertEnterprise for a plethora of different reasons. A big one is that AlertEnterprise’s software is made to help these companies get more out of their cybersecurity, badging systems and automation software collectively, rather than replace all of it. With AlertEnterprise, they can lock out employees who haven’t completed their continuous learning and state certifications, and time-stamp every single action to determine who is where, when they’re there and why.
AlertEnterprise works as a business layer that sits on top of existing IT, physical security and OT systems and allows security operators and operational managers to actively respond to security events
Enterprise Sentry, the company’s incident management and response platform, is particularly good at this. It combines predictive risk analytics, machine learning and artificial intelligence to correlate threats across IT, physical security and OT. The software can take into account the fact that the person in question received a two week termination notice, or failed to complete their continuous learning requirements to keep their certifications active. It can also detect insider threats, and is currently being used at a major airport to sniff out narcotics operations. This is done by correlating work history, access patterns and abnormal badging events outside normal shift hours.
