Smaarts: Big Data Meets Enterprise Security

Steve Douty, CEO and Co-Founder
Enterprise security has become a big data problem. The variety, velocity, and volume of data required to detect and contain sophisticated attacks require completely new approaches to harness and extract actionable insight from it. Because time is of the essence, traditional information retrieval methods that query databases or search repositories are not scalable, fast or precise enough to detect the subtle signals, relationships, patterns, contexts and anomalies that indicate the presence of a sophisticated attack or infection. And because Smaarts can efficiently look at all the data (volume), in real-time as the data streams (velocity), and is optimized for handling unstructured, semi-structured and structured data (variety), it analyzes all data concurrently without the need to aggregate incoming streams.

SmaartsTM, a software company headquartered in San Mateo, CA provides the SOC analyst advanced software that accelerates incident response by providing real-time and synchronized historical visibility into combinations and sequences of observable behaviors that map directly to the Cyber Kill Chain. Smaarts works with a broader set of data types than any other security analytics product. It consumes streaming data from multiple concurrent sources and parses each stream into its constituent data elements – from syslog feeds and anti-malware alerts, to Twitter feeds and historical data presented as a stream. It can also query Active Directory, proxy servers and external threat intelligence services in runtime. In the world of Big Data, the richer and more varied the data, the higher the accuracy of the results.

Smaarts is particularly adept at handling unstructured and semi-structured data – device alerts, syslog flows, JSON objects (including Tweets), email messages, documents and more.Only recently has attention been paid to optimize and automate the process of detecting and containing the attacks that get through. More than half of successful attacks extract corporate data within seconds or minutes of infection. Unfortunately, it typically takes days, sometimes weeks, just to detect compromises. This is a vexing problem for almost every organization.

Smaarts is a human-machine collaborative system that leverages both the observational powers of human intuition and institutional knowledge to automate the complex work flows that are manually performed by most SOC analysts today.
“With traditional methods failing, today’s threats demand an entirely new approach. Our patented method enables us to do ‘on the fly’ in-memory analytics, including the detection of complex inter-relationships across any combination of data elements that arrive in incoming data streams,” explains Steve Douty, CEO and Co-Founder of Smaarts.

Smaarts can also perform real-time forensics through the synchronizedre-streaming of data it caches or that is archived by third-party solutions. When data enters the Smaarts system – irrespective of its native format – it is converted to a stream of integers. This flow is then passed through a series of “Threat Maps,” which contain criteria that are configured to look for complex sequences and relationships between the incoming data elements. The patented approach converts criteria into a structured integer form as well, so that solving for these complex relationships involves simple in-memory integer-to-integer comparisons.

“Our approach lets us solve for these complex relationships as the data arrives,” says Douty. “This ‘Software-on-a-Chip’ analytical throughput opens the door to real-time detection, experimentation, testing of hypotheses, and re-running massive amounts of data at a very high speed and low cost.”

The user-configurable Threat Maps detect the occurrence of complex combinations of behaviors that are strong indicators of compromise. Each Threat Map represents a part of the workflow that analysts perform when responding to an alert. Threat Maps can operate stand-alone to detect certain subsets of a Kill Chain, or they can be linked to each other and uncover data relationships across an entire Kill Chain.

Smaarts brings a new approach to representing, contextually processing and discovering the knowledge in data that reduces the time “right of the hack” – that is, between infection nd proper remedial action. Smaarts complements existing security intrusion and prevention solutions.“The Smaarts solution will offer enterprises the best time-to-value of their security data, and will be able to identify complex combinations of indicators scattered across massive sources of data faster and cheaper than other solutions in the market,” explains Douty.


San Mateo, CA

Steve Douty, CEO and Co-Founder and Chuck Shih, COO

Analyzes continuous and queried data from security-related devices and data sources to detect complex relationships, conditions and patterns in real-time.