Big50-2017 Startup Spotlight: Osprey Security

Osprey Security

What they do: Provide a real-time endpoint threat detection and prevention platform that protects against “sophisticated attackers and malware.”

Problem they solve: According to Osprey Security, “for a typical organization, your endpoint systems represent the largest attack surface for a malicious threat actor.” A wide range of endpoints (POS terminals, PCs, tablets, etc.) essentially run the business by storing, processing, or consuming business-critical information. Thus, they present an “attractive target rich-environment for attackers ranging from sophisticated Advanced Persistent nation state actors to petty cybercriminals looking for financial gains.”

Endpoint devices are how the humans get exploited, how application vulnerabilities get opened, and how data gets exfiltrated.

Unfortunately, traditional endpoint security tools are often siloed, and they tend to look at a very narrow attack surface, while also depending on human cyber-security experts to parse events, analyze incidents, and respond to real threats. In other words, the people tasked with warding off attacks simply can’t keep up with today’s constantly evolving threat environment.

How they solve it:  Osprey Security’s Endpoint Intelligence Platform discovers sensitive business data on endpoints, enables automated detection of vulnerabilities and malicious activity, and leverages deception techniques to prevent malicious activity, while also simultaneously modeling attacker behavior.

Big50-2017 startup @osprey_security rethinks endpoint security #Big50 #startups w/ http://wp.me/p330ZZ-hU Share on X

The platform provides proactive threat response using deep-learning based machine learning models, and it leverages cyber-deception techniques to lure attackers. Using game-theory-based models, Osprey constantly sets out new lures for an attacker.

As a result, Osprey says the solution can prevent Snowden-type attacks by understanding every single file on the file system and marking its sensitivity score using PII discovery techniques and understanding their usage patterns, while enforcing blocking actions for outlier activity.

Once set up, Osprey endpoint sensors continuously collect data from systems across an organization, looking for anomalies and outliers. Through cyber-deception techniques, the platform in many cases stops known and unknown malicious activity, while also gaining an understanding of both the attack and data exfiltration patterns of malicious insiders or external attackers. It also prevents exploitation of such systems by scouting the endpoint for vulnerable applications and either patching them or deploying virtual patches.

Headquarters: Palo Alto, CA 

CEO: Rohit Anabheri. Previously, Anabheri founded and lead several other “multimillion dollar large scale enterprise web content management solutions.”

Year Founded: 2015

Funding: Not disclosed.

Competitors include: Incumbents such as Trend Micro, Symantec, McAfee, and IBM BigFix, as well as such startups as Shape Security, Cylance, and Bitglass.

Why they’re in the Big 50-2017: Osprey is positioned in a hot, crowded market sector. We’ve been lured in by their “cyber-deception” methods, and Osprey Security earned a wild card spot in the voting round by finishing second in their group and in the top five overall.