Ottawa-based UEBA provider Interset sees enormous opportunity in new CrowdStrike partnership

Interset’s technology managed to interest the venture capital fund of the U.S. Intel community, but until now their exposure to solution provider channel customers has been relatively limited. They expect the CrowdStrike partnership will change that.

Interset in the CrowdStrike store

UEBA [User and Entity Behavioral Analytics] provider Interset has announced a new partnership with Artificial Intelligence-based endpoint protection vendor CrowdStrike which will see Interset’s technology available as a service on the CrowdStrike Falcon platform, and accessible for purchase through the brand new CrowdStrike Store. Interset views the deal as one of enormous significance for them, which has the potential to bring them to a much greater market than they have sold to in the past.

Based in Kanata, Ottawa’s westernmost suburb, where many of the region’s tech companies have gravitated, Interset prefers to refer to its technology as ‘security analytics.’

“We have a somewhat different origin story from most security vendors, as we didn’t start out as security experts,” said Stephan Jou, Interset’s Chief Technology Officer. “We started out as analytics experts and data scientists.  I led the analytic division for the Cognos software group at IBM Canada. We determined that applying to AI to UEBA would be very useful, although this was before UEBA was invented as a term.” The technology Interset developed uses unsupervised machine learning, which does not require labels and instead automatically discovers patterns within limited data sets. This helps them to identify an accurate ‘unique normal; measurement for each entity within an enterprise, and determine abnormal behaviors from there.

That technology impressed In-Q-Tel, the venture capital fund that supports the U.S. Intel and defense community, and which became a backer of Interset.

“Being a Canadian company that has been chosen by the U.S. Intel community is a big feather in our cap,” Jou said.

Interset has been selling for about four and a half years, and goes to market both through their own direct sales efforts, and through a very healthy OEM business.

Stephan Jou, Interset’s CTO

“We are very effective in a particular domain – detecting the very subtle clues that are important in very advanced use cases, and which can only be detected in situ – doing machine learning inside the customer’s environment,” Jou noted. “Our code implements over 300 different machine learning algorithms. When an adversary spearfishes your account, knowing a lot about the account user’s behavior is critical, so you can determine if they are accessing different kinds of data, or doing it at unusual times, or from places like China where they have never been. That all gets detected in real time.”

Interset’s own sales efforts have focused on very large organizations.

“We tend to focus on large enterprises and government agencies,” Jou indicated. “They tend to have the right set of infrastructure to support a Big Data deployment that is a prerequisite for our software. It narrows our audience to the largest companies in the world. That’s particularly the case given that we are a small startup. It lets our small sales team of three people focus on really important accounts.”

That’s why Interset’s partners – their OEM business – is critical to them. CrowdStrike becomes their eighth OEM partner – but the first which is public, and thus the first in which their brand appears on the OEM’d offering, Interset UEBA for CrowdStrike.

““The reason we have a healthy partner business is because our technology is so horizontal,” Jou said. “Everyone can benefit with it. The other seven OEMs are all across the board.  We do have one other endpoint player, and several IAM [Identity and Access Management] players. Most of them choose to embed our technology, and some of the others are a pure OEM relationship.

The CrowdStrike one is different from the others, however.

“I’m very excited about this one,” Jou said. “It’s not our first OEM partnership, but there are some notable differences from the others. To begin with, we have already done an integration with CrowdStrike and beta tested it with their customers, so we have perfected the fine tuning of our platform with their data. The results there have been fantastic. It has been the easiest deployment we have ever done from the perspective of the customer.”

In addition to the brand being public in the relationship, Interset was highlighted by CrowdStrike yesterday, when CrowdStrike announced the CrowdStrike Store, their new marketplace that opens their Falcon platform broadly to third party applications, along the same kind of mode as the Salesforce AppExchange. Interset was one of two vendor partners available in the Store specifically identified in the CrowdStrike press release.

“It’s great for us that we are in their marketplace, and we are proud to be one of the two that they highlighted in their release,” Jou indicated.

The partnership did not take place because either party pursued the other, but because of their mutual relationship with a common customer.

“We both have a common customer, who has a large amount of information that they wanted to protect,” Jou said. “They had implemented CrowdStrike in their environment because they had been victims of a nation state attack, and CrowdStrike has known expertise against such actors. The customer used our analytics to find bad guys. The customer had a Red Team simulate a very sophisticated series of attacks and they were blown away by our results. Their CISO was on CrowdStrike’s Advisory Board and that kicked off the conversations about the partnership.”

CrowdStrike itself has been focused primarily on larger customers in the past, but is actively expanding their own downmarket presence, including broadening out their partner program. As a result, Interset believes that the potential to expand their own market through this partnership is huge.

“Until now, our technology has only really been available to the biggest companies of the world,” Jou said. a partnership with a company like CrowdStrike lets us sell downmarket, potentially now to every company in the world. CrowdStrike gives us a cloud deployment, and access to a much larger sales team. Being in their marketplace makes it easy to buy from us. A CrowdStrike user just has to click a single button in the CrowdStrike marketplace. It’s all automated. Within 30 days, after the data is collected and analyzed and collected they will see results immediately. Because we are now available to anyone who can click a button, I do expect to see a large number of deployments into a type of customer that we haven’t seen before.”