Startup Preempt detects, blocks bad users, devices

Behavioral firewall automatically responds to behaviors that violate policies

preempt screenshot

Preempt is a startup whose virtual appliance acts as a behavioral firewall that ranks the risk a user or device represents and responds automatically based on policies set by corporate security pros.

The platform can spot and block certain attacks without intervention by the security team, which frees up time for them, says Ajit Sancheti, co-founder and CEO of the company.

The platform picks up on odd behaviors such as individuals logging in from machines they don’t normally use, which could indicate someone has stolen their credentials. Or it could detect a user who generally uses a certain set of servers suddenly accessing a new set. It can pick up on brute force attacks on passwords and block them.

The company calls what it does User and Entity Behavior Analysis and Adaptive Response.

The platform consists of a central management server and remote firewall sensors running on a virtual machine that can be placed either inline in front of domain controllers as proxies or on a span port in monitoring mode. Monitoring mode for about a month gives the platform time to set a baseline for normal behaviors. The management server can set security policies for users individually or in groups and pushes them to the sensors.

Preempt gives visibility into all activity on the network so it can reveal information about usage in monitoring mode, but it can also enforce policies. The responses the firewall can make to traffic are allow, block, reset authorization in Active Directory, require re-authentication using two factors or simply alert via email.

Sancheti says setting up Preempt in a network with eight domain controllers can be accomplished in about half an hour.

Preempt licensing starts at $25,000 per year for up to 500 users, and the price per user drops as the number of users goes up.

The company was founded in 2014 and is based in San Francisco, funded with $8 million in Series A investment led by General Catalyst Partners. Other investors include founders of Trusteer, Mickey Boodaei and Rakesh Loonkar, and former Akamai CEO Paul Sagan.

Now read this: How to respond to ransomware threats

This story, "Startup Preempt detects, blocks bad users, devices" was originally published by Network World.

To comment on this article and other CSO content, visit our Facebook page or our Twitter stream.
Insider: Hacking the elections: myths and realities
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.