MistNet scores $7M in funding, launches CyberMist threat detection platform

MistNet, which was incubated within Juniper Networks prior to its founding in 2016, announced a $7 million round of Series A funding on Tuesday and also launched its CyberMist detection platform.

The funding round was led by Foundation Capital, with participation from Westwave Capital and an unnamed security company.

Mountain View, Calif.-based MistNet is taking the road less traveled for cybersecurity by leveraging mist computing and artificial intelligence (AI) edge computing to hunt threats in real time without backhauling all of the information to a data center.

"My team, we've worked in networking, and cyber for most of our careers," said Mist CEO and President Geoffrey Mattson said. "The problem that we're trying to address is that we've noticed that the tools that tend to be used after a breach to figure out what's happened, and to contain the breach, and to attribute it to a threat actor, are often a different set than what was used for initial detection.

"So, the investigators want to look directly at primary data. They want to look at exactly what's happened in the network, exactly what's happened on the host, and they tend to use their own DPI (deep packet inspection) methods, and they use their own host OS (operating system) monitoring. This is a little bit different from automated detection, which tends to have a series of appliances that all digest their own data and they their own alerts independently."

RELATED: Verizon cybersecurity report: Telcos need to decide what to defend

Mattson said the appliance approach was efficient, but it created silos of data that make it difficult to trace an attack all the way across an enterprise. A newer mentality for security measures is "assume breach," which assumes there is some device or person within an organization that has some level of a security compromise that the enterprise is trying to find and contain at all times.

"We figured out how to process for this very high volume of information, like streaming network traffic, and then raw OS internal traffic, and actual user behavior in real time to be able to apply modern scale-out and analytics to it," Mattson said.

CyberMist combines advanced threat detection capabilities with MistNet's patent-pending TensorMist-AI mist computing technology. With TensorMist-AI, instead of backhauling security data to centralized compute resources for analytic processing, the system moves compute power to the data via the use of mist computing technology.

"It basically takes these very powerful architectures that are designed to run in a data center where you can scale out a 100,000 nodes to operate on a single problem, on a single large data set," Mattson explained. "And, instead of trying to back haul all the data to the data center, we forward deploy some of the nodes close to the data, but still let them talk to the other nodes, so they can exchange modeling information. They can exchange analytic information."

With CyberMist and TensorMist-AI, enterprises can run a full set of monitoring analytics on the primary data in real time by creating a mesh that is geographically distributed in nature, but maintains a centralized view and control function via the cloud.

"So, that's the big win that we have from our fundamental patent-pending technology with mist computing," Mattson said. "It also allows us to look much more deeply at a broader data set than conventional security appliances. We're able to detect things that work, or are difficult to detect, to reduce false positives, and to create a complete investigative record of what every user, every host and every application has done in an enterprise."

MistNet is able to move the data to the edge, but it still maintains a connection to other edges and to the cloud.

"Creating this geo-distributed mesh allows a seamless deployment of cluster technology that's not stuck in one single data center, but projected over any geographical distance," Mattson said. "We also make use of cloud metadata. We look at things like microservices, like Kubernetes and containers, and we're able to do this because this architecture is not appliance based. It's essentially this extended mesh."

By keeping security data at its origin and performing analytics on location during security operations procedures, Mattson said MistNet also offers privacy and compliance benefits for verticals such as healthcare or financial institutions.

Mattson said that MistNet has customers it plans to announce, and it's currently rolling out its product portfolio to the mid-sized enterprise market. MistNet gives its customers full access to its data model and has a professional services team to help with implementation.

While MistNet has out-of-box models available, it also provides a Spark ML and TensorFlow library that allows enterprises to write their own deep learning programs to create their own models.

MistNet, which has about 20 employees, competes against companies such as Cisco that collect and analyze data through their own devices, but Mattson said Darktrace is his company's closet competitor.