Analysis: ThreatStream uses the collective wisdom of the firms on its platform to identify current threats.
The freemium model is readily deployed across a variety of sectors, and cyber security firms have begun to increasingly take up the model for their solutions, often as a trial offer. For example LogRythm have a freemium Network Monitor product, and Promisec offer a similar endpoint monitoring tool.
You can now add ThreatStream to that ecosystem. The threat intelligence platform is building a community around its enterprise only product, to better highlight real and current threats, and help security professionals gather useful information from the data they collect in logs.
CEO Hugh Njemanze told CBR that by allowing firms in for free his business could build the kind of community around it that he felt was required to provide an effective exchange of information.
The firm decided to "make sure that people who want to exchange this kind of intelligence know that they can do it on our platform whether they have to make a financial commitment or not," he said.
Of course, he is not running a charity, and believes that allowing people onto the platform for free ultimately boosts his bottom line too:
"Once they’re on there people will see what the extra, the premium features are it will already be their community of choice and then when they want the premium features they’ll sign up for the paid version."
The theory goes that as the community grows the product becomes more valuable to its clients, and similar businesses will be attracted to use it too. "Part of the value of our platform is what is the size of the community that’s in your vertical," said Njemanze.
"So if you’re a bank, the more banks that are in our system, the more useful the community is. Let’s say there were 100 banks, and 10 of them were willing to spend money, if we have 40 banks in our system, those banks that will spend money are more likely to pick our system over any other system."
It is a similar theory as to why many security firms put out whitepapers, and highlight vulnerabilities that their research has found. They want to build up trust and credibility in order to attract more customers.
As Njemanze puts it, "It’s kind of like the way Ebay works. So in the US the only auction site is Ebay because that’s where everybody is selling stuff, so that’s where people go to buy stuff. Then the people that want to sell stuff that’s where they go because that’s where the buyers go, and it becomes something that’s very very hard to break into."
The principle sounds relatively simple – build an area where people can share their information, and then when you have them tempt them with premium products. Indeed, it has been deployed by countless firms across a number of industries. However, it takes time to get your offer right.
"We’ve have to do a lot of experimentation to find the right vectors on which to make things free and which to charge for. We actually still have irons in the fire and we’re still making changes," said Njemanze.
When it comes to building a cyber security community, a key consideration is not letting the enemy, the hackers you are trying to stop, in to it so they can gather your intelligence.
"It’s very much like if you were building a list of people who should not fly," Njemazne said. "We vet people coming onto our platform so that we know we are sharing information within the community of defenders, as opposed to making it visible to everybody."
This sounds a laborious task, but he said they have build heuristics to make it scalable so that they can quickly add customers, particularly in the light of a major breach. "We were able to onboard 300 companies in 2 days" after the major breach against healthcare firm Anthem, Njemanze claims.
This vetting process is not like a criminal background check though, as it is all tied to enterprise, and individuals cannot purchase the products. It makes the process less arduous.
"We basically asses the company itself, and then the role of the individual within the company," said Njemanze. "The upshot of that is as a private individual you would have to go through a more rigorous check, but if you have a legitimate role as a security researcher with an organisation that we recognise then it makes the check a lot simpler."
The firms on its platform is increasingly moving across the Atlantic to the UK and the rest of Europe, with the firm actively looking to expand into the EMEA region over the coming months.