End-user analytic company Nexthink has announced it has received an extra $40 million in new investment led by venture capital firm Highland Europe. In its press release Nexthink says that the money is earmarked for future product development and expansion of its global presence.
This was a competitive funding round with Pedro Bados, CEO/President and Co-founder of Nexthink saying: “We had multiple investment proposals for this round and the team at Highland Europe was the perfect fit for us. We were convinced by their proximity, strong international network and proven track-record in this space.” Having raised a total of $65 million since it was launched in 2012 the company is already talking about IPO which could potentially come as early as 2017.
Competing with the big security intelligence players
Much of the story around the use of behavioural monitoring for security intelligence has come from vendors such as IBM and HP. This is because the majority of companies in this space see the solution as a big data and analytics story and the need for large and complex analytics solutions to make sense of the data.
Like its larger competitors, Nexthink is using endpoint collectors to capture data on how end-users are interacting with the network. That data is fed into a real-time analytics platform that uses their own artificial intelligence/machine learning technologies to determine what is normal behaviour and what could be considered abnormal. For example, a user suddenly access data from multiple global locations inside a short period of time or unexpectedly downloading data.
To help refine that analysis Nexthink uses a number of threat indicators but does not publically talk about using threat sharing services such as STIX and TAXII. This is a surprise and maybe something that it will be looking to change once it looks to spend some of the $40 million it has just raised. Nexthink does have a set of integrations into other products such as databases, log files and Microsoft AD. It also supports Web API and NXQL.
Using an in-memory database to cope with the transactions
One of the challenges of security intelligence and doing real-time analytics is dealing with the volume of transactional data. The best way to deal with this is to use an in-memory database to reduce time fetching data to carry out any analytics. Nexthink is unusual for small companies in that rather than use in-memory technologies from vendors such as SAP it has developed its own Nexthink Engine.
It will be interesting to see where it goes with this technology. Currently it does not appear to be using technology such as Apache Spark which would enable it to reduce the size of each Nexthink Engine instance but still run queries across multiple in-memory datasets. This would appeal to larger customers with locations in multiple regions as they could save time moving all the data to a single instance of Nexthink Engine and instead run queries across all their sites.
Such a move would also enable them to expand into the Security Operations Centre (SOC) tools market. A SOC or even a managed security provider could then deploy their technology for multiple customers keeping each customer in its own in-memory instance but gain the ability to run queries across all the instances. That would provide a wider set of data and visibility of attacks and further enable Nexthink to compete with the likes of IBM and HP.
The security market is full of a lot of fast growing companies that are attracting investment cash. Many of them fail to make it to IPO as they are snapped up by large companies who see them as providing much needed technologies for their own business. It will be interesting to see what Nexthink adds to its product with this new tranche of cash and how long it will take before larger security vendors begin to make serious moves to acquire it.