Respond Software and ForeScout are leading a concept that automates decision-making processes for threat analysis in industrial control systems. The system, called VITAL, incorporates artificial intelligence that can “judge” potential threats.
WWD Associate Editor Sara Myers spoke to Chris Triolo, vice president of customer success at Respond Software, about Respond’s partnership with ForeScout, VITAL, and how cybersecurity is changing.
Sara Myers: Tell me about Respond Software and its goals.
Chris Triolo: We are a startup that was founded in February of 2016. So, we're getting to be three years old at this point. The company is made up of industry veterans. We've all worked in the security industry for many [years], 20 years for most of us. It is a very seasoned, crusty, old team that’s been working on security for a couple of decades now.
The reason that we built Respond Software is because we saw a gap in our industry that needed to be filled. We had worked with technologies and built and sold technologies that tried to help [fill the gap]. We see a new way, a better way of doing it. What the issue is, is that everybody, no matter what industry you're in, cyber security is something you need to pay attention to.
Myers: How did the partnership with Forescout begin?
Triolo: [It began] about one year ago through a joint customer, Security Matters, and our company, Respond Software. There was a customer that had this requirement. The customer had asked, “Is this possible?” We said, “Yes, absolutely.” That’s where we brought these solutions together and it’s working in production today.
ForeScout acquired Security Matters, and that announcement was made around a month ago. So, the connection to ForeScout is a bit arbitrary, right? We were really working with Security Matters and then ForeScout scooped them up.
Myers: When did VITAL come into place?
Triolo: It was at the beginning of the partnership when we created the product integration. Then, we just branded it with the term VITAL, which stands for virtual, ICS, threat, analysis, logic.
It’s cool to have a brand name for it because it helps us explain to customers or potential customers. It also helps formalize our partnership more.
The real benefit is [that] their technology produces alerts, but we're able to do this extra layer of analysis like a human would. Humans will ask questions like, is this the first time I've ever seen this kind of activity? Does this happen on a regular basis? Is there a pattern that we see everyday? When we see a pattern that happens the same time every day, let's say two alerts Monday through Friday, it's probably false even though it looks like suspicious activity based on the pattern itself.
Myers: What are the priority issues when it comes to cybersecurity for industrial control systems specifically?
Triolo: When you've got those systems talking externally to the internet or to other external networks, that's a real issue. That's a real potential problem. It's something that we're going to want to look at when there's unauthorized devices that are being added in inside the ICS networks. Who put this device on the network? Why is it here?
For example, what looks like a brute force password attack or invalid credentials being used on the network. These are indicators that there's something, someone's in there and is doing something bad potentially. Those are the kinds of sorts of use cases that you're looking for to make sure that the integrity of that, of that ICS environment and these systems is being protected.
We're leveraging problems with probabilistic algorithms and math in order to make the judgment because a lot of it is it like yes or no. Yes, there was a bad login attempts, but does that mean it's malicious? Well, I don't know. I need to ask more questions, but then when I asked more questions, it's not necessarily a yes or no that this was malicious. It's what is the likelihood that this is malicious.