When Derek Maki and Dayne Myers were leading McKinsey and Co.’s Cyber Solutions New Ventures group, CISOs and CIOs were constantly telling them they needed a solution to help drive more value from existing investments in people, tools, technology and data.
In 2019, they founded Longbow Security to be that force multiplier.
“We wanted to build a solution which helped drive more value, more automation from existing technologies, tools and data,” Maki said. “We kept hearing that the problem was not a lack of data. We know we have the answers buried internally among the team, among existing tools, but the problem is surfacing the root cause and efficient actions. It was out of this pain that Longbow came into being.”
The most important factor differentiating Longbow from its peers is the concept of cross-tool context and automated root cause analysis, Maki said.
“Without cross-tool context, security teams can’t get to the root cause of the cloud security issues driving the most risk, he said.
Longbow automates root cause analysis across cloud security, application, and code repo tools, and provides remediation capabilities that address the most amount of risk with the least amount of effort. This both reduces the number of solutions that need to be implemented and helps teams focus on solutions that have the most impact.
“From your code repos, and all the way to the cloud and runtime, an organization needs the ability to understand deeply the context about assets and issues. Aggregating data is easy. Providing actionable insight is the difficult part that Longbow delivers at scale,” Maki said.
“Many times, our competitors are typically focused in a silo along the code-to-cloud continuum. So while they may have context on what’s happening within the code repo, they won’t have context on runtime, and vice versa. So that’s really our big differentiator. We’re not focused on detection of vulnerabilities within one area of the program, we’re focused on context and prioritization across the continuum.”
By giving visibility into the gaps between products, Longbow allows customers to quantify risk and urgency across a program – and not just through the lens of one aspect of the program like other tools do, said a customer from a large, global financial services firm.
“Longbow turns data into actionable knowledge by acting as the unbiased abstraction layer on top of other tools to get value from these other tools,” the customer said.
“It is the aggregation and insight Longbow provides across my various tools that addressed the dangerous white space that existed between these products. I now have visibility I never had before and it is very high value.”
Longbow developed its distinctive root cause analysis because customers were “sick of playing whack-a-mole,” Maki said.
“Instead of looking at symptoms, we’re looking at the common root causes of a company’s issues and focusing on addressing those,” he said.
In addition to automating root cause analysis, investigation and prioritization are two other top use cases of Longbow’s technology.
The platform ranks which of a company’s vulnerabilities are truly important by looking at the business, security and information technology context. It then prioritizes across those three dimensions to automate issue prioritization, looking not only at vulnerabilities, but also misconfigurations, data sensitivity issues and indicators of compromise.
Once issues are prioritized, the product’s trademarked Best Next Actions kicks in, prioritizing remediation and paring it down to a small set of solutions that address root cause and eliminate the most risk with the least effort.
“One customer told us the automated root cause analysis combined with the top five Best Next Actions remediated 40% of their total risk profile, compared to having to orchestrate symptom-level fixes to address over 10,000 issues across multiple teams. They said they would not have seen the root cause nor the root solution. By focusing on these five areas, they reduced the most amount of risk while saving immeasurable amounts of investigation and remediation time,” Maki said.
The majority of Longbow’s customers are Fortune 500 companies, though the platform can also tackle use cases for small and medium size enterprises, he said.
Many smaller companies today are cloud only or cloud first. Cloud security resources are difficult to attract and retain, especially for smaller companies. Longbow is like having multiple high-end cloud security analysts focusing the extremely limited remediation resources on what matters most to remove the most risk, Maki said. The company has two lead investors based in Silicon Valley: Security Leadership Capital and Grafton Street Partners. To date, it has raised more than $10 million.
If security teams once had complete control, that model has changed dramatically as technology has evolved. Maki would like to see the security team’s role change from being a middleman in the remediation process to focusing on things like high-level problem solving, reporting risk and spotting advanced threat trends.
He’d also like to see a consolidation of the various security silos, where different teams handle different security issues.
“At the end of the day, they’re all big-V vulnerabilities,” he said. “One of the trends that we think is important, that Longbow helps facilitate because of our broad view of what a security issue is, is allowing security teams to see all issues and apply consistent prioritization regardless of the issue type. This will drive more efficiency and effectiveness. We as security evangelists need to continue to break down these silos.”
If you would like to learn more, see a demo, and try Longbow out in their sandbox or your environment, reach out to Derek Maki at derek@longbow.security or check out the website at www.longbow.security.