Founder's Story - Exabeam

Sometimes it Takes a Bad Experience to Spark a Great Idea

The credit card thieves who started it all

It was early 2012. Nir Polak was on the search for an idea to build a startup. Anyone who has tried this knows a winning idea isn’t easy to come up with.

While on the hunt, his credit card info was stolen. Ordinarily, this would have been a simple modern day annoyance, a consequence of a world that relies on shared personal information. Instead, it sparked something: the winning idea.

Credit card fraud alerts are triggered by unusual behavior—a suspiciously large purchase, buying shoes in another state, or shopping for jewelry in the middle of the night. Card issuers catalogue your typical buying patterns, and when something abnormal pops up, they flag it.

Nir wondered why monitoring of unusual behavior wasn’t being used in the field of cybersecurity? Knowing the daily routine of an employee to potentially spot unusual behavior—a likely sign of an insider threat—seemed like a logical security measure. An idea backed by a valuable use case started to emerge.

Open your mind, find the way

Nir had a core concept for a company, but didn’t know the exact details of what the product would be. Receiving the fraud alert was the start, but to refine he kept his mind open, looking to other disciplines and markets to uncover the deeper opportunity. He had spent more than five years in the cybersecurity market as part of the team that took Imperva to an IPO. He knew there was something bigger out there, a puzzle that hadn’t been put together yet. This new idea was different, or so he thought.

Where previous efforts failed

As it turns out, however, Nir wasn’t the first person to have this idea in cybersecurity. It can be a deflating moment when you realize your golden goose is actually beige.

A handful of security startups over the years had tried to use credit card fraud detection techniques for cybersecurity purposes. Undeterred, Nir looked into why they failed.

It turns out there were two key shifts that had taken place in the market. The first was the advancing field of AI, particularly machine learning. Past companies had instead leaned on so-called expert systems that relied on rules written by experts. These were limited to what the experts knew and were prone to gaps as cybercriminals changed their tactics. With machine learning, on the other hand, the machines were always watching and learning. They didn’t rely on experts, because the machines were even better at understanding what ‘normal behavior’ was.

The second change was the rise of big data technologies, combined with the fast-falling cost of storage. In past attempts, data storage was expensive and limited the amount of behavioral signals the application could store. By the time Nir got the fraud alert on his phone, you could store almost everything for a pretty nominal amount of money.

An idea is only as good as the team that rallies behind it

Technology was getting more capable. Previous industry mistakes were understood. The next step for Nir was building a team that would drive this powerful solution to new heights.

He reached out to former colleague, Sylvain Gil. Sylvain brought knowledge of the market and a healthy French skepticism. Just as many good scientists are skeptics (very different than cynical), Sylvain essentially tested ideas to make sure they could work. Along the way, Sylvain and Nir teamed up with co-founder Domingo Mihovilovic. Domingo had been developing a large-scale cloud security management system. He was proud of what he’d built, but he knew there were some issues. His product was looking for anomalies the old way—using known signatures from malware and the like—it wasn’t going to keep up. Domingo kept both Sylvain and Nir honest from a technical pragmatism standpoint. The core crew was assembled, but needed potential customers as design partners. They consulted them before writing a single line of code. The startup concept was good, tech advances meant it was possible to create, and these handful of security professionals were critical in turning what they could build into something they could buy.

Every idea needs a name

A powerful name is vital. When Nir, Domingo, and Sylvain started brainstorming company name ideas, big data was a source of inspiration. The product would process a lot of data – many, many gigabytes. ‘Giga’ and ‘tera’ already saturated the tech landscape, so they went bigger—literally—thinking one billion gigabytes, or an exabyte (10 to the power of 18). But the product also acted like a beam of light, shining down on interesting patterns contained in huge volumes of log data. The name recipe for Exabeam was there, and the rest is history.

The UEBA market emerges

You know you have a successful idea when the thing you build becomes a market with its own acronym. Gartner coined what Exabeam was up to as User and Entity Behavior Analytics (UEBA). Twelve months after the company launched, Exabeam had 50 paying customers. The fast start was due to all of the careful prep work. Today, Exabeam is trusted by organizations around the world. We work with security teams of all sizes, including some of the world’s largest enterprises.

Once the UEBA market was established, we made another important leap into the SIEM market. From there, we continued to evolve our SaaS platform to keep up with the ever-changing landscape of security threats.

There’s work to be done

We look for the best and brightest in the security space. Let’s keep raising the bar together.