Threat detection marketplace SOC Prime nabs $11.5M

SOC Prime, a Boston, Massachusetts-based startup developing a threat detection marketplace, today announced that it closed an $11.5 million funding round led by DNX Ventures with participation from Streamlined Ventures and Rembrandt Venture Partners. The company will use the capital to further develop its cybersecurity platform, invest in global expansion, and expand its sales team according to founder, CEO, and chairman of SOC Prime Andrii Bezverkhyi.

On average, losses stemming from a corporate data breach surpassed $150 million in 2020. Against this backdrop, companies report that the cost of staying ahead of cybercriminals is quickly becoming unsustainable. According to one source, the typical company spends somewhere between 6% and 14% of its annual IT budget on cybersecurity. As a case in point, organizations were paying as much as $233,817 to combat ransomware alone in September 2020.

Founded in 2015 by Bezverkhiy, Oleksandr Bredikhin, and Ruslan Mihalev, SOC Prime curates threat detection solutions from a network of researchers and delivers them via subscription to security information and event management (SIEM) and extended detection and response (XDR) platforms. Built around Sigma, a standard that defines cyber threat detections, SOC Prime claims that its threat detection marketplace hosts more than 130,000 detections aligned with the MITRE ATT&CK framework, MITRE’s knowledge base, and model for attacker behavior.

“Oleksandr, Ruslan, and I built the platform to bring together the community of top threat researchers across the globe, to connect leading organizations with access to the cybersecurity industry’s most brilliant minds. We sought to establish a collaborative space for threat hunters and security researchers to post, discuss, and create threat detection code to help organizations address their top security concerns in real-time. This led to the creation of the first-ever threat detection marketplace for SOC rules and queries to improve threat visibility, increase detection speed, and supercharge threat hunting capabilities for every company in the world,” Bezverkhiy told VentureBeat via email. “In the early days, SOC Prime used its algorithms and behavior detection queries to help the investigation of the BlackEnergy 2 and 3 attacks on the Ukrainian power grid, which was the first cyberattack in history to cause a power outage.”

A marketplace for threat detection

The threat detection systems market was valued at $48.38 billion in 2015 and is expected to reach $119.17 billion by 2022, according to Markets and Markets. A Crunchbase cybersecurity venture funding report showed global investments in 2020 reached $7.8 billion, setting a year record for cybersecurity investing.

SOC Prime offers more than 130,000 dashboards, rule packages, and “machine learning recipes” updated daily and streamed via API. More than 400 researchers are currently contributing to upwards of 20 SIEM and XDR platforms through the marketplace, according to Bezverkhyi, who claims that SOC Prime serves over 6,000 enterprises.

“SOC Prime’s greatest competitors are legacy and modern SIEM vendors who are not adopting ‘detection-as-code’ as a practice and still develop detection content in-house with very small teams and detection engineering sprints. Our customers have realized that detection engineering is an ongoing process of adding, updating, and enhancing content instead of a one-time project,” Bezverkhiy said. “Since February 2020, [SOC Prime’s] content team and threat bounty developers have delivered hundreds of detection and threat hunting rules and queries to find attacks, exploits, and improve behavior monitoring … Year-to-date in 2021, SOC Prime has released a total of 184 rules for ransomware detection, 166 of which were by [our] threat bounty developers.”

Beyond the marketplace, SOC Prime offers an online translation engine to convert Sigma rules to native SEIM and XDR languages. Translations are supported via Sigma as the intermediate language and can be performed directly, for example, SPL to AQL to Elasticsearch.

SOC Prime says it counts Fortune 100 and Forbes Global 2000 brands in addition to government organizations among its customers. To date, the company has raised $14.9 million in venture capital.

“The company has over 80 employees and contractors in addition to the more than 300 vetted top threat researchers that create and monetize their threat detection code. By the end of 2022, our goal is to reach 140 employees and more than 900 vetted researchers,” Bezverkhiy continued. “As a private company, we decline to disclose specific financial metrics at this time. Having said that, our active premium subscriptions increased more than 50% year-over-year increase, and we have achieved more than 85% year-over-year growth in monthly recurring revenue and active clients in the U.S. SOC Prime’s customer base includes over 6,000 organizations using its freemium software-as-a-service offering and more than 70 paying customers, including enterprises, public sector organizations in the U.S., and EU-based managed detection and response providers and security vendors.”