We met with Joe Eandi, the CEO & Co-founder of Vorstack, at the Finovate conference in San Jose. Vorstack is the industry’s first solution that provides early warning of security threats by automatically sharing cyber-events and enabling real-time collaboration. Vorstack enables automated event and threat sharing between trusted security professionals across the industry to obtain validated threat intelligence and rapid resolution through collaboration.

Who are you?

My name is Joe Eandi, and I’m the CEO of Vorstack. We recently got a $5 million + round of funding from Tech Operators and some others. I was originally an attorney, and worked at one of the premium law firms in the Bay Area, Wilson Sonsini. That’s where I discovered that I really wanted to be on the other side of the fence; it took me a while but we started Vorstack a couple of years ago to be in the information security space.

What do you do in a nutshell? Where did the idea come from?

There is a massive movement going on where enterprises want to exchange information to better improve their security. The promise at the highest level of security collaboration is that I can extend my network to the networks of others; if I can get real time information from my peers, that’ll help stop attacks on me. The efforts that have been made today have been association efforts where people are still sharing informally over email, or, there are some companies coming up that are storing big data in the Cloud to do processing; there hasn’t been a focus on the last and first mile of data exchange.

By last mile, I mean the use of information you get from others but don’t know how to use it. So Vorstack has built this engine that sits inside your network to automate the determination of relevance from all the disparate data coming back and forth into your network. We can determine what is relevant at the time we get the data, and we can set parameters so we can analyze in the future, so you don’t have an amnesia problem when you go forward as well. You can actually run queries over periods of time to avoid these problems, so now you’re processing data from the outside.

Given that the data is in all different formats, we have proprietary technology that normalizes it to a format that allows it to be queried against all the latest databases like Hadoop and Splunk, or the databases underlying Security analytics, or QRadar, and the like. That’s the automation of the inbound last mile.

For information sharing back to, or through these organizations and others, you need control over it. So we automate the outbound sharing , automating what is being shared from your network to others. This is where my lawyer background comes in: we give you strict control over what is being shared, and in what format, so that you can satisfy your policy, and regulatory people. This is very relevant for international organizations, because certain information can go on one direction more fully than in the other, so we support the concept of asymmetric trust in our platform. We are the first and last mile of threat intelligence collaborations.

How did your experience as an attorney help you to bridge the gap to entrepreneurship?

There are three ways I think it helped me. First, the network helped. If you’re representing companies that are going public and getting funding, you start to get to know the venture capitalists and successful entrepreneurs, and also become a trusted advisor for them, so they’ll return your calls down the road.

Second, if you have the right training in lawyering, you can learn strategy and game theory, and other types of applications. So when you encounter problems, you don’t have to just use your intuition, you can actually map things out from a game theory or other strategy perspective. We certainly did that in some of our decision points. Some of the decisions we failed to make were ones where we didn’t apply those formulas.

Third, if you’re going to do a start-up, and you’re not 22-years-old and can live in a shack, you want to be able to pick a business that is something that a couple of 22-year-olds can’t do. Information security is a business that you actually need a legal background, a policy background, and you need expertise to actually go to large financial institutions to talk about how you are going to secure their data.

How did you end up in security?

I dealt with security in complex matters at the last company I worked for. It was at a company called LiveOps, and it grew from $3 million in revenue to $130 million in revenue while I was there. We had to deal with a lot of regulatory issues because we handled 500,000 credit cards a week that were stored digitally, and in audio files. This is where I learnt how to deal with data. I left LiveOps and I was an entrepreneurial resident at Foundation Capital, where I was nurturing an idea with my technical co-founder, and then we decided that our idea was actually a company. We started the company based on a virtual security platform technology for which we’ve found the perfect application of the technology only last year, after hundreds of conversations with prospects.

What is your vision?

Our vision as an organization is to be significantly present in the markets we go after as a fundamental piece of how they do security. If you can extend your network beyond your four walls, and extend it out to others, you’ve just improved your network greatly. Coming from a customer of ours, if you’re effectively collaborating with your peers, and you’re using data in real time, you’ve gone from your basis of your security as being an event-based security team to an intelligence-based security team. Event is reactive, intelligence is proactive; and so, we’re a piece of that movement from event to intelligence-based security.

What are the biggest challenges for your company right now?

We need to get our product in people’s hands and hear them rate the product, to make sure we’re meeting people’s needs. There is one challenge that’s unique to collaboration, and it’s about real time collaboration where you’re passing information back and forth — you have to have people start at the same time. That itself provides challenges because in most sales processes you have a single focused customer, whereas now you have to coordinate four or five to actually turn something up at the same time.

Are you hiring at the moment?

Absolutely, engineering and sales in particular. You’ve got to build it and you’ve got to sell it.

Vorstack is the industry’s first solution that provides early warning of security threats by automatically sharing cyber-events and enabling real-time collaboration. Vorstack enables automated event and threat sharing between trusted security professionals across the industry to obtain validated threat intelligence and rapid resolution through collaboration

(Image Credit: Sascha)