Preventing another Equifax breach: Sevco Security wants to transform asset management

  • Mark Begor,(L), CEO of Equifax appears before the Senate Homeland Security and Governmental Affairs Subcommittee on Capitol Hill, March 7, 2019 to testify about the company’s data breach. Lack of a mature inventory of its IT assets was a contributing factor.
    (Photo by Mark Wilson/Getty Images)

    Sevco Security announced $15 million in Series A funding on Wednesday contributing to a vision from the founders to transform an emerging product category much in the same way they did endpoint detection and response (EDR) with Carbon Black in 2002.

    J.J. Guy, Sevco co-founder and CEO and a Carbon Black founder, said the company will use the funding to deliver cloud-based visibility into a company’s asset inventory and the telemetry required to understand how those assets change over time.

    Guy said while companies have had trouble gaining visibility into their assets for several years, it came to a head in a March 2019 hearing when Sen. Rob Portman, R-Ohio, pressed Equifax CEO Mark Begor and Chief Information Security Officer Jamil Farschi about whether a lack of an IT asset inventory caused the now-famous Equifax breach of 2017.

    Farschi ultimately conceded that better visibility into corporate assets would have helped – a best practices that the National Institute of Standards (NIST) has recommended of all companies.

    “Companies have all these devices in silos,” Guy said, adding that when managers ask for the inventory numbers on the devices, they get different numbers from the Active Directory person, the patch management department, the endpoint management team, and the person who manages the vulnerability scanner.

    “The numbers are all different and they overlap in very complex ways,” Guy said. “We import inventory from all existing sources inside the organization and go through the correlation process and present the converged inventory. For the first time the customer sees the total number of devices in their environment.“

    By having the asset inventory information, companies can now see in real-time when the device counts change. For example, Guy said when an executive spends a full morning at an off-site meeting and may change conference room locations three or four times, the system will register the IP address of the Wi-Fi system the executive uses at each location and flag them if the IP address is on a blacklist. Simply knowing where their assets are and the last IP address used is valuable information during an incident response investigation, added Guy.

    The initial funding was headed up by SYN Ventures, with participation from .406 Ventures, Accomplice, Bill Wood Ventures and fama Ventures.