I spoke recently with John Cassidy, Co-Founder and CEO of King & Union, about the inspiration that led to the formation of the company. King & Union’s Avalon product enables security analysts to collaborate across organizations in threat assessment. For Cassidy, the idea emerged from working in a number of different government-facing roles.
As a participant and executive in the development of DHS’s Einstein 3 at various telecoms companies, Cassidy was struck by how little opportunity there was for communication and coordination between security teams at different organizations. “I would watch people ineffectively working together, in silos, spending billions,” said Cassidy. “They were working for their own protection, but there were duplicating work being done elsewhere. Or, there were so many times that if an analyst had insight into something going on in another place, it would save everyone a lot of time and heartache. There had to be a better way.”
From this insight, Cassidy and his co-founder sat down to brainstorm how to make a better collaborate SecOps toolset. “Part of the burnout we see so often in SecOps is coming from a lack of good quality information,” Cassidy added. “We kept that issue in our sights as well. We felt if we could help security analysts collaborate and evaluate alerts in real time in multiple organizations, we could reduce stress levels quite a bit.”
The result was Avalon, a SaaS workspace in the cloud that enables analysts to visualize threats. With Avalon, analysts can collaborate in real time and manage data without being constrained in their individual bank or government agency silo. “They can go ‘across the aisle,’ as we like to say here in DC,” Cassidy said. “Analysts can use Avalon to cut across vertical sectors. A gas company’s SecOps team can talk to a bank’s. The bank can talk to the government. All three can share their most important security information in a trusted space.”
Avalon consists of groups. Some groups are publicly visible. Others are private. Joining a collaborative group involves a process of identity verification. Inside a group, members can share their findings about threats and other issues in their security landscapes. They can “enrich” findings from others with added data. The tool makes it possible to connect threats, malware signatures and so forth.
That way, an analyst can look up a threat and see, for instance, that it’s already been detected and remediated in another place. Avalon will auto-populate information and show relationships between threats. Users can did into the data and discover the IP address the threat comes from and so forth. This saves time and increases the effectiveness of the SecOps team’s response capabilities.
Avalon can integrate with other tools, such as Alienvault or Crowdstrike. “We want to help teams do better with the tools they have,” Cassidy said. “Our goal is more extensive, productive collaboration in SecOps.”