Click Security Recognized as a Sinet 16 Cyber Security Innovator

Top Cyber Security Companies to Introduce New Technologies at SINET Showcase in Washington, DC, Dec. 3 – 4, 2014

The Security Innovation Network™ (SINET), an organization focused on advancing Cyber Security innovation through public-private collaboration, announced today the winners of its annual SINET 16 competition.  The companies, which were selected from a pool of 180 applicants from around the world, represent a range of Cyber Security solution providers who are identifying cutting-edge technologies to address Cyber Security threats and vulnerabilities.  The selected companies will share their work with buyers, builders, investors and researchers during the SINET Showcase on Dec. 3 – 4, 2014 at the National Press Club in Washington, DC.

The competition requires that revenues be under $15 million and this year’s applicant pool of early stage and emerging technology companies was the most competitive since SINET began the initiative six years ago.  The entries were vetted in a two-stage process by the SINET Showcase Steering Committee, which was comprised of 60 security experts drawn from government, academia and the private sector.

“I am proud and excited to once again partner with the DHS S&T Directorate as we recognize this year’s SINET 16 Innovators,” says Robert Rodriguez, Chairman and Founder of SINET.  “Only 16 companies were selected out of 180 applications by our esteemed committee so they might present their innovative solutions on stage in front of 400 investors builders, buyers and researchers. Of our four programs each year, Silicon Valley, New York City, Washington DC and London, the Showcase is my favorite as it has a clear deliverable in our mission to advance innovation in the Cybersecurity domain.”

“The continued robust investment and M&A activity are strong bellwethers that we are not only experiencing an exciting period in our lives but are a true testament to the dynamics of the Cybersecurity market, which highlights the continued need for innovative and hopeful solutions.”

SINET Showcase provides a platform for the business of Cyber Security to take place as emerging technology companies are able to present their solutions and connect with a select audience of nearly 400 venture capitalists, investment bankers as well as industry and government buyers.  The program, which is supported by the Department of Homeland Security, Science & Technology Directorate, also features commentary on the latest investment and Cyber Security trends from the industry’s foremost experts.  The program includes educational workshops, panel sessions, an interactive luncheon hour and a networking reception.

To register for SINET Showcase and to see a complete list of speakers and a program agenda, visit

SINET is a community builder and strategic advisor whose mission is to advance innovation and enable global collaboration between the public and private sectors to defeat Cybersecurity threats.  Its public-private partnership events are supported by the U.S. Department of Homeland Security, Science & Technology Directorate.  SINET also offers advisory services and a membership program that have helped build thousands of relationships and delivered value across a broad spectrum of the security community to include buyers, builders, researchers and investors.  For more information, visit  Connect with us on Twitter at @SINETconnection and follow all the news about this year’s SINET 16 and Showcase event with #SINET16 and #SINETDC.

Shellshock – 100 Years after WWI


The latest epic attack that has everyone’s attention is Shellshock (Bash Bug). In this blog, we’ll provide Click’s take on the vulnerability – as well as what we have done to augment Click Commander’s ability to detect it with Real-time Security Analytics.

Yesterday’s US-CERT announcement identified “shellshock” vulnerabilities involving OpenSSH sshd, mod_cgi, and mod_cgid modules in the Apache HTTP Server, and dhcpd.  Shellshock allows attackers to run deep-level shell commands on a vulnerable machine.  From there, attacks including denial-of-service that enable subsequent login credential guessing can be easily performed.  To learn more about the vulnerability, see CVE-2014-6271.

Has the vulnerability actually been exploited?  Absolutely.   Attempts have been made across the internet where attackers crafted custom web requests and sent those to Internet-facing web servers to either verify a vulnerability, or exploit the target immediately.

How did Click get on the scent?  The first clue surfaced by Click Commander was a Rare Event analytic alert – which notified our analyst that a Data Mining Unit (DMU) indicator of compromise had fired – and one that had never fired before.  A small example perhaps, but an example nonetheless, of how our system works to surface “disturbances in the force” that usually go unnoticed.  Even more interesting, before the Rare Event analytic fired, a BroNotice event indicating an HTTP Header Anomaly fired.  The header’s values fell out of range of our “baseline” of HTTP headers.  At this point, we had two analytics fingering the same “needle in the haystack”.

With a little Click Labs research, we learned that while Shellshock can use multiple attack vectors, attacking through the HTTP protocol is the most common, like this:

  1. Locate a web server running mod_cgi or mod_cgid modules that utilize CGI scripts – which invoke Bash
  2. Set the Bash vulnerability to execute the setting of environment variables
  3. Issue commands immediately following the setting of an environmental variable.

The commands of choice are, of course, limited to those available on the affected web server.  So far, commands including Internet connectivity checks, file reading / writing, and issuing separate web commands (new HTTP requests) have been observed.

With this knowledge, Click Labs quickly developed a new analytic that focuses on HTTP protocol anomalies – one that surfaces even more indicators of compromise presented by commonly used event sources.

Heartbleed was a good one.  ShellShock is even better.  Is this the last one?  You know the answer.  But, this is another example of how Click Commander provides a rapid analytics deployment solution that not only adapts to new attack vectors (or more accurately a very old one but newly exposed) – and can be tied to other analytics such that dangerous actors can be exposed quickly with far less chance of a false.

Perhaps best of all, though, is how Click Commander made it incredibly easy for an analyst to take publicly presented indicators and search our data cache for relevant activity.  It was super fast to determine if we’ve ever seen these indicators before.  A big value for analysts who are usually too swamped to achieve this level of analysis and action at all – let alone fast!

Las Vegas — Here We Come!

Click will be full force in Las Vegas next week.  Check out our booth & speaking schedule below – come see us!



BSides Las Vegas
Tuscany Suites & Casino
David Dorsey & Mike Sconzo
“Cluster $#@! – Actionable Intelligence from Machine Learning”
Tuesday, August 5th at 3:30pm

bh logo

Black Hat USA 2014
Mandalay Bay
Business Hall – Shoreline A
Booth #959
Wednesday, August 6th 10am – 7pm
Thursday, August 7th 10am – 5pm

ISE-logo-Lions-Den (1)

ISE Lion’s Den & Jungle Lounge
Vdara Hotel & Spa
Wednesday, August 6th  3pm – 6:30pm

defcon22 logo

DefCon 22
Rio Hotel & Casino
David Dorsey
“Why Don’t You Just Tell Me Where The ROP Isn’t Supposed To Go?”
Friday, August 8th at 5pm

Click Security adds new Senior Vice President of Sales


Company Positions for Sales Expansion in Big Data Security Analytics


Lawhorne_PrestonFAUSTIN, TX – July 14, 2014Click Security, a leader in advanced threat detection, today announced Preston Lawhorne has joined as its Senior Vice President of Sales.

“We are excited to have Preston join the Click Security team,” said Marc Willebeek-LeMair, CEO and co-founder.  “He is a seasoned security sales veteran with a strong track record of ramping early stage security businesses to high revenue growth.  With our recent product improvements around expanded analytics, scalability and ease of use – as well as the growing market acceptance that big data security analytics is an important movement – we are poised for strong sales growth, and Preston can help us tremendously.”

Lawhorne is a 40 year tech veteran with experience in building sales strategy and successfully executing go to market plans. Building some of the industry’s most successful “high octane” security sales teams, he has held key leadership roles in businesses including Burroughs/Unisys, Data General/EMC, Oracle, McAfee – and security startups including TippingPoint and LogRhythm.

“I’ve been a part of several important waves in enterprise network security over the years.  There is another wave in front of us as organizations realize spending on traditional prevention technologies alone is not stopping today’s adversaries and their methods”, said Mr. Lawhorne. “I’m excited to be part of Click Security because I believe their solution fills a gap left by today’s traditional security products – and can fundamentally change how we automate the early detection, analysis, and continuous monitoring of advanced threats.”


About Click Security

Click Security’s Click Commander runs real-time stream processing analytics against pre-computed log, network, and file/artifact data sources; automatically produces analyst start points with automated actor/event / relationship views; and provides a full attack activity framework – where analysts can interactively visualize, prune, and augment big security data.  Now analysts can gain true security visibility, automatically build rich context around otherwise independent and inconclusive product alerts, detect attack activity missed by traditional security products, and automate the hunt for the unknown.  Please visit us at for more information or follow us @clicksecurity.