Leen Origins: Our mission and vision for security

Leen Security
March 21, 2024

Our mission

To be the best devtools company in the world for security teams.

In the ever-evolving landscape of cybersecurity, one thing has become abundantly clear: security is fundamentally a data problem.

This realization has been echoed by experts time and again.

As organizations embrace digital transformation, security becomes increasingly intertwined with data. Protecting this data from cyber threats requires a holistic approach to security that starts with understanding the data problem.” – Jay Chaudhry, CEO of Zscaler

The crux of the issue lies in the sheer volume and complexity of data that security teams must contend with on a daily basis. From network logs and endpoint telemetry to threat intelligence feeds and user behavior analytics, the deluge of information can quickly become overwhelming.

Ingesting, parsing, analyzing, and acting on security data at scale requires modern security teams to adopt engineering approaches. Implementing an engineering approach to security requires teams to be able to programmatically interface with their security stack.

However, what compounds this challenge is more than just the volume of data but also the array of tools devised to handle it.

Each tool generates its own set of data, often in different formats and with varying levels of granularity. As a result, security engineers find themselves grappling with disparate data sources that resist easy integration and analysis.

What's more, the interconnected nature of the modern tech stack means that security data is inherently interdependent. For example, a security event detected by one tool may have ripple effects across multiple systems, each generating its own trail of data.

This tangled web of interconnected data presents a significant challenge for security practitioners, who must sift through mountains of information to identify meaningful patterns and anomalies.

Moreover, the siloed nature of many security tools exacerbates the problem, as valuable insights may be buried within individual data sets, inaccessible to other tools or analysts.

And we've barely scratched the surface of the substantial costs associated with employing in-house developers or engaging service providers, which can range from hundreds of thousands to millions of dollars to kickstart all of this.

Addressing the data problem

While several personas within security suffer from the problem of managing large amounts of data, engineering-focused security teams and security products represent underserved segments within the market. Every startup needs to start with a focused approach and the demand we heard for a scalable solution to security integrations and data pipelines from security vendors convinced us that this was the right segment to start with.

Engineering-focused security teams typically have highly specialized needs that may not be adequately addressed by off-the-shelf security solutions. These teams often require advanced capabilities and customization options to meet their specific requirements, such as integration with proprietary tools or automation of complex workflows.

Many security products prioritize serving broader market segments. The workflows they build for their customers often depend on integrations with a broad range of security tools adopted by their ICPs. These teams have limited options to integrate with and build workflows on top of data from other security tools.

There are 1000s of security vendors today and the landscape is experiencing rapid expansion and evolution, with new vendors and solutions entering the market at an unprecedented rate.

One of the key pain points for these vendors is the lack of standardization and interoperability among security tools. Each vendor may use proprietary data formats and protocols, or rely on data from various security tools and systems to provide comprehensive insights, making integration and reporting complex and time-consuming.

But what if there was a standardized interface for accessing and manipulating security data regardless of its source or format, abstracting away the complexities of data integration – enabling engineers and product managers to focus on building security apps rather than wrestling with data wrangling?

What if you could create unified data schemas for various subcategories within security, establishing common standards for representing and contextualizing security data, as well as facilitating collaboration and knowledge-sharing across disparate teams and tools?

Nine months ago, we were asking ourselves the same questions.

We held exploratory conversations with 100+ security leaders, founders, and practitioners regarding this thesis.

It quickly became apparent to us that there’s an increasing appetite for a unified approach to security data management – rather than relying on a patchwork of disparate tools, there is a growing demand for centralized platforms that can aggregate, normalize, and correlate data from across the security stack, regardless of its source or format.

Today, we’re super excited to introduce Leen, a unified data API for cybersecurity 🥳

We envision being the data mesh that connects sources of security data and the engineers and product managers tasked with making sense of it.

Before we proceed further, it’s important to understand two concepts and how they are related – unified APIs and Common Data Models.

Unified APIs

A unified API platform allows you to manage integrations at scale, save developers time, delight end users, expand into new markets, empower your go-to-market teams, and build customer loyalty.

Let’s take the example of Plaid: Plaid offers a suite of APIs that enable developers to easily integrate with financial institutions and access banking data, facilitating services such as account authentication, balance inquiries, transaction histories, and more. By providing a unified interface to interact with thousands of financial institutions, Plaid streamlines the integration process for developers, saving them significant time and effort.

For end users, Plaid's integrations enhance their banking experience by offering seamless access to financial data and enabling innovative financial applications such as budgeting tools, investment trackers, and lending platforms. This delight in user experience fosters loyalty and encourages continued usage of the integrated services.

Common Data Models

A common data model contains a uniform set of metadata, allowing data and its meaning to be shared across applications. In addition to the uniform metadata, a common data model includes a set of standardized, extensible data schemas that include items such as entities, attributes, semantic metadata, and relationships. Once all the elements of the common data model are defined, methods to access and operate on the data are developed so that all applications can use these same, standardized procedures.

Let’s take an example from the healthcare industry – Fast Healthcare Interoperability Resources (FHIR). FHIR defines a uniform set of metadata, including standardized data elements such as patient demographics, clinical observations, medications, and procedures. Alongside this metadata, FHIR provides standardized data schemas that encompass entities, attributes, semantic metadata, and relationships within healthcare data.

By adhering to the FHIR standard, healthcare applications can share and interpret data consistently across different systems and organizations. This standardization facilitates interoperability and enables the development of applications that can access and manipulate healthcare data using standardized procedures, ultimately enhancing the efficiency and effectiveness of healthcare delivery.

Unified APIs and Common Data Models in Security

Unified APIs and common data models play crucial roles in enhancing security operations by facilitating interoperability, consistency, and efficiency across various security tools and systems.

Unified APIs, such as those offered by platforms like Plaid in financial technology or others like Stripe in payment processing, streamline integrations by providing a standardized interface for accessing and interacting with diverse security tools and technologies.

Similarly, in the context of security, a unified API platform offers a centralized hub for integrating and managing various security solutions such as firewalls, intrusion detection systems, and endpoint protection tools.

This unified approach saves developers time and effort by offering a single integration point, thus reducing the complexity of managing multiple APIs and custom integrations/actions (at scale, this typically drives security practitioners crazy!), and not to forget accelerating product roadmaps.

In security, a common data model defines uniform metadata, data schemas, and relationships for describing vulnerabilities, threats, entities, and other relevant information. By adhering to a common data model, security applications can ensure consistency and interoperability in how they interpret and exchange security data, regardless of the specific tools or systems involved.

Leen’s common data model represents data from various security products such as Qualys, Tenable, Snyk, Crowdstrike, SentinelOne, MS Defender, and many more. We offer data models tailored to specific sub-categories within the security landscape (think VMS, IAM, Endpoint, CSPM, MDM, etc), enhancing the organization and comprehensiveness of the data. Additionally, Leen extracts and tracks specific entities from connections, contributing to a more holistic view of security data.

Leen is here to help product-first security teams and security vendors simplify security data and their integration needs.

Reach out if you’d like to learn more or see a demo of Leen in action: https://calendly.com/leendev/leen-demo