The company’s technology creates a deep statistical model of what normal operations look like in an organization—how files, machines, and users are related, for example, and who uses what, when. Then it tries to detect “malicious operations” in progress and suggest ways to stop them. Using machine learning, it tries to adapt to new hacking behaviors and anomalous activity—and it also tries to help customers visualize the full scope of an attack.
Div says in the past year his company has discovered more than 10 “full-blown attacks,” involving what’s known as advanced persistent threats and adversaries on the other side (some of them previously unknown). He says he’s hearing about ransomware from every customer. “The first [case], we managed to find it and stop it, and we didn’t know it was ransomware. We found it by behavioral analysis,” he says.
And that’s a key to stopping future attacks: defense systems need to be adaptive and resilient. “Companies are still thinking about it as an IT problem,” Div says. Today it’s ransomware, and “tomorrow it will be something else.”
Rogue Devices, Shadow Environments
In the Internet of Things era, that “something else” will have billions more devices to target. Part of the idea of virtual and physical security converging is that all these devices and their networks can get hacked from the real world, not just from behind computers.
Hackers can drop so-called “rogue” devices into a wireless network to gain unauthorized access to private information—passwords, credit card numbers, and so forth—or allow them to connect other devices to the system. And given the phones, tablets, and other gizmos that employees bring to the workplace, it’s getting harder to track all the vulnerabilities in corporate networks (think printers and older devices that don’t get updated, too).
That’s where a company called Pwnie Express comes in. The Boston startup was founded in 2010 by chief technology officer Dave Porcello, who originally developed a device to do penetration testing for his Vermont insurance company’s IT system. Pwnie (pronounced “Pony”) Express now sells portable hardware and software that detects unauthorized or suspicious devices that are on or near a company’s network, and displays any trouble spots on a cloud-based dashboard.
That includes things like keystroke loggers, card skimmers, and anything else that shouldn’t be near a network or access point. The technology acts sort of like a surveillance “video camera for the digital domain,” says .406 Ventures’ Dracon, whose firm was an early investor in the startup. (Pwnie Express appears to have closed $6.9 million in new funding this week, according to a regulatory filing; the company has raised at least $12 million to date.)
As Dracon and others point out, all these vulnerabilities and proposed solutions are causing confusion for customers, who just want their security problem solved, whether it originates from a nearby device or a hacker across the globe.
“There are 1,400 products on the market, and they all do similar things,” says Ernesto DiGiambattista, the CEO and co-founder of Cybric, a Boston security company that’s just ramping up in the crowded market.
Founded last year, Cybric is the latest example of a company trying to unify cybersecurity offerings and help organizations manage their overall security strategy. In a nutshell, the startup is trying to “virtualize” security and separate it from the business operations and software development units of a company—similar in spirit to the virtualization of servers, storage, and operating systems in enterprise IT.
Cybric does this by spinning up a “shadow” environment in the cloud that replicates an organization’s network and processes—everything from source code to perimeter security—and runs tests on that to detect threats, says Andrew Gilman, Cybric’s co-founder and chief operating officer. The startup helps aggregate best-of-breed tools from outside to do the testing. The goal is to be comprehensive and continuous about scanning for vulnerabilities and updating the security system, without disrupting the business, he says.
In theory, a customer could use tools from a Veracode or Black Duck Software, say, to scan code for vulnerabilities, and also use a Rapid7 or IBM Security tool for penetration testing or incident detection. Cybric says it has its own software for those purposes, too. The company notes that it helps customers apply security policies automatically—things like not letting developers merge code until it passes a test. The technology tries to be “adaptive and proactive” about fixing vulnerabilities and ensuring compliance, DiGiambattista says.
It’s still early for the 15-person company, which has raised $1.3 million in seed funding led by Petrillo Capital. Cybric will have to prove that its system really makes it easier for customers to manage their security needs—and that it can help them detect threats and ward them off as effectively as it claims. But there seems to be a need for “security as a service.” And if the company can land some big customers and show that its approach reduces cyber risk, the market could be wide open.
“Security has become a mainstream problem,” Dracon says. “It used to be the only people who cared were in a back closet wearing hoodies. Now, everyone from the office manager up to the chairman of the board are aware of the problem.” He adds, with some understatement, “It’s going to be a big industry over the next decade.”