If venture firms still had any doubt about the cybersecurity field as a good prospect for investors, the ongoing wreckage inflicted by hackers on entertainment giant Sony over the past month may put those doubts to rest. Sony has seen everything from corporate salaries to its executives’ snide e-mail comments about President Obama and Angelina Jolie exposed by the hackers’ leaks. It has just canceled release of “The Interview,” the film that was the apparent target of the computer network invaders.
It didn’t take a catastrophe on the scale of Sony’s, however, to get some VCs interested in the field. Kleiner Perkins Caufield & Byers general partner Ted Schlein, who came to KPCB after helping Symantec develop its commercial anti-virus software, has since backed a roster of security software startups. His latest bet is Menlo Park CA-based Area 1 Security, whose $8 million Series A financing, led by Schlein, was announced on a mid-December day when Sony was writhing under an onslaught of news stories mined from millions of formerly guarded company documents and e-mails.
Area 1 CEO Oren Falkowitz (pictured above) says he co-founded the company in 2013 to concentrate on the crucial first steps in such a major cyber attack—the moment that even a single company employee clicks on a dicey link and unwittingly opens a doorway to intruders eager to install malware.
“It only takes one,” says Falkowitz, who learned to observe patterns in these e-mail lures when he worked for six years at the National Security Agency, whose mission includes preventing foreign enemies from tapping into sources of U.S. government information that are key to the nation’s safety. Falkowitz’s co-founders include fellow NSA veterans Blake Darche and Phil Syme.
Falkowitz says people are extraordinarily vulnerable to hackers’ tricks, such as deceptive online ads and e-mails that look like they come from your bank or a colleague. Sometimes the intruders send messages from legitimate websites they have hijacked to serve their purposes.
“If a hacker sends a malicious e-mail to as few as 10 people, there’s a 90 percent success rate of one of those people clicking,” Falkowitz says.
Once the intruders gain entry, they can take advantage of the first employee’s access to the company computer network, gradually inserting files and extending their reach, Falkowitz says. In a major attack like that at Sony, hackers may have been inside the network for nearly a year, he says.
Area 1 is developing security technology to detect the characteristic methods used by hackers to manipulate people into clicking a dubious link. These messages deviate from normal patterns of communication, he says.
“If you can stop the first phase—the e-mail part—then you can prevent the greatest damage.”
Area 1 Security is now working in pilot mode with banks, energy companies, retailers, and other large concerns to gain feedback on its technology, Falkowitz says. The Series A round brings the startup’s fundraising total to $10.5 million. Investors who contributed to Area 1’s seed financing have also participated in its Series A round. They include Allegis Capital, Cowboy Ventures, Data Collective (DCVC), First Round Capital, RedSeal Networks CEO and former Venrock partner Ray Rothrock, and Shape Security CEO Derek Smith.
The new capital will help Area 1 Security continue an expansion of its staff, which will number 15 by the beginning of 2015, Falkowitz says.
The increasing use of mobile devices has made companies even more vulnerable to hackers, who use new technologies as fresh vectors to insert their malware, Falkowitz says. Staffers often load their work files onto phones and tablets so they can work remotely—sometimes connecting to the Web through unfamiliar Wi-fi connections.
“They remove themselves from the safe environment at work, do something at home, and then bring that right back inside the company,” Falkowitz says.
Established cybersecurity companies are retooling to handle the changing technological inroads for hackers, the changing nature of cyber attacks themselves, and the challenge of early detection.
The ongoing string of cyber attacks at major companies, including Target and Home Depot as well as Sony, has heightened awareness of the potential losses in both dollars and reputation, Falkowitz says. Companies are now more willing to spend time and money to protect themselves, he says.
“The market is just growing exponentially for the ability to control these kinds of losses,” Falkowitz says.
