Of all the IT threats facing consumers and organizations today, zero-day attacks are some of the most serious: by definition, security teams do not have patches in place for zero-day vulnerabilities; and that means zero-day attacks can take, on average, 10 months to bring under control.
Cyvera, a cyber security company out of Israel, is hoping to change that. It has crafted a new approach to combat zero-day attacks, using the coding equivalent of military-style guerilla obstructive defense techniques. Today it’s announcing an $11 million round of funding to expand its business.
Led by Battery Ventures and with strategic participation from an unnamed, top-10 U.S. tech company, others investing include serial investors Prof. Ehud Weinstein and Dr. Ofir Shalvi (both co-founders of Apple-acquired Anobit Technologies, among other things). Prior to this latest round, Cyvera had raised $2.1 million from Blumberg Capital after launching in March 2012.
Netanel Davidi, co-founder and co-CEO of Cyvera, says the new U.S. tech investor wants to keep its name out of the picture but he notes that it’s one of the top, U.S.-based players in both hardware and software. (He did however rule out that the investor was Apple, given the participation of the two Anobit co-founders.)
Several of Cyvera’s founding employees have experience in computer forensics and proactive as well as defensive management roles within Israeli Intelligence. Drawing on that, the startup has effectively taken a war-game approach to how it identifies and deals with malicious intruders. This stands in contrast with the architecture of many of today’s security solutions, which are built around firewalls and subsequent black- or whitelists. “Most of the solutions today are focused on the identification and detection approach, whether they are endpoint or network solutions. They will always look for something bad or abnormal behaviour, and flag something wrong,” ,” Davidi said in an interview. “This is good, but not good enough.”
What Cyvera offers instead, through its TRAPS (Targeted Remote Attack Prevention System) flagship product, is a client-based platform. As Davidi describes it, this is a 16-point system of controls that, rather than try to block or monitor and identify everything that comes through, it effectively creates obstacles that will stop or slow down malicious intruders enough so that they can subsequently be eliminated before they ever touch sensitive servers. “It’s a unique approach which is that instead of trying to identify attackers, we attract them first.”
As Davidi spoke, I was reminded more than once of video games involving dungeons, and trips to old castles in Europe, where you see the constricted spaces and mazes that get constructed not only to keep intruders out, but also to isolate them to make them easier to attack once they are there.
Some of it is bordering on medieval in its imagery: “If someone wants to climb on the gutter to get in a winder, we monitor the window, but we also heat the gutter to a temperature so that it cannot be touched,” Davidi noted. On top of this, Cyvera’s system constantly evolves the obstacles. (This latter part is aided with data from Reflector, another product of Cyvera’s, which uses forensics evidence for post-prevention study and deep analysis.)
For now, the system works on Windows-based servers and devices, “because Windows keeps being the biggest threat even as organizations are moving to use other devices,” he noted. “The core of the network is still windows based,” and many of the major zero-day attacks have been on Windows-based systems. Going forward, there are plans for MacOS-based systems by the end of this year, and by Q2 of 2014, there will be Android and Linux solutions out as well.
The company, based out of Tel Aviv, will also be using the funding to ramp up its U.S. operations, based out of San Francisco, and also to work on a more consumer-focused solution to complement the product it currently offers for enterprises. The consumer product, he said, will have some similarities to the current Cyvera offering, but will also provide a crucial extra component to the company: big data. “We are building a database of exploits and zero-day attacks, and a consumer solution will allow us to add more data points to that.” He expects that with a sales partnership now in place with Intel’s McAfee, the company will likely take 2-3 years to achieve a critical mass of information in that database.
In the meantime, attacks are on the rise. The Ponemon Institute says that cyber attacks increased by 42% in 2012, with companies it surveyed reporting two “successful” attacks per week, resulting in costs of $8.9 million a year on average — and of course sometimes much more, and often outweighed by damage to reputation.