Shine Security Is Reinventing The Antivirus Company For The Age Of Zero-Day Attacks

Launching today at TechCrunch Disrupt San Francisco, Shine Security is reinventing the idea of what it means to be an antivirus company in an age of cyber-warfare and zero-day attacks. The company’s technology was built by white hat, ethical hackers, and works in real time, performing behavioral monitoring on end users’ systems in order to stop newly emerging threats that other anti-virus firms have yet to discover or identify.

It may be easier to understand what Shine Security is, by first explaining what it is not. Unlike traditional anti-virus/anti-malware providers, Shine doesn’t use definition files or virus signatures (like Symantec, Kaspersky, McAfee and others); it doesn’t analyze code in search of patterns (like Lookout), nor does it use “sandboxing” techniques where files and bits initially run in a protected space for milliseconds to help determine whether or not the code is malicious.

Instead, Shine Security performs real-time behavioral analysis on the device itself. It monitors every event taking place using machine learning algorithms that identify new threats moments after they occur. Of course, that means it can’t stop the very first steps that a particular piece of malware may take – the activity that helps Shine identify it in the first place. But that’s where the company’s other breakthrough comes in. Devices running Shine can “self heal” after malicious code runs, and is then stopped.


This is different from doing a restore from backup, like you can do today using things like Apple’s Time Machine, for example. Where that wipes a section of the operating system itself, and re-installs things that were saved before, Shine is actually rolling back the specific damages and code changes step-by-step.

If all this activity sounds very processor-intensive, Shine CEO and co-founder Ron Porat claims that’s not the case – they’ve figured out how to make it work using less than 1 percent of the CPU.

Porat started hacking at age six, he says, but after taking a break in his teens, he ended up going to university for archaeology, not anything in the computer sciences. However, after serving in the Israeli army and later working for the Israeli antiquities department, he found his way back to his preferred hobby. He started a security company, Hacktics, in 2004, which was acquired by Ernest & Young in 2011. He also founded and sold Seeker Security, another security startup focused on application security, acquired by Quotium Technologies last year.

With Shine Security, Porat now wants to redefine what it means to be an anti-virus company. “We’re changing the laws of physics in the world of anti-virus by coping with viruses on the fly,” he says. “The most challenging thing is to run machine learning on the device – it’s supposed be very intensive on the CPU, but we managed to do that very nicely without stressing the device…Then there’s a brain that resides as a hive in the cloud that collaborates the work on each of the devices together.”

This is another aspect to Shine technology that makes it different – it doesn’t focus on just protecting devices, it focuses on protecting people. The company lets users manage all their many devices from a central point, including those from others in their family. As Porat explains, often when a hacker is attempting to target a specific individual, they look for the weakest point in their network – like, for example, a device one of the kids is using. Shine Security calls this concept “Entity in Motion.”

“At work, I’m a user and I have several devices. At home, I have several devices,” says Porat. “Shine looks at me as an entity, not as a user. It sees all my devices and can protect me at home and at work in the same way.”

Based north of Tel Aviv, Shine Security was also co-founded by COO Oren Farage, who brings a governmental security background to the company, and Alon Blayer-Gat, who has extensive experience in R&D, previously as the technical GM of Comverse in Japan. The team holds very high security clearances, and has done work for banks, telcos, governments, homeland security agencies, and other businesses.

The startup today has 24 employees, and $3.3 million in seed funding from Li Ka-shing’s Horizons Ventures and Roi Carthy’s Initial:Capital. (Disclosure: Carthy previously contributed to TechCrunch in earlier years. Carthy is not involved with selecting Disrupt finalists.)  

Today at TechCrunch Disrupt, Shine Security is releasing the Android version of its service, with plans to release the completed Windows version next, to be followed by versions for Mac OS X and iOS in the coming months. Users will be able to download the Android version for free here. The business model will be freemium, where advanced features – like the self-healing capabilities – will be offered for a yet to be determined price. In addition, the company is working with OEMs on pre-installations, and a service for businesses.

Question & Answer From Disrupt Judges

Judges: Patrick Gallagher (Crunchfund), Julia Hartz (Eventbrite),
Rick Klau (Google Ventures), Matthew Prince (CloudFlare)

PG: It looks like you’re capturing signatures? Are you finding new attacks on the fly? Do you have false positives?
A: Protection is not based on signatures, it’s based on machine learning and AI. Our protection rate is 96% and traditional antivirus is 50%.
PG: Are you tracking everything I do on my phone?
A: You’re giving us nothing, everything is happening locally on your device.
MP: Running an AI engine on the phone burns the CPU, which burns battery life. How much battery life hit are you taking?
A: We’ve changed the laws of physics. (MP incredulous). You can download it and see. We take less than 1 percent
battery life…We determine what’s bad or good back in the lab, just the brain is installed on device. It just runs when we have to inspect something.
MP: How big a problem is this really? I don’t think we can point to one person who’s had this problem. Locked down, controlled app stores have eliminated the widespread distribution of malicious apps. Is this something Google should be solving?
A: They should. 25 percent of apps have malicious activity of some kind. Many applications in our lab are coming from official app stores and have malware.
RK: A year ago, a carrier had preinstalled spyware on their devices. You’re creating a mapping for that user of all the devices they have – that worries me as a consumer. How are you mapping that?
A: As a user, you have to do that actively. Users have to install Shine.
Q: But who has access to my data?
A: No one, not even us. We can’t see what happens on your device. We’re not picking up events and when you do changes. It’s something that happens locally. We’re not trying to mess with privacy – this is what we’re protecting against.