Area 1 Security, a two-year old Valley startup not yet out of stealth, just
raised $8 million for a product that is meant to stop the most impossible
hacker attacks, something called "social engineering."
Social engineering is basically lying to trick people into giving away their
passwords or to visiting a malicious website. If hackers are trying to break
into a specific network (a "targeted attack") they are going to lay traps that
the target is likely to fall for.
This could be via email (known as "phishing"), malware-laced ads
("malvertising") or planting whole malware-laced websites that look
authentic but aren't ("watering holes.")
It's very difficult to come up with a technology solution to protect against
targeted social engineering because it manipulates human nature itself.
But after learning tricks from the NSA, Area 1's co-founders think they've
got the solution. It's a cloud service that basically watches the whole
Internet and can then detect when something fishy (phishy?) is going on at
a particular company.
"The hardest thing a human can do [when hacking] is to pretend to be
normal. There's all of these subtle behaviors when someone is being
attacked, deviations when they go to banking sites, search the web," CEO
Oren Falkowitz tells us.
Area 1 isn't the only security company working on this. FireEye made its
name with a product that protects against a similar kind of targeted
attacks. And the whole field of "anomaly detection" security is decades
old.
But because Area 1 is watching the whole internet, not just looking at data
inside the company, it thinks this service will perform better.
"We look outside of companies," to see where websites, emails, or ads are
coming from and if they are behaving weird. If so, it can block them or
take other actions, depending on how an IT department has the service set
up.
The three founders met a few years ago during stints with the NSA.
"We've all gone on and done other things since our time there. We wanted
to go after root cause of hacking, social engineering attacks. This would
be the holy grail of solutions. When attackers can’t manipulate people,
they can’t ucceed in attacks," Falkowitz says.
This latest round was led by Ted Schlein at Kleiner Perkins, with total
raised so far at $10.5 million. Other VCs include Allegis Capital, Cowboy
Ventures, and Data Collective, plus angels like Shape Security CEO Derek
Smith.
Source:Business Insider
No comments:
Post a Comment