4 Startups Driving Cybersecurity Innovation
Constant innovation is a constant within cybersecurity. Information technology evolves and bad actors adjust with new attack vectors. Cybersecurity must innovate to keep pace with both IT and attackers by improving cybersecurity tools. Product categories such as intrusion prevention systems (IPS), anti-spam, unified threat intelligence (UTM), security information and event management (SIEM), next-generation firewall (NGFW), endpoint detection and response (EDR), privileged identity management (PIM), and security orchestration, automation and response (SOAR) have emerged as required cybersecurity functions.
The development and emergence of new products is the result of someone identifying a need and building a solution. Every year, dozens of companies are founded to address emerging issues or to enhance existing offerings. Compiling data from Cybersecurity Ventures’ Venture Capital Investment reports finds that in 2020, 67 cybersecurity startups received $684.2 million in seed or Series A funding.
It is a valuable exercise to periodically investigate emerging cybersecurity startups to get a sense of the types of products that are in development. Many of these innovative products, or at least the concepts being explored, could soon become commonplace. Below are four early-stage startups with unique or novel solutions for both old and new cybersecurity issues.
Airgap Networks: Restricting Lateral Movement
Airgap Networks offers a cloud-based SaaS platform to virtually isolate communication between servers, endpoints, mobile devices, IoT components and other network-connected enterprise assets. This capability could be used to combat ransomware, which is one of the top concerns for enterprises. The ability to quickly discover a ransomware attack and limit its damage is considerably valuable.
Airgap monitors traffic flow between elements on the VLAN. Using multiple profiling methods, devices are identified and grouped based on certain characteristics. A zero-trust isolation capability only permits authorized traffic between devices, which blocks unauthorized entities from laterally moving through a corporate environment. This capability limits the damage suffered from a ransomware attack by preventing proliferation.
The solution is agentless, enabling it to protect both managed and unmanaged devices, and operates over both public and private networks. Complete visibility of traffic flows allows organizations to gain insight into the applications used. Endpoints may have hundreds of applications installed while only a few dozen are actively used. Profiling the data flow identifies those that consistently access the network.
A ransomware kill switch feature can mitigate the expansion of ransomware. Essentially, if malware on a compromised device tries to propagate itself, the ransomware kill switch halts such activities. This feature allows administrators to immediately (with a single click) stop all communications to and from an endpoint when malware is identified. The kill switch is configurable, adjusting policy settings to allow access to necessary applications. Organizations can integrate and automate the ransomware kill switch with existing security tools such as SIEM, SOAR and EDR.
Blue Hexagon: Uncovering the Unknown in the Cloud with Deep Learning
Organizations moving operations to the cloud require full security visibility. Blue Hexagon uses deep learning capabilities to provide expansive runtime visibility using real-time agentless cloud detection and response. The deep learning capabilities allow the solution to operate immediately, without field learning.
The HexNet architecture, powered by deep learning modeling, analyzes cloud configurations, network traffic, storage activities and user operations to uncover actionable security activities in real-time. Deep analysis of millions of traits compiled from headers, protocols and payloads can protect organizations against zero-day malware, ransomware, cryptojacking, lateral movement and other unauthorized activities.
Blue Hexagon’t technology comprehends threat characteristics to uncover highly suspect traffic and it learns from previous incidents to understand attack properties which can be used to identify unknown attack vectors. The system is trained on massive amounts of threat data to learn what malicious intent looks like. The solution explains its operations by generating predictive MITRE ATT&CK Indicators of Compromise. This information can be used by human analysts to improve incident response speed and accuracy.
odix: Disarming Weaponized Attachments
Cybercriminals often plant malware within attachments that their unsuspecting targets open, thus exposing an organization to compromise. E-mail security company odix provides a service which disables any embedded malicious code within the Microsoft 365 ecosystem. This makes it exceptionally easy for companies of all sizes to take advantage of Content Disarm and Reconstruction (CDR) technology without requiring additional security engines.
The odix TrueCDR technology sanitizes files by analyzing them at a binary level, disassembling the code, removing embedded code that does not belong and then reconstructing the files. Ultimately, this disarms harmful code without impacting content, functionality and properties. Attachments become safe to open, removing some of the need to rely on humans to make the correct decision.
CDR deep file inspection has advantages over traditional scanning or sandboxed anti-malware efforts. A binary-level CDR of the code allows malware to be removed without the need to know how the malicious code works; all that’s required is knowing the embedded code does not belong.
The odix solution can process files on removable media, on network folders and in email, including Office 365 mailboxes. Additionally, an API allows developers to embed file sanitization into third-party applications. TrueCDR does not interfere with other security solutions, including EDR and sandboxing, but instead complements investigations. Sanitized files are retained in their original form, allowing malware investigators to safely review the malicious code. Finally, the odix Management Server provides enterprises total control and visibility over the file sanitization process. Organizations can set security enforcement policies, permissions management and offers the ability for analytics and forensics.
XSOC: Symmetric Key Encryption Innovation
Cryptography is a “black art” for many, but it is critical for security. Commercial innovation has traditionally been limited to narrow, incremental improvements pertaining to the underlying encryption technology. XSOC Corp’s Extensible Secure Optimized Cryptography (XSOC) engine is a new, hybrid symmetric encryption engine designed to accelerate commercial cryptography to thwart sophisticated threat actors.
Traditional cryptographic methods are computationally constrained, have limited key lengths and rely on a variety of modules. The XSOC Cryptosystem uses “wave-form” (variable strength) encryption, injecting multifactor authentication data directly into the core of symmetric encryption key material. The result is personalized encryption with “survivable” MFA authentication that can remain with data.
XSOC Corp.’s encryption-based technology suite is designed to improve data security options ranging from open internet all the way down to the smallest of embeddable IoT and microdevices. The XSOC cryptosystem, with a minimum encryption strength of 512 bits, offers long-term protection meeting NIST requirements for resiliency against future quantum computers.
The cryptosystem offers many unique modes of operation and supports a broad range of real-world applications to secure data and communications. Examples include encrypted messaging, secure data backup, real-time and long term data protection, digital streaming media and ad-hoc network environments. XSOC offers micro APIs and an SDK to power existing software applications in many programming languages. XSOC can even be deployed in hardware and programmable microchips. The XSOC cipher core (algorithm) has been open sourced on GitHub, allowing for academic cryptoanalysis and peer review.
XSOC Corp. also offers an alternative to symmetric key-exchanges called SOCKET, an efficient N-tier system for sharing cryptographic key material. Originally designed for near-field/radio frequency (RF) and wireless networks, SOCKET incorporates UL Certified algorithms for fragmenting and rematerializing cryptokeys. Use cases for SOCKET include closed circuit cameras, private cloud VPN, drone-to-drone communications, unidirectional secure networks and intermittent ad-hoc network communications.
