Imagine a scant year or so later your tiny security company – still in stealth mode – is acquired by security giant for millions of dollars because your technology is unique.
Well imagine no more!
The start-up was called Hyperwise and the security giant is Check Point. The technology is ‘CPU level Threat Prevention’ – it will stop malware infection at a low level before it executes.
I met with Nathan Shuchami – a co-founder of Hyperwise and now head of Threat Prevention for Check Point and Christopher Rodrigues, Marketing Manager of Check Point ANZ.
What Nathan was talking about is well above most of our pay grades but I will attempt to paraphrase.
Various governments are actively working on cyber warfare – the ability to exploit zero day and even known exploits in operating systems or programs. They are doing this to keep an eye on other governments, corporations and influencers. These white hat hackers (after all governments are basically benevolent – no?) can be lured by organised crime as well to use government developed technology developed to attack enterprise.
Virus/malware comes in two basic file types. An .exe (executable program file) and buried inside data (like a PDF, Word, Excel or PowerPoint document. It is relatively easy to detect .exe attacks via signature based systems. It is much harder to detect to detect malware hidden inside data.
The aim of any malware delivery system is to bypass existing security systems, to gain privileges from the operating system using ROPE techniques to do something – download other malware etc., and to then carry out the threat. These exploits are sometimes new – called zero day exploits, or can be year’s old if the system has not been patched properly.
The threats can come via email (STMP and MTA), Browsers (HHTTP/s) and files stored on USB, or via Wi-Fi and BYOD. Or someone in an organisation has been bribed to introduce the file. “Criminals know that someone in any reasonably sized organisation will open a cleverly crafted spear phishing email no matter how well educated the staff may be,” said Nathan.
Check Point have a way to intercept all that network traffic before its executed at CPU level and using Hyperwise technology can check it – either on premise if you have one of its hardware devices, or in the cloud.
“Two years ago sandboxing was the latest technology – running everything inside a virtual machine that could not harm the real machine – but it’s too slow. Our solution adds only a few seconds – immaterial in the case of email or browsing. The solution is elegant – payloads are removed before they do damage,” said Nathan.
Nathan left me with a sobering thought, “We have cured this type of exploit but it won’t be long before attention turns to the Internet of Things – we have been speaking about this for more than three years and its now becoming a reality. What about that Jeep that was hacked? It is the next new frontier.”
“I would hate to be a chief information security officer at a big company – it is not a case of if they will be attacked but when. Forutnately Check Point has 24% of these large companies as clients and has become both the best of breed and a one stop shop,” he said.