Skip to main content

YC-Backed Cymmetria Uses Virtual Machines To Decoy And Detect Hackers



YC-backed Cymmetria, which is uncloaking from stealth now after around a year working its cyber security startup business, wants to tilt the traditional security odds so it’s hackers who are left feeling vulnerable and on their guard — by giving the businesses whose systems are under attack a ‘home advantage’.

How does it flip the attacker/attacked dynamic? By creating decoys which are embedded into the network and designed to draw hackers to them, making it quicker and easier for a business to detect and mitigate a security breach. And harder for a hacker to know what’s what.

“I’ve been sitting on this idea for several years, really, waiting for the right timing,” says co-founder Gadi Evron, who used to head up the Israeli government’s Internet security operation, and has also worked in senior security roles for PwC and Kaspersky.

“I got somewhat exhausted with the security industry. From various directions. In a way we’re very defeatist — we go to work everyday knowing that the attackers will succeed if they just want to. That eventually they will get in. Two and a half years ago people started saying the words ‘assume compromise’. Assume the attacker’s already inside. And then suddenly we all discovered that is not just the perception but rather the reality of how things actually work.”

High profile hack attacks make the news every week. Right now the attention is on the U.S. Office Of Personal Management data breach. Last year a massive Sony Pictures hack which leaked all sorts of salacious celebrity gossip into the public domain via a dump of the stolen emails turned into a media feeding frenzy. A huge breach of retailer Target’s systems in which millions of customer credit card details were reported compromised, back in 2014, has cost the company some $162 million purely in expenses — minus any class action lawsuits. Earlier this year health insurance provider Anthem fessed up to a data breach likely compromising the personal data of tens of millions of its customers. The list goes on.

“Every day there is another data breach,” says Evron. “That was very frustrating for me personally.” Cymmetria was born out of that sense of frustration — with the team hoping to shake up a reactionary status quote by doing something “inherently different in the security industry”, as Evron puts it.

Their focus is APT attacks. Aka: advanced persistent threats — where attackers, perhaps State-sponsored, are aiming to get into a network and lurk undetected for a long time in order to steal large amounts of data.

“The first value proposition is essentially one alert — one critical alert,” he says, explaining how Cymmetria works. “Current solutions generate thousands upon thousands of alerts every day. We generate one because our decoys are real machines and nothing should run on them except for what we put on them. Which exactly means that if anything now runs on that computer that is not ours that is a 100 per cent indication there is an attacker now in the network. There are no false positives.”

At that point Cymmetria also performs forensic analysis on the attack, and offers an action plan on how to mitigate it — using a company’s existing systems and security infrastructure, with which it integrates. It’s not the only decoy-based security startup out there but Evron argues the focus on integrating with a business’ operations and processes makes its approach distinct.

“There are quite a few startups out there that are in the same active defense or cyber deception space but I can’t really say that any of them are working exactly the way we do it. Some of them just deploy decoys across the network, some of them are trying to use SDN technology for datacenters. We haven’t really seen anybody out there trying to approach this from a management perspective and a business perspective,” he says.

“We automate forensics. They now can know what attack an attacker used, vulnerability credentials, Trojan horse, everything the attacker did — where they connected on all the networks, they already have ready made information becoming available to them,” he adds, noting that the typical security scenario is that a breach is not detected until long after it has occurred — whereas Cymmetria is able to flag it up if not quite in real-time, then in a “significantly reduced time window”.

“You get immediate information that you can start using immediately to mitigate.”

What are the decoys exactly? Virtual machines, making them indistinguishable from any other machine on the network, according to Evron. Cymmetria’s approach also doesn’t require companies to install on premise hardware or put agents on computers or change existing network structure. As near to ‘plug and play’ as possible is the idea. He says a generous estimate for getting the system up and running is just a day.

“Essentially they are real machines. They’re machines just like any other. They could be a CEO laptop, they could be a super secret backup. But essentially attackers are going to see computers around the network, computers and other types of resources around the network that are simply not real — and they’re not going to be able to distinguish what’s real and what’s not,” he adds.

“We don’t mimic. That’s exactly the point. We create real machines — we use the world of virtualization. Ten years ago if an attacker would see a virtual machine they’d say that’s a researcher, trying to mimic a real machine. Today, when you look at organizations, a lot is in the cloud. Local cloud with virtualized environments. Global cloud like Amazon, Google, whatever. But essentially these are part of the corporate network. They’re just regular machines. So as long as my machines are just like any other machines they have no way of distinguishing.”

The system uses a series of breadcrumbs to lead attackers to the decoys. “When the attackers try to spread through an environment they essentially look for certain things. These signposts or breadcrumbs are what’s going to lead them towards the decoys,” is how Evron explains this element, careful not to give away too many signposts (given the game of smoke and mirrors it intends to play with attackers).

The primary target market for Cymmetria is large enterprises and Fortune 500 companies, plus financial institutions and banks — although security is generally rising up every digital business’ agenda. It has “several” early users at this point, including a major U.S. bank that it’s working with as a “design partner” — so tailoring the system to meet their needs while using their feedback to help shape the software. Its first user deployment was this February. Evron says it hasn’t yet encountered an APT attack with this initial group of beta users.

In terms of funding so far, Cymmetria has taken in early investment from several angels, YC, Seedcamp and U.S. VC firm Felicis. The business model is a multi-layered SaaS. “We support different types of models for different types of customer,” says Evron. “From on premise to the cloud, we support it all.”

Cymmetria is the first Israeli security company to be selected by Y Combinator. The team will be presenting at demo day at the end of August, when it will be looking raise its next round and start to scale up and grow the business.

Comments

Popular posts from this blog

How To Hide Text In Microsoft Word 2007, Reveal It & Protect It

Sometimes what we hide is more important than what we reveal. Especially, documents with sensitive information, some things are supposed to be ‘for some eyes only’. Such scenarios are quite common, even for the more un-secretive among us. You want to show someone a letter composed in MS Word, but want to keep some of the content private; or it’s an official letter with some part of it having critical data. As important as these two are, the most common use could involve a normal printing job. Many a time we have to print different versions of a document, one copy for one set of eyes and others for other sets. Rather than creating multiple copies and therefore multiple printing jobs, what if we could just do it from the same document?  That too, without the hassle of repeated cut and paste. We can, with a simple feature in MS Word – it’s just called Hidden and let me show you how to use it to hide text in Microsoft Word 2007. It’s a simple single click process. Open the docum...

Build Your Own Awesome Personal 3D Avatar with Avatara

Do you use social networks and want to build your own awesome 3D avatar? Maybe you want to send someone a cute cuddly image of yourself (kind of)? Or maybe you have your own ideas of what you would do with an Avatar… Well look no further than Avatara which I discovered from the MakeUseOf directory . You can create 3d avatars out of pre-set up templates or create your own from scratch. To start, visit Avatara’s homepage . You will see this screen: Click Get Started to umm, get started! That will take you to this screen: You see that you can build your own Avatar using an uploaded head shot like the Obama one above (just an example, guys). Or roll with one of their awesome avatars. I chose to start with a blank avatar by clicking Start with a blank avatar at the bottom of the screen. That takes you to here: I clicked on the filter at the top and told it to filter out everything but male characters and then I saw this: I rolled with Buck and continued. You need to click Select...

Ex-Skypers Launch Virtual Whiteboard Deekit

Although seriously long in the tooth and being disrupted by a plethora of startups, for many years Skype has existed as an almost ubiquitous app in any remote team’s toolkit. So it seems apt that a new startup founded by a team of ex-Skype employees is set to tackle another aspect of online collaboration. Deekit, which exits private beta today, is a virtual and collaborative whiteboard to help remote teams work smarter. The Tallinn, Estonia-based startup is headed up by founder and CEO, Kaili Kleemeier, who was previously a Head of Operations at Skype. She and three colleagues quit the Internet calling giant in 2012 and spent a year researching ideas in the remote team space. They ended up focusing on creating a new virtual whiteboard, born out of Kleemeier’s experience collaborating with technical teams remotely, specifically helping Skype deal with incident management. “Working with remote teams has been a challenge in many ways – cultural differences, language differences, a...