Nav: Home

Researchers raise more than $2 million to rethink cybersecurity

July 28, 2016

Is antivirus software already dead? That's certainly what George Candea believes, and he's not the only computer security expert who says so. "Large enterprises and government agencies often deploy antivirus software to satisfy legal obligations or to meet contractual requirements, not because they really believe that the software can defend them," says George Candea. Together with some of his former PhD students, the EPFL professor founded Cyberhaven, a startup that is developing a brand new approach to computer security. And their results are promising. In a third party test, their solution warded off all 144 cyber attacks that had been hand-crafted by professional penetration testers, whereas so-called heuristic modern security products caught just over 20 of them. As for the best classical antivirus software tested, it only caught one. "I think it just got lucky!," muses the researcher.

Since it was founded in early 2015, Cyberhaven has had revenues of 640,000 dollars. This is encouraging for such a young company, and it enabled them to raise more than two million dollars in a first round of financing from Accomplice, one of the most active early-stage venture capital firms on the US East Coast. Cyberhaven will use the funds to set up its office in Boston and fuel the growth of its R&D team in Switzerland, at the EPFL Innovation Park.

Cyberhaven's solution is marketed mainly to enterprises and government agencies, which are all targets of sophisticated cyber attacks. Cyber criminals develop targeted malware that is unique to each of their attack campaigns. As a result, most of today's security products are not effective against such new attacks. So organizations try to have defense perimeters within defense perimeters to build up so-called "defense in depth." "Information security officers eventually reach the point where their infrastructure is so complex that they simply cannot manage it anymore," says George Candea.

Defending "data in operation" against attack

The team of EPFL researchers developed a completely novel approach to defend sensitive documents against cyber attacks in a way that significantly simplifies an organization's security infrastructure. The approach complements what is perhaps the most effective security tool today, namely encryption - available in a wide variety of programs we use daily, including Microsoft Office.

Alas, encrypting documents is not enough to safeguard them. When opening an encrypted file, such as a text document, the application must first decrypt it in order to operate on it. As a result, the document's data is exposed. By exploiting vulnerabilities in applications like the Word text editor, malware hijacks them and steals all the documents that the application can access and decrypt. This is a real Achilles' heel of enterprise security, and encryption cannot solve it.

Cyberhaven's solution safeguards sensitive documents together with the relevant applications in a safe haven. "Only documents that are safe for these applications can enter the safe haven, and that also protects the integrity of the applications. Our defense technology is based on deep application analysis and has nothing to do with heuristics-based solutions that try to guess malicious behavior. We literally analyze every instruction, we never guess." Developing the technology took seven years of research at EPFL and is protected by four EPFL patents that have been licensed to Cyberhaven.

Neutralize malware instead of trying to keep it out

Unlike traditional defense techniques, Cyberhaven does not aim to keep all malware out of the enterprise but instead prevents it from acting. "Instead of building a fortress with many weak walls, we protect individual workflows that correspond to users' activities, such as the preparation of a quarterly financial report or the negotiation of a new inter-governmental agreement. By combining document encryption with Cyberhaven, it will no longer be necessary to use dozens of different security products to protect yourself; this will make your security infrastructure simpler and stronger."

"Expanding into the USA enables us to continue growing in Switzerland"

According to George Candea, fundamental academic research with novel perspectives is required to solve today's computer security problems. "Sometimes the industry can be stuck in a rut, so I believe it is up to researchers to rethink the problems from the ground up and come up with solutions." And, to fulfill their mission, this team of researchers is taking the execution of their vision in their own hands: Cyberhaven's leadership is entirely composed of former PhD students from George Candea's lab at EPFL.

Cyberhaven now has eight full-time employees in Switzerland. One of the co-founders, Vova Kuznetsov, has taken over the reins and is setting up the company's headquarters in Boston. "Switzerland has exceptional talent and quality infrastructure, but it is also a small market. By expanding into the US, we make it possible to grow our R&D in Switzerland, explains George Candea. And the US is not just a huge market, it is also an opportunity to compete with the very best, and that pushes us to become better."
-end-
Cyberhaven leadership: Dr. Vova Kuznetsov, CEO / Dr. George Candea, Chairman / Dr. Cristian Zamfir, COO / Dr. Radu Banabic, VP of Engineering / Dr. Vitaly Chipounov, Chief Architect

Ecole Polytechnique Fédérale de Lausanne

Related Computer Security Articles:

UCLA computer scientists set benchmarks to optimize quantum computer performance
Two UCLA computer scientists have shown that existing compilers, which tell quantum computers how to use their circuits to execute quantum programs, inhibit the computers' ability to achieve optimal performance.
Computer-based weather forecast: New algorithm outperforms mainframe computer systems
The exponential growth in computer processing power seen over the past 60 years may soon come to a halt.
Focus on food security and sustainability
The number of malnourished people is increasing worldwide. More than two billion people suffer from a lack of micronutrients.
Eliminating infamous security threats
Speculative memory side-channel attacks like Meltdown and Spectre are security vulnerabilities in computers.
UBC study: Publicizing a firm's security levels may strengthen security over time
New research from the UBC Sauder School of Business has quantified the security levels of more than 1,200 Pan-Asian companies in order to determine whether increased awareness of one's security levels leads to improved defense levels against cybercrime.
Discovery casts dark shadow on computer security
Two international teams of security researchers have uncovered Foreshadow, a new variant of the hardware vulnerability Meltdown announced earlier in the year, that can be exploited to bypass Intel Processors' secure regions to access memory and data.
Shh! Proven security for your secrets
Researchers show the security of their cipher based on chaos theory.
A library for food security
Researchers are uncovering the genome of cowpeas, also known as black-eyed peas, in response to challenging growing conditions and the need for food security.
Bring your own (security) disaster
Bring your own device (BYOD) to work is common practice these days.
'Security fatigue' can cause computer users to feel hopeless and act recklessly
A new study from National Institute of Standards and Technology researchers found that a majority of the typical computer users they interviewed experienced security fatigue -- weariness or reluctance to deal with computer security -- that often leads users to risky computing behavior at work and in their personal lives.
More Computer Security News and Computer Security Current Events

Trending Science News

Current Coronavirus (COVID-19) News

Top Science Podcasts

We have hand picked the top science podcasts of 2020.
Now Playing: TED Radio Hour

Debbie Millman: Designing Our Lives
From prehistoric cave art to today's social media feeds, to design is to be human. This hour, designer Debbie Millman guides us through a world made and remade–and helps us design our own paths.
Now Playing: Science for the People

#574 State of the Heart
This week we focus on heart disease, heart failure, what blood pressure is and why it's bad when it's high. Host Rachelle Saunders talks with physician, clinical researcher, and writer Haider Warraich about his book "State of the Heart: Exploring the History, Science, and Future of Cardiac Disease" and the ails of our hearts.
Now Playing: Radiolab

Insomnia Line
Coronasomnia is a not-so-surprising side-effect of the global pandemic. More and more of us are having trouble falling asleep. We wanted to find a way to get inside that nighttime world, to see why people are awake and what they are thinking about. So what'd Radiolab decide to do?  Open up the phone lines and talk to you. We created an insomnia hotline and on this week's experimental episode, we stayed up all night, taking hundreds of calls, spilling secrets, and at long last, watching the sunrise peek through.   This episode was produced by Lulu Miller with Rachael Cusick, Tracie Hunte, Tobin Low, Sarah Qari, Molly Webster, Pat Walters, Shima Oliaee, and Jonny Moens. Want more Radiolab in your life? Sign up for our newsletter! We share our latest favorites: articles, tv shows, funny Youtube videos, chocolate chip cookie recipes, and more. Support Radiolab by becoming a member today at Radiolab.org/donate.