Nav: Home

Researchers raise more than $2 million to rethink cybersecurity

July 28, 2016

Is antivirus software already dead? That's certainly what George Candea believes, and he's not the only computer security expert who says so. "Large enterprises and government agencies often deploy antivirus software to satisfy legal obligations or to meet contractual requirements, not because they really believe that the software can defend them," says George Candea. Together with some of his former PhD students, the EPFL professor founded Cyberhaven, a startup that is developing a brand new approach to computer security. And their results are promising. In a third party test, their solution warded off all 144 cyber attacks that had been hand-crafted by professional penetration testers, whereas so-called heuristic modern security products caught just over 20 of them. As for the best classical antivirus software tested, it only caught one. "I think it just got lucky!," muses the researcher.

Since it was founded in early 2015, Cyberhaven has had revenues of 640,000 dollars. This is encouraging for such a young company, and it enabled them to raise more than two million dollars in a first round of financing from Accomplice, one of the most active early-stage venture capital firms on the US East Coast. Cyberhaven will use the funds to set up its office in Boston and fuel the growth of its R&D team in Switzerland, at the EPFL Innovation Park.

Cyberhaven's solution is marketed mainly to enterprises and government agencies, which are all targets of sophisticated cyber attacks. Cyber criminals develop targeted malware that is unique to each of their attack campaigns. As a result, most of today's security products are not effective against such new attacks. So organizations try to have defense perimeters within defense perimeters to build up so-called "defense in depth." "Information security officers eventually reach the point where their infrastructure is so complex that they simply cannot manage it anymore," says George Candea.

Defending "data in operation" against attack

The team of EPFL researchers developed a completely novel approach to defend sensitive documents against cyber attacks in a way that significantly simplifies an organization's security infrastructure. The approach complements what is perhaps the most effective security tool today, namely encryption - available in a wide variety of programs we use daily, including Microsoft Office.

Alas, encrypting documents is not enough to safeguard them. When opening an encrypted file, such as a text document, the application must first decrypt it in order to operate on it. As a result, the document's data is exposed. By exploiting vulnerabilities in applications like the Word text editor, malware hijacks them and steals all the documents that the application can access and decrypt. This is a real Achilles' heel of enterprise security, and encryption cannot solve it.

Cyberhaven's solution safeguards sensitive documents together with the relevant applications in a safe haven. "Only documents that are safe for these applications can enter the safe haven, and that also protects the integrity of the applications. Our defense technology is based on deep application analysis and has nothing to do with heuristics-based solutions that try to guess malicious behavior. We literally analyze every instruction, we never guess." Developing the technology took seven years of research at EPFL and is protected by four EPFL patents that have been licensed to Cyberhaven.

Neutralize malware instead of trying to keep it out

Unlike traditional defense techniques, Cyberhaven does not aim to keep all malware out of the enterprise but instead prevents it from acting. "Instead of building a fortress with many weak walls, we protect individual workflows that correspond to users' activities, such as the preparation of a quarterly financial report or the negotiation of a new inter-governmental agreement. By combining document encryption with Cyberhaven, it will no longer be necessary to use dozens of different security products to protect yourself; this will make your security infrastructure simpler and stronger."

"Expanding into the USA enables us to continue growing in Switzerland"

According to George Candea, fundamental academic research with novel perspectives is required to solve today's computer security problems. "Sometimes the industry can be stuck in a rut, so I believe it is up to researchers to rethink the problems from the ground up and come up with solutions." And, to fulfill their mission, this team of researchers is taking the execution of their vision in their own hands: Cyberhaven's leadership is entirely composed of former PhD students from George Candea's lab at EPFL.

Cyberhaven now has eight full-time employees in Switzerland. One of the co-founders, Vova Kuznetsov, has taken over the reins and is setting up the company's headquarters in Boston. "Switzerland has exceptional talent and quality infrastructure, but it is also a small market. By expanding into the US, we make it possible to grow our R&D in Switzerland, explains George Candea. And the US is not just a huge market, it is also an opportunity to compete with the very best, and that pushes us to become better."
-end-
Cyberhaven leadership: Dr. Vova Kuznetsov, CEO / Dr. George Candea, Chairman / Dr. Cristian Zamfir, COO / Dr. Radu Banabic, VP of Engineering / Dr. Vitaly Chipounov, Chief Architect

Ecole Polytechnique Fédérale de Lausanne

Related Computer Security Articles:

Eliminating infamous security threats
Speculative memory side-channel attacks like Meltdown and Spectre are security vulnerabilities in computers.
UBC study: Publicizing a firm's security levels may strengthen security over time
New research from the UBC Sauder School of Business has quantified the security levels of more than 1,200 Pan-Asian companies in order to determine whether increased awareness of one's security levels leads to improved defense levels against cybercrime.
Discovery casts dark shadow on computer security
Two international teams of security researchers have uncovered Foreshadow, a new variant of the hardware vulnerability Meltdown announced earlier in the year, that can be exploited to bypass Intel Processors' secure regions to access memory and data.
Shh! Proven security for your secrets
Researchers show the security of their cipher based on chaos theory.
A library for food security
Researchers are uncovering the genome of cowpeas, also known as black-eyed peas, in response to challenging growing conditions and the need for food security.
Bring your own (security) disaster
Bring your own device (BYOD) to work is common practice these days.
'Security fatigue' can cause computer users to feel hopeless and act recklessly
A new study from National Institute of Standards and Technology researchers found that a majority of the typical computer users they interviewed experienced security fatigue -- weariness or reluctance to deal with computer security -- that often leads users to risky computing behavior at work and in their personal lives.
Computer scientists find way to make all that glitters more realistic in computer graphics
Iron Man's suit. Captain America's shield. The Batmobile. These all could look a lot more realistic thanks to a new algorithm developed by a team of US computer graphics experts.
Closing a malware security loophole
An add-on for antivirus software that can scan across a computer network and trap malicious activity missed by the system firewall is being developed by an international team.
Email security improving, but far from perfect
Email security helps protect some of our most sensitive data: password recovery confirmations, financial data, confidential correspondences, and more.
More Computer Security News and Computer Security Current Events

Best Science Podcasts 2019

We have hand picked the best science podcasts for 2019. Sit back and enjoy new science podcasts updated daily from your favorite science news services and scientists.
Now Playing: TED Radio Hour

Rethinking Anger
Anger is universal and complex: it can be quiet, festering, justified, vengeful, and destructive. This hour, TED speakers explore the many sides of anger, why we need it, and who's allowed to feel it. Guests include psychologists Ryan Martin and Russell Kolts, writer Soraya Chemaly, former talk radio host Lisa Fritsch, and business professor Dan Moshavi.
Now Playing: Science for the People

#538 Nobels and Astrophysics
This week we start with this year's physics Nobel Prize awarded to Jim Peebles, Michel Mayor, and Didier Queloz and finish with a discussion of the Nobel Prizes as a way to award and highlight important science. Are they still relevant? When science breakthroughs are built on the backs of hundreds -- and sometimes thousands -- of people's hard work, how do you pick just three to highlight? Join host Rachelle Saunders and astrophysicist, author, and science communicator Ethan Siegel for their chat about astrophysics and Nobel Prizes.