cybercrime
Auto Added by WPeMatico
Auto Added by WPeMatico
One vote.
That’s all it needed for a bipartisan Senate amendment to pass that would have stopped federal authorities from further accessing millions of Americans’ browsing records. But it didn’t. One Republican was in quarantine, another was AWOL. Two Democratic senators — including former presidential hopeful Bernie Sanders — were nowhere to be seen and neither returned a request for comment.
It was one of several amendments offered up in the effort to reform and reauthorize the Foreign Intelligence Surveillance Act, the basis of U.S. spying laws. The law, signed in 1978, put restrictions on who intelligence agencies could target with their vast listening and collection stations. But after the Edward Snowden revelations in 2013, lawmakers champed at the bit to change the system to better protect Americans, who are largely protected from the spies within its borders.
One privacy-focused amendment, brought by Sens. Mike Lee and Patrick Leahy, passed — permits for more independent oversight to the secretive and typically one-sided Washington, D.C. court that authorizes government surveillance programs, the Foreign Intelligence Surveillance Court. That amendment all but guarantees the bill will bounce back to the House for further scrutiny.
Here’s more from the week.
A feature-length profile in Wired magazine looks at the life of Marcus Hutchins, one of the heroes who helped stop the world’s biggest cyberattack three years to the day.
The profile — a 14,000-word cover story — examines his part in halting the spread of the global WannaCry ransomware attack and how his early days led him into a criminal world that prompted him to plead guilty to felony hacking charges. Thanks in part to his efforts in saving the internet, he was sentenced to time served and walked free.
Powered by WPeMatico
As cybercrime continues to evolve and expand, a startup that is building a business focused on endpoint security has raised a big round of funding. SentinelOne — which provides a machine learning-based solution for monitoring and securing laptops, phones, containerised applications and the many other devices and services connected to a network — has picked up $200 million, a Series E round of funding that it says catapults its valuation to $1.1 billion.
The funding is notable not just for its size but for its velocity: it comes just eight months after SentinelOne announced a Series D of $120 million, which at the time valued the company around $500 million. In other words, the company has more than doubled its valuation in less than a year — a sign of the cybersecurity times.
This latest round is being led by Insight Partners, with Tiger Global Management, Qualcomm Ventures LLC, Vista Public Strategies of Vista Equity Partners, Third Point Ventures and other undisclosed previous investors all participating.
Tomer Weingarten, CEO and co-founder of the company, said in an interview that while this round gives SentinelOne the flexibility to remain in “startup” mode (privately funded) for some time — especially since it came so quickly on the heels of the previous large round — an IPO “would be the next logical step” for the company. “But we’re not in any rush,” he added. “We have one to two years of growth left as a private company.”
While cybercrime is proving to be a very expensive business (or very lucrative, I guess, depending on which side of the equation you sit on), it has also meant that the market for cybersecurity has significantly expanded.
Endpoint security, the area where SentinelOne concentrates its efforts, last year was estimated to be around an $8 billion market, and analysts project that it could be worth as much as $18.4 billion by 2024.
Driving it is the single biggest trend that has changed the world of work in the last decade. Everyone — whether a road warrior or a desk-based administrator or strategist, a contractor or full-time employee, a front-line sales assistant or back-end engineer or executive — is now connected to the company network, often with more than one device. And that’s before you consider the various other “endpoints” that might be connected to a network, including machines, containers and more. The result is a spaghetti of a problem. One survey from LogMeIn, disconcertingly, even found that some 30% of IT managers couldn’t identify just how many endpoints they managed.
“The proliferation of devices and the expanding network are the biggest issues today,” said Weingarten. “The landscape is expanding and it is getting very hard to monitor not just what your network looks like but what your attackers are looking for.”
This is where an AI-based solution like SentinelOne’s comes into play. The company has roots in the Israeli cyberintelligence community but is based out of Mountain View, and its platform is built around the idea of working automatically not just to detect endpoints and their vulnerabilities, but to apply behavioral models, and various modes of protection, detection and response in one go — in a product that it calls its Singularity Platform that works across the entire edge of the network.
“We are seeing more automated and real-time attacks that themselves are using more machine learning,” Weingarten said. “That translates to the fact that you need defence that moves in real time as with as much automation as possible.”
SentinelOne is by no means the only company working in the space of endpoint protection. Others in the space include Microsoft, CrowdStrike, Kaspersky, McAfee, Symantec and many others.
But nonetheless, its product has seen strong uptake to date. It currently has some 3,500 customers, including three of the biggest companies in the world, and “hundreds” from the global 2,000 enterprises, with what it says has been 113% year-on-year new bookings growth, revenue growth of 104% year-on-year and 150% growth year-on-year in transactions over $2 million. It has 500 employees today and plans to hire up to 700 by the end of this year.
One of the key differentiators is the focus on using AI, and using it at scale to help mitigate an increasingly complex threat landscape, to take endpoint security to the next level.
“Competition in the endpoint market has cleared with a select few exhibiting the necessary vision and technology to flourish in an increasingly volatile threat landscape,” said Teddie Wardi, managing director of Insight Partners, in a statement. “As evidenced by our ongoing financial commitment to SentinelOne along with the resources of Insight Onsite, our business strategy and ScaleUp division, we are confident that SentinelOne has an enormous opportunity to be a market leader in the cybersecurity space.”
Weingarten said that SentinelOne “gets approached every year” to be acquired, although he didn’t name any names. Nevertheless, that also points to the bigger consolidation trend that will be interesting to watch as the company grows. SentinelOne has never made an acquisition to date, but it’s hard to ignore that, as the company to expand its products and features, that it might tap into the wider market to bring in other kinds of technology into its stack.
“There are definitely a lot of security companies out there,” Weingarten noted. “Those that serve a very specific market are the targets for consolidation.”
Powered by WPeMatico
The amount of data that most companies now store — and the places they store it — continues to increase rapidly. With that, the risk of the wrong people managing to get access to this data also increases, so it’s no surprise that we’re now seeing a number of startups that focus on protecting this data and how it flows between clouds and on-premises servers. Satori Cyber, which focuses on data protecting and governance, today announced that it has raised a $5.25 million seed round led by YL Ventures.
“We believe in the transformative power of data to drive innovation and competitive advantage for businesses,” the company says. “We are also aware of the security, privacy and operational challenges data-driven organizations face in their journey to enable broad and optimized data access for their teams, partners and customers. This is especially true for companies leveraging cloud data technologies.”
Satori is officially coming out of stealth mode today and launching its first product, the Satori Cyber Secure Data Access Cloud. This service provides enterprises with the tools to provide access controls for their data, but maybe just as importantly, it also offers these companies and their security teams visibility into their data flows across cloud and hybrid environments. The company argues that data is “a moving target” because it’s often hard to know how exactly it moves between services and who actually has access to it. With most companies now splitting their data between lots of different data stores, that problem only becomes more prevalent over time and continuous visibility becomes harder to come by.
“Until now, security teams have relied on a combination of highly segregated and restrictive data access and one-off technology-specific access controls within each data store, which has only slowed enterprises down,” said Satori Cyber CEO and co-founder Eldad Chai. “The Satori Cyber platform streamlines this process, accelerates data access and provides a holistic view across all organizational data flows, data stores and access, as well as granular access controls, to accelerate an organization’s data strategy without those constraints.”
Both co-founders (Chai and CTO Yoav Cohen) previously spent nine years building security solutions at Imperva and Incapsula (which acquired Imperva in 2014). Based on this experience, they understood that onboarding had to be as easy as possible and that operations would have to be transparent to the users. “We built Satori’s Secure Data Access Cloud with that in mind, and have designed the onboarding process to be just as quick, easy and painless. On-boarding Satori involves a simple host name change and does not require any changes in how your organizational data is accessed or used,” they explain.
Powered by WPeMatico
Immersive Labs, a cybersecurity skills platform, has raised $40 million in its Series B, the company’s second round of funding this year following an $8 million Series A in January.
Summit Partners led the fundraise, with Goldman Sachs participating, the Bristol, U.K.-based company confirmed.
Immersive, led by former GCHQ cybersecurity instructor James Hadley, helps corporate employees learn new security skills by using real, up-to-date threat intelligence in a “gamified” way. Its cybersecurity learning platform uses a variety of techniques and psychology to build up immersive and engaging cyber war games to help IT and security teams learn. The platform aims to help users better understand cybersecurity threats, like detecting and understanding phishing and malware reverse-engineering.
It’s a new take on cybersecurity education, as the company’s founder and chief executive Hadley said the ever-evolving threat landscape has made traditional classroom training “obsolete.”
“It creates knowledge gaps that increase risk, offer vulnerabilities and present opportunities for attackers,” said Hadley.
The company said it will use the round to expand further into the U.S. and Canadian markets from its North American headquarters in Boston, Mass.
Since its founding in 2017, Immersive already has big customers to its name, including Bank of Montreal and Citigroup, on top of its U.K. customers, including BT, the National Health Service and London’s Metropolitan Police.
Goldman Sachs, an investor and customer, said it was “impressed” by Immersive’s achievements so far.
“The platform is continually evolving as new features are developed to help address the gap in cyber skills that is impacting companies and governments across the globe,” said James Hayward, the bank’s executive director.
Immersive said it has 750% year-over-year growth in annual recurring revenues and more than 100 employees across its offices.
Powered by WPeMatico
Critical cyber attacks on both businesses and individuals have been grabbing headlines at an alarming rate. Cybersecurity has moved from a background risk for enterprises to a critical day-to-day threat to business operations, forcing executive teams to pour time and hundreds of billions in capital into monitoring and prevention efforts.
Yet even as investment in security ticks up, the frequency and cost of cybercrime to businesses continues to rapidly accelerate, with the World Economic Forum estimating the economic loss due to cybercrime could reach $3 trillion by 2020.
More companies are now turning to cyber insurance as a means of mitigating financial exposure. However, for traditional insurers, cybersecurity remains a relatively nascent and unfamiliar issue, requiring risk-assessment data points and methodologies largely different from those seen in traditional insurance products. As a result, businesses often struggle to get the scale of cybersecurity coverage they require.
Arceo.ai is hoping to expand the size and scope of the cyber insurance market for both insurers and companies, by providing insurers with effective real-time data, analytics and context, necessary for safely and efficiently underwrite cyber risk.
This morning, Arceo took a major step in achieving that goal, announcing the company has raised a $37 million round of funding led by Lightspeed Venture Partners and Founders Fund with participation from CRV and UL Ventures.
Using an expansive set of global sources across a customer’s digital footprint, Arceo.AI collects internal, external and macro cyber risk data which it uses to evaluate a company’s security and cyber risk management behavior. By automating the data collection process and connecting it with insurer underwriting processes, Arceo is able to keep its data and policy assessments up to date in real-time and enable faster, more efficient quotes.
A vital component of Arceo’s platform is its analytics offering. Using patented data science and cyber risk models, Arceo generates analytics-driven insights for insurance carriers, brokers and end-insured customers. For end-insured customers, Arceo helps companies understand whether they’re using the best mitigation strategies by providing policy recommendations and industry benchmarking to help contextualize day-to-day cyber behavior and hygiene. For underwriters, Arceo can provide specific insurance recommendations based on particular policy coverages.
Ultimately, Arceo looks to provide both insurers and the insured with actionable answers to key questions such as how one assesses cyber risk, how one determines what risks can be mitigated with technology alone, how one knows which systems are best and whether those systems are being used appropriately.
In an interview with TechCrunch, Arceo Chairman Raj Shah explained that the company’s background expertise, proprietary data systems, and deep pedigree in both the security and insurance truly differentiate Arceo from competing solutions. For starters, both Shah and Arceo co-founder and CEO Vishaal Hariprasad have spent close to the entirety of their careers in national security and cybersecurity. Hariprasad started his career in the Airforce’s first cohort of cyber warfare officers, before teaming up with Shah to start Morta Security in 2012, a security startup the two sold to Palo Alto networks in just roughly two years.
After selling the company, Shah and Hariprasad remained in the security world before realizing that there was a natural intersection between security and insurance, and a real opportunity for risk transfer solutions.
“Having studied the market, we saw that people are spending more and more dollars on cybersecurity products… There are hundreds of thousands of new vendors every year… Spend is going up, but we don’t feel any safer!” Shah told TechCrunch.
“That’s when we said ‘Hey, we need to move beyond just thinking about technology points and products, and think about holistic cyber risk management.’ And this is where insurance has historically done a great job. Putting a price on behavior and making people think and letting them take risks… From life and death and health to buyers and property and casualty. And so cyber is that next class risk… So that’s really why we started the business. We wanted to provide a real way to manage the cyber stress that they’re facing and that will impact every single one of our digital lives.”
Since the company’s founding, Raj and Vishaal have been joined by a deep network of cyber and insurance experts. Today, Arceo also announced that Hemant Shah, founder and former CEO of catastrophe risk modeling company RMS has joined Arceo’s Board of Directors. Additionally, earlier this month, the company announced that Mario Vitale, the former CEO of publically-traded insurance companies Willis Towers Watson and Zurich Insurance Group, would be joining the Arceo team as the company’s President.
The company noted that participation from high-profile industry vets like Hemant and Mario not only further advance Arceo’s competitive advantage but also acts as another major validation of the company’s future and work to date.
According to Arceo Chairman Raj Shah, after years of investing in R&D, the latest funds will be used towards expansion efforts and scaling Arceo to the broader ecosystem of insurance and brokers. Longer-term, the company hopes to offer the most complete combined cybersecurity and risk transfer solution to insurers and the insured, easing the stress around cyber threats for both enterprises and individuals and ultimately improving broader cyber resiliency.
If you’d like to hear more from Arceo’s Raj Shah, Raj will also be joining us this year on the Extra Crunch stage at TechCrunch Disrupt SF, where he’ll discuss how founders and companies should think about potential US government investment. Grab tickets here and we hope to see you there!
Powered by WPeMatico
Hackers will soon be able to stress-test the Facebook Portal at the annual Pwn2Own hacking contest, following the introduction of the social media giant’s debut hardware device last year.
Pwn2Own is one of the largest hacking contests in the world, where security researchers descend to find and demonstrate their exploits for vulnerabilities in a range of consumer electronics and technologies, including appliances and automobiles.
It’s not unusual for companies to allow hackers put their products through their paces. Tesla earlier this year entered its new Model 3 sedan into the contest. A pair of researchers later scooped up $375,000 — and the car they hacked — for finding a severe memory randomization bug in the web browser of the car’s infotainment system.
Hackers able to remotely inject and run code on the Facebook Portal can receive up to $60,000, while a non-invasive physical attack or a privilege escalation bug can net $40,000.
Introducing the Facebook Portal is part of a push by Trend Micro’s Zero Day Initiative, which runs the contest, to expand the range of home automation devices available to researchers in attendance. Pwn2Own said researchers will also get a chance to try to hack an Amazon Echo Show 5, a Google Nest Hub Max, an Amazon Cloud Cam and a Nest Cam IQ Indoor.
Facebook said it also would allow hackers to find flaws in the Oculus Quest virtual reality kit.
Pwn2Own Tokyo, set to be held on November 6-7, is expected to dish out more than $750,000 in cash and prizes.
Powered by WPeMatico
Cybersecurity asset management startup Axonius has raised $20 million in its second round of funding this year.
Venture capital firm OpenView led the Series B, joining existing investors in bringing $37 million to date following the startup’s $13 million Series A in February.
The security startup, founded in 2017, helps companies keep track of their enterprise assets, such as how many clouds, computers and devices are on their network. The logic goes that if you know what you have — including devices plugged into your network by employees or guests — you can keep track and discover holes in your enterprise security. That insight allows enterprises to enforce security policies to keep the rest of the network safe — like installing endpoint security software, or blocking devices from connecting to the network altogether.
Axonius’ co-founder and chief executive Dean Sysman said the company takes a different approach to asset management.
“You can’t secure what you don’t know about,” he told TechCrunch. “Almost everything you’re doing in security relies on a foundation of knowing your assets and how they stack up against your security policies. Once you get that foundation taken care of, everything else you do will benefit,” he said.
Instead, Axonius integrates with more than a hundred existing security and management solutions to build up a detailed picture of an entire organization.
Clearly it’s a strategy that’s paying off.
The company already has big-name clients like The New York Times and Schneider Electric, as well as a handful of customers in the Fortune 500.
Sysman said the bulk of the funding will go toward the expansion of its sales and marketing teams, but also the continued improvement and development of its product. “We’re hitting the gas and continuing to bring our solution to as many organizations in the market as we can,” he said.
Axonius said OpenView partner Mackey Craven, who focuses on cloud computing and enterprise infrastructure companies, will join the board of directors following the fundraise.
Powered by WPeMatico
Cybereason, which uses machine learning to increase the number of endpoints a single analyst can manage across a network of distributed resources, has raised $200 million in new financing from SoftBank Group and its affiliates.
It’s a sign of the belief that SoftBank has in the technology, since the Japanese investment firm is basically doubling down on commitments it made to the Boston-based company four years ago.
The company first came to our attention five years ago when it raised a $25 million financing from investors, including CRV, Spark Capital and Lockheed Martin.
Cybereason’s technology processes and analyzes data in real time across an organization’s daily operations and relationships. It looks for anomalies in behavior across nodes on networks and uses those anomalies to flag suspicious activity.
The company also provides reporting tools to inform customers of the root cause, the timeline, the person involved in the breach or breaches, which tools they use and what information was being disseminated within and outside of the organization.
For co-founder Lior Div, Cybereason’s work is the continuation of the six years of training and service he spent working with the Israeli army’s 8200 Unit, the military incubator for half of the security startups pitching their wares today. After his time in the military, Div worked for the Israeli government as a private contractor reverse-engineering hacking operations.
Over the last two years, Cybereason has expanded the scope of its service to a network that spans 6 million endpoints tracked by 500 employees, with offices in Boston, Tel Aviv, Tokyo and London.
“Cybereason’s big data analytics approach to mitigating cyber risk has fueled explosive expansion at the leading edge of the EDR domain, disrupting the EPP market. We are leading the wave, becoming the world’s most reliable and effective endpoint prevention and detection solution because of our technology, our people and our partners,” said Div, in a statement. “We help all security teams prevent more attacks, sooner, in ways that enable understanding and taking decisive action faster.”
The company said it will use the new funding to accelerate its sales and marketing efforts across all geographies and push further ahead with research and development to make more of its security operations autonomous.
“Today, there is a shortage of more than three million level 1-3 analysts,” said Yonatan Striem-Amit, chief technology officer and co-founder, Cybereason, in a statement. “The new autonomous SOC enables SOC teams of the future to harness technology where manual work is being relied on today and it will elevate L1 analysts to spend time on higher value tasks and accelerate the advanced analysis L3 analysts do.”
Most recently the company was behind the discovery of Operation SoftCell, the largest nation-state cyber espionage attack on telecommunications companies.
That attack, which was either conducted by Chinese-backed actors or made to look like it was conducted by Chinese-backed actors, according to Cybereason, targeted a select group of users in an effort to acquire cell phone records.
As we wrote at the time:
… hackers have systematically broken in to more than 10 cell networks around the world to date over the past seven years to obtain massive amounts of call records — including times and dates of calls, and their cell-based locations — on at least 20 individuals.
Researchers at Boston-based Cybereason, who discovered the operation and shared their findings with TechCrunch, said the hackers could track the physical location of any customer of the hacked telcos — including spies and politicians — using the call records.
Lior Div, Cybereason’s co-founder and chief executive, told TechCrunch it’s “massive-scale” espionage.
Call detail records — or CDRs — are the crown jewels of any intelligence agency’s collection efforts. These call records are highly detailed metadata logs generated by a phone provider to connect calls and messages from one person to another. Although they don’t include the recordings of calls or the contents of messages, they can offer detailed insight into a person’s life. The National Security Agency has for years controversially collected the call records of Americans from cell providers like AT&T and Verizon (which owns TechCrunch), despite the questionable legality.
It’s not the first time that Cybereason has uncovered major security threats.
Back when it had just raised capital from CRV and Spark, Cybereason’s chief executive was touting its work with a defense contractor who’d been hacked. Again, the suspected culprit was the Chinese government.
As we reported, during one of the early product demos for a private defense contractor, Cybereason identified a full-blown attack by the Chinese — 10,000 thousand usernames and passwords were leaked, and the attackers had access to nearly half of the organization on a daily basis.
The security breach was too sensitive to be shared with the press, but Div says that the FBI was involved and that the company had no indication that they were being hacked until Cybereason detected it.
Powered by WPeMatico
In 2017 — for the first time in over a decade — a computer worm ran rampage across the internet, threatening to disrupt businesses, industries, governments and national infrastructure across several continents.
The WannaCry ransomware attack became the biggest threat to the internet since the Mydoom worm in 2004. On May 12, 2017, the worm infected millions of computers, encrypting their files and holding them hostage to a bitcoin payment.
Train stations, government departments, and Fortune 500 companies were hit by the surprise attack. The U.K.’s National Health Service (NHS) was one of the biggest organizations hit, forcing doctors to turn patients away and emergency rooms to close.
Earlier this week we reported a deep-dive story into the 2017 cyberattack that’s never been told before.
British security researchers — Marcus Hutchins and Jamie Hankins — registered a domain name found in WannaCry’s code in order to track the infection. It took them three hours to realize they had inadvertently stopped the attack dead in its tracks. That domain became the now-infamous “kill switch” that instantly stopped the spread of the ransomware.
As long as the kill switch remains online, no computer infected with WannaCry would have its files encrypted.
But the attack was far from over.
In the days following, the researchers were attacked from an angry botnet operator pummeling the domain with junk traffic to try to knock it offline and two of their servers were seized by police in France thinking they were contributing to the spread of the ransomware.
Worse, their exhaustion and lack of sleep threatened to derail the operation. The kill switch was later moved to Cloudflare, which has the technical and infrastructure support to keep it alive.
Hankins described it as the “most stressful thing” he’s ever experienced. “The last thing you need is the idea of the entire NHS on fire,” he told TechCrunch.
Although the kill switch is in good hands, the internet is just one domain failure away from another massive WannaCry outbreak. Just last month two Cloudflare failures threatened to bring the kill switch domain offline. Thankfully, it stayed up without a hitch.
CISOs and CSOs take note: here’s what you need to know.
Powered by WPeMatico
It takes a lot of trust to allow a company to come in and install a mystery box on their network to monitor for threats. It’s like inviting in a security guard to sit in your living room to make sure nobody breaks in.
Yet that’s exactly what Darktrace does. (The box, not the security guard.)
The Cambridge U.K.-founded company, now with a second headquarters in San Francisco, assumes that any network can be breached. Instead of looking at the perimeter of a network, Darktrace uses artificial intelligence (AI) and machine learning to scan and identify security weaknesses and malicious traffic inside a company’s network.
Traditional network monitoring typically uses signature-based threat detection of matching against known malicious files, but can be easily modified to evade detection. Instead, Darktrace builds up a profile of the network to understand what the baseline “normal” looks like so it can spot and identify potential issues, like large amounts of data exfiltration or suspect devices.
But how do you win over those who see a sea of meaningless buzzwords? How can you differentiate between the smoke and mirrors and the real deal?
“No one wants the black box making decisions without them knowing what it’s doing,” said Nicole Eagan, Darktrace’s co-founder and chief executive, in a call with TechCrunch.
“So, let them have visibility,” she said.
Darktrace’s founders have roots in the U.K. and U.S. intelligence, where they took what they knew of the cybersecurity threats to the private sector to where the new battleground opened up. In the past half-decade of its existence, the company has gained major clients on its roster — from telcos to banks, tech giants and car makers — supported by 900 staff in over 40 offices around the world.
About a quarter of its customers are in financial services, said Eagan. But it takes a lot for the heavily regulated companies to trust a mystery device on a company’s network where the data and security, like financial services, is highly regulated.
Powered by WPeMatico