These Startups are Fighting the WannaCry Cyber Attack

Last weekend’s sophisticated cyber attack will most likely make its creators, probably a group of non-state cyber-criminals, richer by tens of thousands of dollars, but the big chunk of it will go to a much more legitimate, white-hatted industry. The entire cyber-security industry will grow even larger with bigger multi-million dollar enterprise contracts. Particularly, startups that deal with the main characteristics of the attack (named WannaCry), will rise higher above the rest of the clutter.

In this post, we’ll mention some of these promising startups, but first, let’s describe the threats that were demonstrated during last weekend’s mega-attack. Like many cyber attacks, this one also started with phishing, meaning sending out emails purporting to be from a well-known source with links that will carry users to fraudulent sites, where their login details are compromised. The second threat was ransomware through file encryption: a complete encryption of the files, warning that they will be deleted in the event that the owner will not pay Bitcoin as ransom.

Search for a company

The third threat is hijacking a utility through old fashioned IT, thus halting necessary services such as telecom or healthcare. The fourth is the EternalBlue vulnerability in Microsoft’s file sharing system, which was discovered by the NSA and then leaked last month by a group which calls itself Shadow Brokers. No one knows how this weapon leaked from the NSA, but it is not improbable that an insider did it.

Now, let’s mention some of the startup companies that effectively deal with threats such as phishing, spear phishing, files hijacking, and ransomware:

Cybereason:

Cybereason provides real-time cyber attack detection and response tech for the enterprise by analyzing lower software layers in a network. Their endpoint detection and response platform identifies, visualizes and finds a solution to the smallest faint evidence of malicious activity without relying on a human cyber-hunter following the steps of the attacker.

Cybereason also launched RansomFree, a free tool that works alongside any existing antivirus software. It is entirely focused on detecting and preventing ransomware infestation by looking for patterns common to the attacker’s behavior. without relying on signatures. RansomFree creates baits, or traps, such as the Documents folder. PC Magazine reviewed the product very recently. Cybereason raised $89 million from Softbank, Lockheed Martin, Spark Capital, CRV.

Read here for Zirra’s Premium Insights Report on Cybereason

Intsights:

The Israeli anti-ransomware company has raised $24 million to detect, characterize and prevent ransomware attacks, from investors such as Glilot Capital, Blackstone,  Blumberg Capital, Wipro, and Vintage. In August 2016, the company, together with Check Point, released a report on the Cerber Ransomware and its affiliates, generating $195K. According to an analysis of this weekend’s WannaCry attack, Intsights says that about $30K was paid to the attackers as a ransom.

Solebit LABS:

Solebit inspects every file before allowing it into the network, making it impossible for any stream with executable code to gain entry. This approach is innovative in that it prevents attacks through a ‘quarantine’ that does not attempt to detect suspicious motives or harmful activity, but rather simply blocks all possible problematic code. In addition, the solution does not require internet connectivity and functions without the deployment of agents in an organization or cyber-experts to oversee the system.

The patent-pending technology of Solebit’s SoleGate platform disrupts targeted attacks and malware delivery by inspecting all data and blocking data streams which contain unauthorized code making it impossible to penetrate the network, no matter how encrypted it may be. The company raised $2 million from Glilot Capital.

Read here for Zirra’s Premium Insights Report on Solebit LABS

Search for a company

Votiro:

The company fights unknown threats, while most of the cyber companies protect against known viruses and malicious code or activity. Votiro created a “content disarm and reconstruction technology”, which prevents unknown and Zero-day exploits from penetrating a system. It is doing so by analyzing all email attachments and by deleting and by cleaning these files, thereby seeking to prevent threats from entering a company’s email server. Votiro raised $14 million so far from Redfield Asset Management and private investors.

Ensilo:

The company was founded on the recognition that external threat actors cannot be prevented from infiltrating networks, and instead focuses on preventing the theft and tampering of critical data, such as log-in details, in the event of a cyber-attack. Ensilo raised so far $21 million from Lightspeed, Carmel, and Rembrandt.

Read here for Zirra’s Premium Insights Report on Ensilo

Zerto:

Zerto is a disaster recovery company that helps businesses backup and recover data using software that creates less need for physical storage. The company provides disaster recovery software for customers with data stored in both data centers and in the cloud on VMware-based virtual servers. In the case of a virus, accident, or some other problem, Zerto’s software allows businesses to access their previous data and ensure business continuity.

In the case of ransomware, solutions like Zerto allow users to roll back to a consistent point in time before the attack, and simply “erase” the attack from ever happening. Zero raised $130 million from 83North, IVP, Battery, CRV, Access, and Harmony.

Read here for Zirra’s Premium Insights Report on Zerto

Fireglass:

Founded by professionals from known cyber-security companies Check Point, Imperva, and WebSense, Fireglass developed a client-less solution which isolates browsers from web content by executing all content originating from the web in a secure environment and streaming only a visual feed to the browser without impacting user experience. The Fireglass system can protect end-users from threats including “drive-bys” and ransomware, and also works as a protection for web applications against threats such as cross-site scripting and automated attacks.

The company raised $20 million from Lightspeed, NVP, Singtel, and Trusteer’s co-founders Mickey Boodaei and Rakesh Loonkar.

Read here for Zirra’s Premium Insights Report on Fireglass

Preempt Security:

Preempt tackles the threat of credential stealing. There are many cyber security companies that analyzing credentials to ensure identity, but Preempt claims to require less human involvement and to create less hustle towards real users in an organization that change their daily behavior like going to other countries than the ones they had travelled to or working with different teams than the usual team. Preempt Security raised $10 million from General Catalyst and Trusteer’s co-founders Mickey Boodaei and Rakesh Loonkar.

 

 

Why It’s Time for Investors to Redeem Their Cyber Security Investments

Cyber security technology is one of investors’ dearest investment channels of the second decade of the millennium. In the wake of unending attacks on political bodies, the most famous and recent of them have been directed at the Democratic Party in the U.S and the French President, and on corporations such as Yahoo, Lockheed Martin, Sony, and Target.  It is undeniable that cyber tech is here to stay.

As attackers change and improve their methods to better cope with cybersecurity weaponry, new technologies are constantly being developed, thus justifying an unending wave of new startups and a massive flow of funding into them. But now that we’re a few years into the cyber trend, investors are starting to look into their books in search of a paycheck.

It is possible that this time has arrived, and the industry is going to soon witness a few interesting deals. We at Zirra, a research company focused on the private tech market, have found several indicators which support this trend:

1. The market capital of cyber companies is on the rise again: After a long “winter,” Symantec’s stock is up by 35% since January 2016, CheckPoint is up by 26% and Fortinet is up by 28%; Fireye is up finally, after a 48% cut in stock price from the beginning of 2016 to the lowest point this March. Their stock has gained about 36% since then. The last year and a half was also hard on Palo Alto Networks who has seen a gradual decline in stock price since January 2016, but in the first days of May the company’s price is up by 5%; CyberArk’s stocks, too, experiencing its best times in almost two years.

Source: Google Finance

Rising stock prices improve the appetite for acquisitions in a couple of ways: 

A general optimistic, constructive sentiment.

The acquirer can better tolerate a temporary decline in the stock’s price inflicted on it during the hours and days following a deal.

Investors can now demand higher prices for the startups they are selling, after a long period of sitting in the middle.

Search for a company

2.Too many companies were established in a very short time, but only a fraction will get acquired: There is no argument that there has been a significant amount of money invested in the cyber security segment in recent years. The number has almost quadrupled from 2012 to 2015, and is just short of $4 billion. But, it is not the total funding that worries the investors, so much as the number of companies that were funded in total.

From mid-2014, there were nine quarters in which 90+ companies were funded in each. Quarters with 100+ companies appeared five times. In comparison, the hot area of AI surpassed 100 companies per quarter only at the beginning of 2015. But, whereas investors keep pouring more and more money into AI, that now reaches around 170 companies per quarter, cyber security had cooled down to 76 companies in the last quarter of 2016, according to CB Insights.

The funding could be well explained if there were enough exits to justify it. But after two great years, 2014 and 2015, that have produced 107 and 124 exits and 11 IPOs together, 2016 was a tough year, with only 88 exits and one IPO. Following the good news coming from New York stocks exchanges, VCs are interested in selling some of their companies, and when valuations are going up again, it will be easier to do so.

Source: CB Insights

Oren Bar-On, senior partner at EY, told the press that 2017 is going to be harsh on many startups in the cyber security industry. Startups that had raised small financial rounds of $1-2 million in the last two years will find it quite challenging to complete bigger rounds now. Therefore, it’s possible we’ll see a good deal of small and medium sized acquisition deals.

Who will be the next cyber company to be acquired? Zirra put together a list of some of the most interesting cyber security startups. Click on their names to get the full Premium Insight Reports.

Search for a company

TrapX is a deception-based security firm that detects, analyzes and defends new zero-day and APT attacks in real time.

Inpedio offers mobile security solutions through Mercury, its flagship solution, using multi-layered deep defense security that covers the device, network connectivity, and communications from within

Tufin automates and accelerates network configuration through security policy orchestration. The company’s proprietary technology enables IT organizations drastically to reduce the time and cost to implement network changes. Specializing in the management of firewalls, routers switches, and load balancers, Tufin also allows customers to automate daily configuration changes to all network security devices.

Upguard, formerly known as ScriptRock, has developed the Cybersecurity Threat Assessment Report, that provides in-depth and actionable intelligence on the preparedness for enterprises. UpGuard allows the user to monitor all server, network device, and cloud app configurations.

Alcide is planning to build a network security platform from the ground up for modern, large-scale data centers that leverage multiple technologies and micro-service architectures.

Ensilo was founded on the recognition that external threat actors cannot be prevented from infiltrating networks, and instead focuses on preventing the theft and tampering of critical data in the event of a cyber-attack. It is doing so by blocking in real-time ant data-related malicious activity.

Endian provides open source network security and remote connectivity solutions under their brand: Unified Threat Management. The system, comprised of hardware, software and virtual appliances provides gateway security that includes firewall, VPN, web and email security services to networks in all sizes.