Cyvera is one of several computer security companies coming out of Israel. But unlike many security vendors — which track and monitor digital signatures of malware and then look for those known threats to come in — Cyvera, which runs below the end-point operating system, is more about deception and blocking any threat, known or unknown. That, says company co-founder and co-CEO Netanel Davidi, means it can, in theory, deal with zero-day threats — those that attack unknown vulnerabilities and are thus extremely dangerous.
To prove its point, Cyvera is launching TRAPS XP, to secure hundreds of millions of Windows (s MSFT) XP machines still in use. The product launches this week. Microsoft has set April 8 as the end-of-life date for supporting the 13-year-old operating system. As of January, researcher NetMarketShare estimated that Windows XP still held nearly 30 percent of client OS market share — running on an estimated 500 million machines.
Perhaps of most concern, a whopping 95 percent of the world’s ATMs still run Windows XP at their core, an NCR executive told Businessweek last month, although Microsoft plans to keep supporting “embedded Windows XP” systems like ATMs until 2019.
Cyvera is all about unknown attacks and attackers. Unlike other security options, it does not look for known malware signatures. Instead, using APIs, it “pre-allocate[s] into memory, under the OS, in a way that the attacker must encounter to compromise the machine,” said Davidi (pictured above, to the left of the company dog). Then it keeps the attack from happening. It’s sort of like a computer version of entrapment.
An analogy to the world of physical security: building owners deploy surveillance cameras which can be disabled and thwarted. Cyvera’s approach is more about trickery and deception. “It’s like we paint many windows on the building and move them around. Or if an intruder can climb a fire escape, we electrify the fire escape.” Cyvera’s promise is that the attack can be initiated and stopped in its tracks before it can do harm.
Another Cyvera product, Reflector, can capture all the data about the attempted attack and perform post-attack analysis in a segregated sandbox, to figure out as much as possible about what the attacker was looking for and to learn from that.
Competitors include Bromium, which encapsulates attacks using technology at the chip level. Cyvera, however, can run on older machines — including those with only 1 GB of memory — and it is those un-updated legacy machines that are most at risk of attack. Microsoft clearly wants XP users to upgrade to Windows 7 or 8, but there seems to be a lot of inertia, to say the least.
The thinking at Cyvera is that if it can prove to users that it can secure even an old OS running on aging machines, it’s a safe bet to use on their modern endpoints as well.
If Cyvera, based in Tel Aviv and San Francisco, sounds familiar, it’s because it is reportedly close to being acquired by Palo Alto Networks, something Davidi would not discuss, but which makes sense. (Palo Alto Networks did not respond to request for comment.) The company has raised about $13 million in venture funding.