Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

12/10/2014
05:00 PM
Sara Peters
Sara Peters
Quick Hits
Connect Directly
Twitter
RSS
E-Mail
100%
0%

Ex-NSA Agents' Security Startup Lands $8 Million In Funding

Area 1 Security, launched in May, uses behavioral data to stop early-stage attacks from going further.

Area 1 Security, a security startup created by three ex-NSA agents and pros from Disney and MIT, landed $8.5 million in its first round of funding today. The company launched in May with $2.5 million in seed funding.

The company's sweet spot is early-stage targeted attacks. It identifies malicious activity quickly, assesses it to determine which may pose the most sophisticated threat (for example, which has been launched by a nation-state), and stops attackers in their tracks before they can do real damage.

Area 1 does this through behavioral analysis. It collects data from a platform of sensors and looks for any abnormalities -- timing, content, user interaction, method of delivery, or anything else that might raise eyebrows or red flags.

"It's very hard to pretend to be normal," says Oren Falkowitz, founder and CEO of Area 1. No matter how clever an attack is, there are real people behind it, crafting a phishing message, making a plan, and unconsciously doing all sorts of subtle things that give them away.

Conventional security measures tend to discover attacks by looking for malware residue, so attackers can compromise an organization and lurk within it for 229 days, on average, before they're discovered, says Falkowitz. Area 1 Security's technology can shorten that time to discovery to minutes or hours.

The service doesn't stop there, though. Once it has given the company the bad news, Area 1 helps it decide how to remediate the problem. The new funding will largely go to improving that capability and making it more adaptable and user-friendly, says Falkowitz.

Since it launched, Area 1 has expanded from a team of five to a team of 13, adding talent from FireEye, Cisco, and others with strong operational experience in security. In response to comments that the recent mammoth attack on Sony was "unprecedented," Falkowitz dismissed that description. "Our team has seen these things before."

The Area 1 technology is not yet commercially available, but it is running a pilot program at a large financial institution.

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Thomas Claburn
100%
0%
Thomas Claburn,
User Rank: Ninja
12/10/2014 | 6:15:30 PM
Pro or con?
So does the involvement of former NSA employees mean this software will be more secure, less secure, or about the same?
geriatric
50%
50%
geriatric,
User Rank: Moderator
12/11/2014 | 7:27:50 AM
Re: Pro or con?
Ha-ha! My thoughts exactly. And just exactly why is 'ex-NSA' considered a selling point?
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
12/11/2014 | 9:23:02 AM
Re: Pro or con?
Why is 'ex-NSA' considered a selling point?
Not necessarily a selling point, just a point of information. It's up to the customer to make the judgement of valuable or not, @geriatric. Then again, perhaps even the world's most notorious ex-NSA'er (Edward Snowden) will one day have a comeback in a commercial venture, a la Kevin Mitnick! Stranger things happen.
ODA155
100%
0%
ODA155,
User Rank: Ninja
12/11/2014 | 10:41:11 AM
Re: Pro or con?
"Area 1 does this through behavioral analysis. It collects data from a platform of sensors and looks for any abnormalities -- timing, content, user interaction, method of delivery, or anything else that might raise eyebrows or red flags."

Am I understanding this correctly, the computer you're using, as well as other "sensors" around the network would be spying on me... and I would have to agree to that as part of my job? It's hard enough to find a competent candidate for any specific job, good luck findin one who wants to work under those conditions.

Maybe they should have had that at the NSA then maybe GB's of data would not have walked out the front door.
Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust Company,  2/19/2020
44% of Security Threats Start in the Cloud
Kelly Sheridan, Staff Editor, Dark Reading,  2/19/2020
Ransomware Damage Hit $11.5B in 2019
Dark Reading Staff 2/20/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5524
PUBLISHED: 2020-02-21
Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands with root privileges via UPnP function.
CVE-2020-5525
PUBLISHED: 2020-02-21
Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via management screen.
CVE-2020-5533
PUBLISHED: 2020-02-21
Cross-site scripting vulnerability in Aterm WG2600HS firmware Ver1.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2020-5534
PUBLISHED: 2020-02-21
Aterm WG2600HS firmware Ver1.3.2 and earlier allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via unspecified vectors.
CVE-2014-7914
PUBLISHED: 2020-02-21
btif/src/btif_dm.c in Android before 5.1 does not properly enforce the temporary nature of a Bluetooth pairing, which allows user-assisted remote attackers to bypass intended access restrictions via crafted Bluetooth packets after the tapping of a crafted NFC tag.