A software company co-founded by a Calgary developer has officially launched a new threat detection solution, saying it can give real-time detection, context and mitigation for malware attacks.
San Jose, Calif.-based Cyphort Inc. said Tuesday its Advanced Threat Defense Platform is now available for commercial purchase, combining behavioral analysis and machine learning to help security teams quickly determine the existence and severity of an attack, judge the risks and find a solution.
“We have some advanced capability that will find malware that might evade competitor’s products,” Shel Sharma, Cyphort’s director of product marketing, said in an interview.
“We allow customers to deploy our product deep and wide in their network,” he said. All of the data on a threat is put into context – who it targets, how it affects the organization and possible mitigation techniques, he added. And the cost of the solution is reasonable.
Sharma said Cyphort’s main competition is a threat prevention solution from FireEye
The Linux-based software appliance runs on x86 severs and works in VMware environments. Pricing is based on the amount of bandwidth an organization wants to protect, regardless of the number of locations. It starts at US$27,500 for 100 Mbps and goes up from there.
Cyphort’s co-founders are Canadian Ali Golshan, the company’s CTO, who has worked on cyber research team for U.S. intelligence agencies; and Fengmin Gong, a co-founder of Palo Alto Networks, which makes next generation firewalls and chief scientist at FireEye.
Sharma said that in the near future Cyphort ATDP will integrate with firewalls from Palo Alto and Cisco Systems Inc.
Cyphort hasn’t been working quietly until now. The company was a finalist in RSA 2014’s innovation sandbox competition and has a “handful of paying customers,” said Sharman.
Founded several years ago, it is only coming to market now because last year there was a management exodus for everyone except the co-founders. The CEO now is Manoj Leelanivas, former executive vice-president of sales at Juniper Networks.
The Cyphort ATDP places data collectors at various locations on the network — including branches — and extracts suspicious objects including .exe, PDF, JavsScript and text files, along with their metadata and puts them into three sandboxes. This data is then analyzed on the spot and the results — such as what the file is capable of doing — is presented to a security team for action. It also recommends mitigation steps — update AV signatures, change firewall or gateway policies et ectera. There are also tools that identify what devices are already infected.
There is an open API that allows developers to integrate ATDP with applications including help desk systems, incident response software or firewalls. An update will be released in April with integration built-in for a number of these applications to make threat response more automated.
For the time being Cyphort is being sold direct from the company. However, over the next 12 months it will be looking for security system integrators to carry the solution.
The bot threat
Some of the most serious threats networks face today are "bots," remotely controlled robotic programs that strike in many different ways and deliver destructive payloads, self propagating to infect more and more systems and eventually forming a "botnet."