n the fight against sophisticated cyber attacks, corporate America’s best future hope might be a good counter-punch.
Successful intrusions into the computer systems of Fortune 500 companies are fast becoming routine, something any consumer who’s had their retail credit account hacked can tell you.
The pain is also being felt in the corner office, as the magnitude and handling of a customer data breach at retailing giant Target earlier this year cost former CEO Gregg Steinhafel his job.
Target is far from alone in losing a battle with professional hackers, which suggests to some security software experts that preventing damage once an intruder is inside a network is becoming more important than keeping one out in the first place.
“These are commercial syndicates of attackers, (with some) attacks sponsored by nation-states,” says Orion Hindawi, chief technical officer of software start-up Tanium.
No longer teenagers inserting code as part of a stupid prank, the best hackers today are often employed by professional bad guys who buy and test commercial security software for weaknesses.
They also have the resources to debug their own harmful code before attacking with it, says Hindawi, a former CTO at BigFix, which was acquired by IBM for $400 million four years ago.
The proliferation of mobile devices and their increased integration into businesses — as workers take their smartphones and tablets to work — is making it even tougher to keep corporate networks secure.
So rather than focusing software development primarily on keeping out malicious code, Tanium and other upstart software makers are focused increasingly on finding and neutralizing it quickly once it’s penetrated a network.
“Our customers are starting to realize that (malware) is going to get through,” he says. “Now, it’s about minimizing the damage.”
The marquee venture capital firm Andreessen Horowitz agrees.
In June, it invested $90 million in Tanium — the company’s first venture investment.
It was the second-largest funding round ever for the brash VC firm founded by two software pioneers in 2009.
Tanium was founded in 2007 but didn’t launch its product until 2012, according to Hindawi.
It now counts half of the Fortune 100 as customers after revenue exploded six-fold last year, Hindawi says.
Another stealthy start-up that’s taking a new approach to security software is Palantir, of Palo Alto, Calif.
The data-analytics company, co-founded in 2004 by former PayPal executives Joe Lonsdale and Peter Thiel, counts the FBI, government agencies and big financial services firms among its clients.
On the cyber-security section of its Web site, the secretive firm says its software “is designed to solve the hardest, messiest data problems in the world,” including protecting corporate data from undetected threats.
Its software, which uses sophisticated algorithms that analyze the data flowing on networks from both traditional software and mobile apps, is capable of “uncovering malicious behavior at petabyte scale” and was reportedly used by the CIA to help find Osama bin Laden.
Palantir, which a decade ago received funding from the CIA’s venture investment arm, Q-Tel, was valued at close to $10 billion in its last round of private investment.
Half a world away, in the city of Prague, yet another security software firm that’s been around even longer than Palantir is focused on using new techniques to keep malware-laden apps and Web pages from harming consumers.
Avast, founded in 1988 by two Czech computer researchers, is now used by more than 200 million people around the world to detect viruses on PCs and mobile devices.
The company’s products are designed to do far more than just keep out hackers with a traditional firewall.
“The days of (using) digital signatures are long gone,” says Avast CEO Vincent Steckler, a former senior executive with security-software giant Symantec.
“It’s all about heuristics (sophisticated algorithms) and beyond now,” Steckler says.