Researchers raise more than two million dollars to rethink cybersecurity

July 28, 2016, Ecole Polytechnique Federale de Lausanne

Is antivirus software already dead? That's certainly what George Candea believes, and he's not the only computer security expert who says so. "Large enterprises and government agencies often deploy antivirus software to satisfy legal obligations or to meet contractual requirements, not because they really believe that the software can defend them," says George Candea. Together with some of his former PhD students, the EPFL professor founded Cyberhaven, a startup that is developing a brand new approach to computer security. And their results are promising. In a third party test, their solution warded off all 144 cyber attacks that had been hand-crafted by professional penetration testers, whereas so-called heuristic modern security products caught just over 20 of them. As for the best classical antivirus software tested, it only caught one. "I think it just got lucky!," muses the researcher.

Since it was founded in early 2015, Cyberhaven has had revenues of 640,000 dollars. This is encouraging for such a young company, and it enabled them to raise more than two million dollars in a first round of financing from Accomplice, one of the most active early-stage venture capital firms on the US East Coast. Cyberhaven will use the funds to set up its office in Boston and fuel the growth of its R&D team in Switzerland, at the EPFL Innovation Park.

Cyberhaven's solution is marketed mainly to enterprises and , which are all targets of sophisticated cyber attacks. Cyber criminals develop targeted malware that is unique to each of their attack campaigns. As a result, most of today's are not effective against such new attacks. So organizations try to have defense perimeters within defense perimeters to build up so-called "defense in depth." "Information security officers eventually reach the point where their infrastructure is so complex that they simply cannot manage it anymore," says George Candea.

Defending "data in operation" against attack

The team of EPFL researchers developed a completely novel approach to defend sensitive documents against in a way that significantly simplifies an organization's security infrastructure. The approach complements what is perhaps the most effective security tool today, namely encryption - available in a wide variety of programs we use daily, including Microsoft Office.

Alas, encrypting documents is not enough to safeguard them. When opening an encrypted file, such as a text document, the application must first decrypt it in order to operate on it. As a result, the document's data is exposed. By exploiting vulnerabilities in applications like the Word text editor, malware hijacks them and steals all the documents that the application can access and decrypt. This is a real Achilles' heel of enterprise security, and encryption cannot solve it.

Cyberhaven's solution safeguards sensitive documents together with the relevant applications in a safe haven. "Only documents that are safe for these applications can enter the safe haven, and that also protects the integrity of the applications. Our defense technology is based on deep application analysis and has nothing to do with heuristics-based solutions that try to guess malicious behavior. We literally analyze every instruction, we never guess." Developing the technology took seven years of research at EPFL and is protected by four EPFL patents that have been licensed to Cyberhaven.

Neutralize malware instead of trying to keep it out

Unlike traditional defense techniques, Cyberhaven does not aim to keep all malware out of the enterprise but instead prevents it from acting. "Instead of building a fortress with many weak walls, we protect individual workflows that correspond to users' activities, such as the preparation of a quarterly financial report or the negotiation of a new inter-governmental agreement. By combining document encryption with Cyberhaven, it will no longer be necessary to use dozens of different security products to protect yourself; this will make your security infrastructure simpler and stronger."

"Expanding into the USA enables us to continue growing in Switzerland"

According to George Candea, fundamental academic research with novel perspectives is required to solve today's computer problems. "Sometimes the industry can be stuck in a rut, so I believe it is up to researchers to rethink the problems from the ground up and come up with solutions." And, to fulfill their mission, this team of researchers is taking the execution of their vision in their own hands: Cyberhaven's leadership is entirely composed of former PhD students from George Candea's lab at EPFL.

Cyberhaven now has eight full-time employees in Switzerland. One of the co-founders, Vova Kuznetsov, has taken over the reins and is setting up the company's headquarters in Boston. "Switzerland has exceptional talent and quality infrastructure, but it is also a small market. By expanding into the US, we make it possible to grow our R&D in Switzerland, explains George Candea. And the US is not just a huge market, it is also an opportunity to compete with the very best, and that pushes us to become better."

Explore further: Is it time to uninstall antivirus software?

Related Stories

Is it time to uninstall antivirus software?

June 30, 2016

For years everyone has been told that they should run antivirus software on their computer for the best possible protection against the ever growing tide of viruses, trojans and general malware on the Internet.

Closing a malware security loophole

December 7, 2015

An add-on for antivirus software that can scan across a computer network and trap malicious activity missed by the system firewall is being developed by an international team. Details are reported in the International Journal ...

A digital safe for sending confidential documents

October 3, 2014

To secure the storage and transfer of documents, two post-docs at EPFL have recently developed three solutions. The solutions use encryption to render documents inaccessible to anyone who does not possess the secret code ...

Software engineers create new defense to protect Tor users

June 24, 2016

Researchers from TU Darmstadt developed successfully in collaboration with the University of California Irvine a new protection for Tor users. "Selfrando" strengthens the Tor Browser against attempts to hack and de-anonymize ...

UK to double funding to fight cyber-attacks

November 17, 2015

Britain on Tuesday said it will double its investment in cyber-security to counter threats including from the Islamic State group, in the wake of the Paris attacks claimed by IS.

Recommended for you

Semimetals are high conductors

March 18, 2019

Researchers in China and at UC Davis have measured high conductivity in very thin layers of niobium arsenide, a type of material called a Weyl semimetal. The material has about three times the conductivity of copper at room ...

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.