Morphisec randomizes the way apps or programs load into a computer’s memory, making it difficult for malware to recognize applications. With software like web browsers or Flash unrecognizable to malware, that malware can’t take root and open a given app to attack.
Morphisec, an Israel-based “polymorphic” cybersecurity company, announced $7 million in Series A funding on Tuesday to launch its new product in early 2016 and to expand marketing staff abroad. The round was led by JVP (Jerusalem Venture Partners), GE Ventures, Deutsche Telekom, Portage Advisors llc., and OurCrowd according to a press release.
The company claims to be at the forefront of a method of security that utilizes the same tools as attackers to defend apps and programs in real-time by randomizing the way programs open into a system’s memory.
“We’re completely deterministic. What we do is we make the memory space unpredictable to the attacker, Chief Business Officer (CBO) Omri Dotan told Geektime. “We don’t change the app or its data or the database. We are making the memory space totally unpredictable every time the app loads (for example when you double click on a PDF reader) and it will be completely different for instance.”
Preventative cybersecurity on the rise
Preventative cybersecurity has earned major investments, especially in the wake of last year’s hack of Sony’s corporate system. This year has seen acquisitions like PayPal’s $60 million buyout of fellow JVP-funded startup CyActive. Other solutions try to protect multiple devices at the source point, such as router-based CUJO.
Dotan claims this is a method that is used constantly, employing a mix of “mutations, obfuscation, and encryption and all sorts of polymorphic tools” to disguise the method of attack. Morphisec is constantly operating, not waiting to detect an attack before employing the same measures. At the same time, Dotan claims the technology can record the “fingerprints” during a hack, rather than just recognizing an attacker’s “signature” after the fact.
Attacks typically depend on penetrating software like web browsers, PDF readers or Flash with malware (termed “exploits” in the industry) and then exploiting them with so-called ‘water hole attacks,” which use that malware as a gateway for an easy attack.
“The attacks show up differently every time, but we do something similar to the target. Within one second the attack is irrelevant.”
“Because we catch it so early, we get all the information — all the information — about the attack that most systems lose today because hackers erase their histories.”
Dotan says that his company is trying to pioneer “moving target defense” in cybersecurity, which he claims is only being used by one other organization or agency in the world: the US Department of Homeland Security.
“In the ‘what,’ there are quite a few competitors but in the ‘how’ there are not. All these guys fall into the realm of statistical systems,” he says, claiming that many predictive analysis solutions are just rehashing the “same old game” but not actually changing the ground rules on the field.
The company was founded in 2014, won JVP’s first ever $1 million cyber security competition last year as well, and is led by CEO Ronen Yehoshua and CBO Omri Dotan. The company plans to launch its solution in the first few months of 2016.
Featured Image Credit: arda savasciogullari / Shutterstock