As startup Taasera opens its doors today, it is launching software designed to detect zero-day attacks — threats from malware that exploits a previously unknown application vulnerability. Financial services companies are primary potential customers.
This company has several things going for it. It acquired its technology from a government lab and it's already being used by DARPA and the Department of Homeland Security. Gov. Tom Ridge, former Secretary of the Department of Homeland Security, is chairing its advisory board. Taasera has access to threat intelligence data from a relationship with research company SRI. It owns software company TaasWare, whose head, Srinivas Kumar, is now Taasera's CTO. The startup's CEO is Scott Hartz, former CEO of PricewaterhouseCoopers Consulting.
To understand zero-day threats, the company pulls anonymous information about attacks on different business sectors. "We can tell you that Russia is the country that is most prevalently attacking the financial services vertical market," says David Nevin, vice president of corporate development. "China is the largest propagator of malware into the U.S. government." Taasera is making such threat lead content available through a partnership with Dunbar's digital security practice, Dunbar Digital Armor.
The software Taasera is introducing today looks for advanced malware inside an enterprise's network or on its customers' (or employees') devices. Software agents look for patterns in traffic or specific activities that are considered malicious. When forensic confidence is high enough, the financial institution is alerted.
By the end of the first quarter, the company will have software for Android devices that will detect malware on a device that may be requesting to connect to a large financial institution, either to check a balance or make a transfer. It will be able to tell the financial institution that the device is not secure enough to make banking transactions.
The company sees financial institutions as its primary customers. A medium-sized bank would pay roughly $100,000 for the software. Banks could integrate the software with their mobile banking apps, or ask customers to download it on their own.
What Taasera does that is different from other security software, according to Hartz, is sophisticated behavior analysis. "We're asking, what is this thing doing inside the system? Is it doing something suspicious?" he says. "The most suspicious kind of activity is taking information and sending it outside somewhere else, wherever the bad guys are. To the extent we can identify those bad behaviors we are unique from anything else. And the fact that we get enough evidence to block attacks effectively in real time, to keep a breach from occurring."