31 Dec 14. DARPA-funded company enters commercial market. A company that grew out of government-funded research, and which has been further funded by DARPA, is taking a cybersecurity mobile app to the commercial market. The mobile security application archiving application, developed with DHS funding, is to be commercialized by the company, called KryptoWire. DHS granted George Mason University $250,000 to create the system, according to the Washington Post. The original goal was to allow government agencies maintain an inventory of apps that they had examined for security compliance. Now the department has approved more funding for the company, which spun out of the research project. “We are excited to facilitate the transition of this technology into the marketplace where it will benefit consumers,” said Cyber Security Division Mobile Security Program Manager Vincent Sritapan, quoted in a DHS announcement. “This innovative technology will help identify safe, vetted apps that users can choose from while ensuring their digital security.”
Kryptowire, based in Fairfax, Virginia, has also received funding from the Defense Advanced Research Projects Agency. It counts the Justice Department among its federal government customers, but it also serves entertainment and gaming companies, the Post reported. (Source: C4ISR & Networks)
01 Jan 15. Cyber security groups use fake computers to trap hackers. A new breed of cyber security company is trying to lay traps to catch hackers and prevent damage, as old ways of preventing attacks are failing. High-profile attacks on companies including Sony Pictures, JPMorgan and Home Depot last year, among hundreds of others, show hackers have become master hurdlers, able to jump both the firewalls erected around a corporate network and internal fences. But companies are starting to use new approaches to deceive cyber criminals into attacking fake computers — complete with decoy software and files — to trap them. Hackers will be easy to spot because there is not meant to be any activity on the computers. Security experts can then watch their behaviour to understand exactly what they are searching for and perhaps even who they are, so they can inform other threat detection systems. A cyber security business that is part of this new wave is TrapX, an early stage Israeli start-up that launched its technology in the US last month, working with customers in the financial and retail sectors. It is suitable for the age of cloud and mobile computing that makes it easier for attackers to find a way into a network. Carl Wright, executive vice-president and head of sales at TrapX, said the goal is to “bring back the doctrine that has existed since the beginning of warfare: deception”. Current cyber security defences are no longer suitable to defend against increasingly sophisticated hackers. “It is as if we’re back in the 1500s with a castle that has a moat but our adversaries have aeroplanes and can parachute down,” he said. Funded by BRM Capital, an Israeli venture capital company, and Silicon Valley-based Opus Capital, TrapX intends to broaden the scope of its fake environments next year, enabling customers to upload their own tables and data to trick intruders. Mr Wright said TrapX software would have detected the cyber criminals who attacked Sony Pictures, where hackers are reported to have destroyed data on the computers before the company realised what was going on. Mr Wright said if any had issued orders to delete files on a decoy computer, they would have been caught immediately. GuardiCore, another Israeli start-up, is using similar traps on servers in data centres, and Juniper Networks, the well-established US company, is working on what it calls “active defence” technologies following its acquisition of Mykonos software in 2012. Lawrence Pingree, an analyst researching the cyber security industry at Gartner, said “deception as a defence strategy” would be a “trend of the next year”. He s