Join Our Breach Prevention Program 

Start with a Free Dark Web Scan and Baseline Security Assessment. Your Protection is on Us!

Tech Insights


Contributor Columns on Information Technology and Security

Startup Invincea Seeks to Revolutionize Cybersecurity With Its' 'Secure Virtual Container'

As anyone who works in enterprise IT is surely aware, IT specialists are facing unprecedented security threats today. From spear phishing to watering holes, the bad guys book of tricks to entrap unwary employees is growing. One startup that is taking a unique approach to helping IT departments protect their enterprise's networks is Invincea. I thought they had a very interesting story to tell, and Steve Ward, Invincea's VP of Marketing, was kind enough to spend some time going into detail on Invincea's technology.

IT Specialist:  Thank you for joining us today Steve. To start with, can you provide our readers and overview of the background of Invincea’s founders, and your team's inspiration for launching Invincea? As I gather, there is a DARPA connection there? 

Steve: Thank you for having me today Josh. You are correct about the DARPA connection. Our founder and CEO Anup Ghosh does indeed have a DARPA connection . Prior to founding Invincea, he was a Program Manager at the Defense Advanced Research Projects Agency (DARPA) where he created and managed an extensive portfolio of cyber security programs. In addition, many members of our senior executive team – including myself – have a background at a cybersecurity company called NetWitness. When we understood what Anup was doing at Invincea, we were quite excited and quite a few of us moved over here.

IT Specialist: How does Invincea view the overall cybersecurity environment today? Is it as bad as it appears, or is some of this over-hyping by the media? 

Steve: Believe it or not, but the overall cybersecurity environment is actually worse than it seems. In addition to what you may hear in the media, this is just capturing a sliver of the cybersecurity breaches that are occurring. And even more than that, there is a high likelihood that there are way more breaches occurring that are not even being detected. 

The traditional paradigm for cybersecurity is to investigate and control breaches once they are detected – almost like a crime scene forensic investigation. At that point, action is taken to fight off and control the breach. Invincea, however, believes that this is the wrong approach to security. We believe that the focus should be on prevention, i.e. cybersecurity should be like a border guard, preventing the breaches from even occurring to begin with.A particular weakness in the industry is end-point protection, and this is where Invincea is focused – protecting the end-point and preventing breaches from even occurring, rather than dealing with them after the fact.

IT Specialist: As I gather, Invincea’s solution focuses on the endpoints within the network – is there a particular reason Invincea pursued the endpoint protection strategy?

Steve: Yes, that’s correct. For the last three to four years, adversaries have been increasingly targeting the actual end-user, i.e. the individual at their desk, and the technology to protect these end-points is truly antiquated. The reason hackers focus on the end-point is very simple – the adversaries have figured out that the quickest way into the network is through individual human beings.

The hackers have focused on human psychology, and figured out that people can be easily manipulated. The way the attackers manipulate individual users is actually simple – the focus is on getting them to click on links that take them to infected websites or to click on and download PDFs. 

IT Specialist: I notice Invincea highlights three threats you combat: Spear-Phishing; Watering Hole Attacks; and Attacks of Opportunity. Can you briefly describe what each of these threats are, and why enterprise IT specialists need to be aware of them?

Steve: Sure, let me briefly summarize each of these:

Spear-phishing attacks: Spear-phishing attacks are targeted, in-bound e-mails to individual users. These e-mails generally contain links to malicious URLs or weaponized document attachments as the infection vehicles. The e-mails are spoofed to make it appear as though the e-mail is from the attacker’s trusted network – a colleague, a friend or a client. Once the end-user clicks on the link or attachment, the attacker is into the network. According to Trend Micro, 91% of all Advanced Persistent Threats (APTs) involve spear-phishing, so, sadly this has turned out to be an extraordinarily effective attack pathway. 

Water Holes attacks: Watering hole attacks – or the hijacking of legitimate websites to push malware – are increasing exponentially. The difference from spear-phishing is that if spear-phishing is a targeted attack on a single individual, watering hole attacks are more broad – essentially a “one-to-many” attack strategy. In the case of watering holes, the attackers seek to go after large communities of interest – whole industries/groups of industries, government agencies, etc. – with the intent of breaking in to as many organizations as possible. 

Watering hole attacks are two pronged. First the adversary injects malware into a legitimate website without the property owner knowing and then the malware lays in wait for unsuspecting users to browse to that site.These attacks typically involve the use of zero-days or recently discovered exploits where patches have not yet been applied – however, they also take advantage of bad patching hygiene to push malware against known exploits from the past. 

Let’s take an example. Let’s say you work in the aerospace industry. You have a trusted governing body that you frequently turn to for information. Your employees simply browse to that trusted website where the infection lurks and while they are gathering legitimate information from that trusted source, the adversary is attacking their machines and your network. 

Attacks of opportunity: These attacks involve hackers throwing a big net out on the web, to see what they can “catch”. Attacks of opportunity such as drive-by-dowloads, poisoned search engine results, social media worms, scare-ware and ransom-ware are nothing new- but they remain trusted tactics employed by cyber-criminals around the globe.

Again, let’s take an example. A hacker can stand up a malicious website based on what is trending in search results. For example, during Super Bowl week, the attackers might create an infected website, create a temporary but effective SEO boost, and then when the unsuspecting end-user/football fan visits the malicious site they get infected. Think about it – during Super Bowl week, many enterprise employees may want to catch up on the latest over lunch, so they visit the maliciuous site, their computer is infected, and boom – the attacker is into the enterprise’s network.

What do all of these techniques have in common? They all focus on penetration through the end-point, and that’s where Invincea’s focus lies. 

IT Specialist: Turning our attention to your product suite, can you provide an overview of FreeSpace™?  In particular, what is a “secure virtual container” that FreeSpace™ is based on and how does it work? 

Steve: Sure, let’s start with a layman’s analogy. A secure virtual container essentially creates a protective bubble around you, so while you are surfing the web you are doing so in a fully protected environment.

To take a slightly more technical definition of what we do, we are essentially creating an airlocked environment for the end-user. Malware wants to infect the Operating System, and what Invincea’s product does is create a protective wall between the applications you may be working with and the OS itself. By running attacker-targeted applications in secure virtual containers, Invincea contains all malware – whether zero-day or known – and prevents it from attacking the host operating system as a pathway for breach and lateral movement in your network. 

IT Specialist: What applications does InvinceaFreeSpace™ provide protection for?

Steve: Sure, let me summarize the applications we protect. Applications currently supported by InvinceaFreeSpace are: 

§  Internet Explorer 7 through current

§  Mozilla Firefox 10 through current

§  Adobe Acrobat Reader 9.x through current

§  Microsoft Office (excel, word, powerpoint)

§  Standard browser plug-ins (i.e. Silverlight, Adobe Flash, Java plug-in, Adobe Acrobat Reader plug-in, etc.)

§  Major endpoint security applications (i.e. Symantec, McAfee, popular DLP offerings, etc.)

All of these protected applications start normally as users are accustomed. By default, we protect the web browser (IE, FireFox, Chrome) and all of its plug-ins and extensions, the PDF reader (Adobe) and the Microsoft Office Suite (Word, Excel, PowerPoint). These applications run seamlessly within the FreeSpace™ secure virtual container without any user performance degradation. 

7.  IT Specialist: Given that much of the audience are enterprise IT professionals, can you highlight Invincea's value proposition for IT pros – essentially, how does it make their job easier?

Steve: Our solution can make life dramatically easier for enterprise and government IT departments. First of all, it is extraordinarily easy to install. 

Second, it eliminates the massive headache and work load that IT departments have to go through after a successful attack on their organization. Think about all of the steps IT needs to take after a successful penetration, especially the need to reimage all of the company computers. There is a huge time and cost savings here, which is why it makes sense to focus on preventing the attack to begin with, rather than dealing with the security breach after the fact!

Finally, Invincea’s focus on creating secure containers around the end-user eliminates fire drills IT specialists need to go through in regards to patching. As any IT pro knows, there is a constant and never-ending stream of updates about new patches that need to be installed on applications, after yet another vulnerability is detected. 

IT Specialist: Turning now to Invincea at the corporate level, I understand you recently established a major OEM partnership with Dell. Can you give us an overview of how that will work and what are the advantages of this partnership to Invincea? 

Steve: We are very pleased with our Dell partnership. Invincea’s solution is loaded onto Dell PCs directly at the Dell factory before the PC ships to the consumer. Invincea’s product is the only anti-malware solution shipped straight from factory on Dell’s commercial line of PCs. We anticipate that over the next few years, 20 million Dell PCs will have been shipped with Invincea’s solution pre-installed.

IT Specialist: Are there any customers or case studies you might want to highlight? I would imagine given the backgrounds of your team that you work with both government and commercial customers?

Steve: Our business currently is about  70% commercial and 30% government. Currently 11,000 organizations are using Invincea, and our growth has been astronomical. Just to take one example, on the commercial side one excellent customer has been Boston Financial – you can read their case study here.

IT Specialist:  How much capital has Invincea raised so far, who are your core investors, and what drove them to make a commitment to Invincea?

Steve: We have raised approximately $26 million to date total, and we just completed a $16 million Series C round. Our Series C was led by Dell’s VC arm Dell Capital, as well as a firm called Aeris Capital. We had additional participation from our existing investors Grotech Ventures, Harbert Ventures, and New Atlantic Ventures

IT Specialist: Finally, for customers who might be interested in working with Invincea or trialing your technology, what is the best way for them to engage with you?

Steve: We are happy to do free trials and demos and run free proof of concepts and you can also contact us at our head offices in Fairfax, Virginia, right outside Washington, DC.



Showing 0 Comment

Comments are closed.