All you need to know about malware, according to Itay Glick, CEO of Israeli cyber-security start-up Votiro, is that 91% of it is delivered by email or through downloads. “Hackers and crackers have had overwhelming success by attaching malware to pictures, documents, web links, and anything else that is delivered by email.” The best way to prevent users from clicking on these malware-spreading attachments and links, he said, is to prevent them from getting to the user in the first place — “which is what Votiro does,” Glick added.
Despite the constant exhortations by security personnel, workers at businesses large and small continue to click on infected attachments and links, exposing their organization’s data to the lowest of low-life data swipers. In other words, current deterrence practices just aren’t cutting the mustard for many organizations’ security needs.
For some, the “thrill of the unknown” is just too great — they absolutely must know what lies behind that bombastic message title promising juicy information, while for others, it’s a matter of being “too busy” (or too lazy) to exercise caution.
Which is why Votiro takes a totally different approach to cyber-security, said Glick. Instead of relying on the security-consciousness of workers, Votiro “sanitizes” links, attachments, email messages, downloads, and any other form of data that enters an organization’s servers via the Internet. “Our technology detects anomalies in messages, files, and downloads, and if anything is suspect, our system prevents it from getting onto a live server,” said Glick.
Suspicious email messages aren’t always dubious at first glance; many infected documents look like real documents that someone in an organization would probably get as a matter of course during the workday; in fact, many of them may be actual organizational reports or documents that a hacker loaded with malware. That, in fact, is exactly what appears to have happened at Israel-based security organization RSA in 2011, when hackers got access to the company’s servers.
According to security researchers, the malware that enabled hackers to get to the data they wanted was included in a document that was attached to an email message titled “2011 Recruitment plan.xls” — just the kind of thing someone in the HR or accounting department would expect to receive. “The email was crafted well enough to trick one of the employees to retrieve it from their Junk mail folder, and open the attached excel file,” RSA wrote in a blog post.
It’s the kind of thing that happens daily at companies large and small, said Glick. Even checking out where the message was sent from doesn’t always work, because skilled hackers can even get into an employee’s email account and send the malware from there, so the message looks and feels totally legitimate, he added.
To prevent this, companies can use Votiro’s Secure Data Sanitization (SDS) system, which evaluates incoming traffic, thoroughly examining anything that comes into an organization’s network for anomalies — bits and bytes that are not consistent with the file type a file claims to be (extra bytes in a Word file, for example, could mean that a Word macro virus is present). Votiro’s sanitization service is meant to sit on a device (like a PC) dedicated to run the Votiro system, with all data evaluated as it passes through.
More than just a sandbox or a DMZ server running an anti-virus program, Votiro’s system is in constant communication with the company’s servers, recording attempted attacks and checking on new exploits as they come in, said Glick, and boast many other features as well. “So far we have been able to mitigate nearly all the new, zero-day exploits that have appeared on the web that have tried to attack our clients’ servers,” Glick added.
While there are other security as a service (SaaS) solutions on the market that are similar what Votiro is doing, not all of them are as popular. According to Glick, the company counts among its dozens of customers many of the largest companies in Israel, including “most government agencies in Israel, pharmaceutical and aerospace companies, and a national energy company,” which he would not name — as well as large companies in the US, many with 10,000 employees and more.
To show off its technology, and to “give back to the community,” said Glick, the company has set up a free online sanitizing service where anyone can upload suspicious documents for evaluation. “The new service allows organizations to experience the strengths of our sanitization process and understand the overall benefits of our Secure Data Sanitization solution,” he added.
Established in 2009 in Tel Aviv, the privately-held company, unlike many other security start-ups, makes money. Even though, in terms of its age, Votiro should be considered a start-up, “we really aren’t,” Glick said. “There’s a big difference between a start-up that survives on venture capital, and one that is revenue-based, like us. I guess that makes us an enterprise.”