With all the cyber-defenses available today — many of them developed in Israel — hackers have to think differently if they want to get through to a high-value target, like a bank, utility, or government site. ThetaRay CEO Mark Gazit says his start-up is dedicated to finding and stopping them.
Since ThetaRay has an effective technology to find these unfindable hackers, investors at General Electric (GE), along with investors at Jerusalem Venture Partners (JVP) and Poalim Capital Markets, among others, are pouring $10 million into ThetaRay, which was established just last year.
While most people associate hackers with “script kiddies,” who copy and paste exploits and try to run down sites by overloading them with connection requests via denial of service (DDOS) attacks, or to deface web sites with their messages, “real” hackers have much more sinister agendas. Hackers who are able to breach financial organizations could steal millions with the click of a key, and terrorists could take control of an electrical grid or water distribution system.
“Hackers are always looking for backdoors,” said Gazit. “They penetrate systems using various methods, like spear-phishing schemes,” in which hackers search for a “weak link,” matching an email message with a potential victim who is vulnerable to threats, rewards, fear or other psychological tactics to get the victim to click on a link or open a document that will install malware giving them access to data.
“Once they penetrate a system, they can put any kind of malware they want into it, turning it into their own little ‘playground.’ installing anything they want,” he said. “Meanwhile, information continues to flow through the system, and it’s all exposed to hackers’ whims.”
For critical systems like infrastructure, that could be highly dangerous. It’s chilling, said Gazit, to think that hackers could get control of electrical or water grids. Since the malware could operate in one of any number of different ways, administrators would not know that something was wrong until something bad happened — such as, for a bank, hackers stealing large sums of money, or, in the case of an electrical grid, until the power stops flowing.
The best way to deal with the threat, said Gazit, was to look at the overall picture in a system, and try to figure out what “doesn’t look right. Our system checks for anomalies both inside and outside a network, evaluating what would be considered ‘normal’ in an organization and what would be anomalous.” Anomalies could include increased activity inside a network, or greater than usual requests for communication resources outside a network. Those anomalies, for example, showed up on systems that were plagued with the Stuxnet virus, which wreaked havoc with Iranian nuclear centrifuges, even as it indicated on the system’s screen that everything was running smoothly, said Gazit.
To arrive at its conclusions, ThetaRay examines lots of data — “the more the better. We check for anomalies in the huge amount of data we process, looking for patterns of activity that should not be there,” said Gazit. Data is taken from all input sources — email, web connection data, log files, sensors, cameras and microphones — comparing the activity with expected patterns. He said the models were developed over a period of seven years by top graduates of the IDF’s security tech Unit 8200 group, and top professors from Tel Aviv University and Yale University.
The system will be especially effective in defending infrastructure, investors believe. “We are impressed by ThetaRay’s ability to generate breakthrough ideas and develop them into real-world customer solutions,” said Brett May, head of venture capital and business development at GE Software. “The company’s unique security analytics, developed over 10 years of innovative academic research, have the potential to significantly enhance and help protect the industrial Internet.”