Check Point, the Israeli cyber-security company that invented the firewall, on Thursday announced that it was acquiring another Israeli cyber-firm, start-up Lacoon. The deal, according to industry sources, is worth some $80 million.
With Lacoon, Check Point hopes to increase its presence in the mobile world. While the company has mobile protection products already, it does not dominate that business the way it does the server business, where corporate networks require the firewalls Check Point is known for.
Laccoon uses a behavior-based model to detect anomalies – behavior that is atypical and indicates that malware and viruses are present – and can immediately shut down a connection to a user whose device is misbehaving. Users whose devices have malware, viruses, trojan horses, and other undesirable features are thus kept off the corporate network, preventing them from spreading their malware to others.
As a result, the company claims, it can detect malware where other systems can’t – even on its first day “in the wild.” Lacoon proved its case in Hong Kong last October when it reported that its system had detected a new piece of spyware aimed specifically at protesters who were demanding democracy and free elections. The malware, said Lacoon researchers Shalom Bublil, Daniel Brodie, and Avi Bashan in a blog post, was apparently released by China itself. “The fact that this attack is being used against protesters and is being executed by Chinese-speaking attackers suggests it’s the first iOS trojan linked to Chinese government cyber activity,” they wrote.
According to their analysis, the malware, called Xsser mRAT (a RAT is a remote administration tool, a piece of software that allows a hacker to remotely control a device) was distributed via email, Facebook, WhatsApp, and other social media platforms that purported to inform protesters where and when to gather for events. When a user clicked on a link, say in WhatsApp, the malware attempted to install itself, “with an extensive permissions list that the app needs,” the researchers wrote. “When the user first opens the app, a dialog box will prompt the user to update the app with the text ‘Application updates, please click to install.’ If the user agrees, the app is updated and the espionage capabilities are activated, otherwise the application closes.”
The malware, which was able to extract just about any data on a device, is “undoubtedly one of the more advanced we’ve seen,” the researchers said.
Lacoon was founded in 2011 by graduates of the IDF’s 8200 security and networking unit, with R&D operations in Tel Aviv and a sales team in San Francisco.
With the acquisition of Lacoon, said Check Point CEO Gil Shwed, his company gets top mobile security that will help it compete with the many players in the industry. “Mobility has become the norm in business operations now more than ever before, because it enables employee productivity with anytime, anywhere access. However, companies are not necessarily protecting the data on mobile devices properly. Traditional MDM strategies acknowledge the existence of mobile devices, but miss an important factor: protecting those devices, and the data on them, from threats. The addition of Lacoon, the leader in Mobile Threat Prevention, would allow us to provide our customers the most complete mobile security solution on the market.”