通过无代码区识别恶意代码 Solebit 获融$1100万
- 网安创企融资/投资人合作 加微junshao -
【180316 securityweek】Tel Aviv-based cyber-attack prevention firm Solebit Labs, currently establishing new global headquarters in Silicon Valley, has announced completion of an $11 million Series A funding round led by ClearSky Security.
Solebit was founded in 2014 by Boris Vaynberg, Meni Farjon, and Yossi Sara -- all of whom graduated from Israel's IDF technology units. The funding announced today will be used to accelerate adoption and deployment of the SoleGATE Security Platform from the new headquarters in Silicon Valley.
SoleGATE is an attack prevention system that can be used as a replacement or alternative to traditional endpoint protection systems. Such systems typically rely on either malware signatures or malware behavioral analysis engines -- with or without benefit of machine learning AI algorithms-- to detect malware; and both of these approaches can be evaded by zero-day fileless attacks.
SoleGATE is an attack prevention system that uses neither signatures nor behavioral analysis to detect malicious code before it enters the network. Instead, it creates a logical 'no code zone' that inspects every data stream for executable code, no matter how encrypted or hidden. By inspecting every data stream, malicious code has nowhere to hide, and cannot evade detection. Solebit claims that it has a false positive rate of less than 0.002%.
“Attackers still possess the edge, particularly in zero-day attacks, despite considerable security investment,” said Vaynberg, CEO of Solebit. “DvC (Solebit's patent-pending inspection engine) assumes that there is no legitimate reason for executable code to be present in any data file. DvC also accurately identifies and blocks malicious active content using advanced flow analysis, de-obfuscation techniques and deep content evaluation, to reveal threat intent within any data file covering machine, operating system and application levels, thereby rendering such sandbox-evading malware harmless to the enterprise.”
SoleGATE is a virtual appliance that can analyze data streams at high speed. For large companies, "SoleGATE supports both vertical and horizontal scaling," Vaynberg told SecurityWeek. "Each SoleGATE virtual appliance can scan many files concurrently (based on number of CPU cores dedicated to the virtual appliance) and customers can use multiple SoleGATE instances working in Active-Active mode."
The technology is closer in concept to Content Disarm and Reconstruct (CDR) solutions than it is to standard malware detection products -- but still has fundamental differences. "The SoleGATE DvC engine analyzes the binary content of each scanned file and reaches a conclusive verdict regarding the file, whether it is malicious or not. It covers a wide range of file formats, does not change anything in the scanned file and, of course, there is no effect on user experience," explained Vaynberg.
"CDR, however, is reconstructing the file, assuming that reconstruction will remove any malicious payload. This technology is generally limited in the number of supported file formats, and it can affect user experience since it is actually altering the file the user receives."
SoleGATE does not create signatures for files or malicious behavior -- all data streams are inspected as if never before seen. Nor does it share or export any data from the customer's environment -- eliminating, for example, the sequence of events that triggered Kaspersky Labs' issues with the US government. In that instance, it is thought that files exported from an NSA contractor's home computer for Kaspersky malware analysis somehow alerted Russian intelligence services to the presence and location of those sensitive files; which were later obtained by hacking the contractor's computer.
SoleGATE does, however, provide IoCs to the customer, "in order," said Vaynberg, "to leverage the customer's entire security stack based on SoleGATE's unique detection." He added, "SoleGATE also supports malicious links detection and prevention. It provides customers with prevention against links that lead to malicious web pages or malicious files to be downloaded from the web. A phishing web page that seeks to socially engineer user credentials will be supported later."
"Solebit provides the most effective, real-time, and accurate cyber-attack prevention platform that is incredibly simple to use, integrate and manage,” said Peter Kuper, Managing Director, ClearSky Security. “As organizations struggle to better manage risk against unknown threats, Solebit is ideally positioned to be a trusted partner to both enterprise and large-scale security vendors as they contend with ever increasingly sophisticated attackers."
更多网安创投资讯
【云安全】以插件代位WAF Templarbit获融$300万
【反欺诈】Proofpoint$2.25亿并购反钓鱼创企Wombat
【数据安全】帮助企业应对GDPR BigID获$1400万融资
【端点安全】混合架构协调效率与安全 Hysolate获$800万融资
【智能安防】巡逻机器人Knightscope获$2500万融资
【IoT】以色列创企VDOO获83North $1300万投资
【威胁情报】SaaS平台Anomali获$4000万D轮融资
【安全管理】外包SOC服务 Arctic Wolf获$1600万融资
【IoT】韩企Security Platform获软银$278万投资
【IoT】云车联网安全 Upstream获$900万A轮融资
【云安全】软件定义安全 ShieldX获$2500万B轮融资
【IoT】防护80亿个IoT终端 Cog获$350万A轮融资
【云安全】反恶意威胁云平台 Menlo获$4000万C轮融资
【移动安全】实时APP防护 Prevoty获$1300万B轮融资
【物联网】Tortuga Logic获融$200万打造芯片级安全
【威胁情报】ThreatQuotient获$3000万C轮融资
【智能安防】AI视频监控平台 博思廷获融¥3000万A+轮融资
【邮件安全】Proofpoint以$1.10亿收购Cloudmark
【工控安全】Enview通过AI及3D技术监控老旧管线获$600万A轮融资
【暗网监控】Recorded Future获$2500万E轮融资
【NAC】网络访问控制创企ForeScout上市融资$1.16亿
【网安测评】SecurityScorecard获诺基亚$2750万C轮融资
【威胁防护】实时防护创企Capsule8获$600万A轮融资
【容器安全】Aqua Security获$2500万B轮融资
【暗网防护】Digital Shadows获$2600万C轮融资
【反病毒】在初始阶段阻止病毒,AppGuard获3000万美元B轮融资
【每周五为您同步全球网安投融大事】