Firewalls and traditional defenses against hackers are over. It’s time to rethink how we protect our computers and the networks that connect them.
Today vArmour, a new security startup still running in stealth mode, announced that it has raised a combined $36 million in new funding. The company said it closed a $21 million C round led by Columbus Nova Technology Partners, Citi Ventures and Work-Bench Ventures. It also disclosed a $15 million B round it closed in December, led by Menlo Ventures.
The two rounds bring vArmour’s combined funding to $42 million.
Current computer security technology basically works like this: In the daily flow of operations, a security system scans constantly for known malware and well-understood patterns of behavior that might indicate an attack is under way. Yet hackers are constantly breaching systems anyway, so it’s clear that a new approach is needed.
Eades, who in 2012 sold his prior company, SilverTail Systems, to RSA, the security unit of IT giant EMC, told me as much in an interview last week. “The legacy architectures that prevented criminals from getting in were devised before the cloud and before everything was mobile,” he said. “They just can’t keep up.”
VArmour is founded on the notion that criminals are going to penetrate networks. But you can prevent them from moving around laterally — that is, between different systems within a network.
Think about it this way. When a burglar breaks into your house, he usually does so via a weak point on the exterior of a house, say a window left open in the laundry room. But the stuff he wants to steal likely isn’t in the laundry room. If you can prevent the burglar from moving room to room searching for the good stuff, you stand a fair chance of stopping him in his tracks and catching him.
On average, hackers spend about 240 days perusing a network looking for the good stuff. We saw that in the APT1 attacks carried out by a unit of the Chinese Army, and in attacks carried out against media organizations like the New York Times.
“They don’t come in on the high value asset,” Eades said. “They come in via whatever asset they can use to get in and then they go after their target. They don’t just stay in one place. They have to look around. If you can’t see them, you can’t protect against them. That’s the problem that we’re going after.”