All posts in “Security”

Xage emerges from stealth with a blockchain-based IoT security solution


Getting the myriad of devices involved in the industrial internet of things provisioned and communicating with one another in a secure way will be one of the great technological challenges facing companies in the coming years. Xage (prounounced Zage) emerged from stealth today with a blockchain-based security solution that could help simplify this.

The company also announced that Duncan Greatwood has joined the company as CEO. Greatwood is an experienced entrepreneur, who sold Topsy to Apple in 2013 and PostPath to Cisco in 2008. These exits have given him the freedom to pick and choose the projects he wants to work on, and he liked what he saw at Xage from a technology perspective.

“This is an area where a wave of change is sweeping through the industry. Security is a foundational element of this innovation,” Greatwood told TechCrunch.

He said that Xage is building a security fabric for IoT, which takes blockchain and synthesizes it with other capabilities to create a secure environment for devices to operate. If the blockchain is at its core a trust mechanism, then it can give companies confidence that their IoT devices can’t be compromised. Xage thinks that the blockchain is the perfect solution to this problem.

They do this by building a trusted network of people, machines and applications on the blockchain, which creates an irrefutable connection among these different entities and prevents anyone who has not been given explicit permission from gaining access.

“The blockchain is operating like a distributed, redundant tamper-proof data store. It connects with policies pushed from the cloud or configured locally. The [security] fabric enables the devices and AI and people to communicate with each other and controls the flow of information,” he explained.

Greatwood says this is helping solve a huge IoT security challenge because of the tremendous risk that’s inherent when everything can talk to everything. “Any to any communication at the edge with many devices is the worst case scenario for security because you are creating the maximum attack surface,” he said.

But, he says, Xage’s blockchain approach flips that because the more participation you have, the more secure it’s going to be. “The more participants you have, the more security you have, the more redundancy you have, the harder it is to attack the system and break the consensus the blockchain is there to establish,” he said.

What ends up getting deployed is a security fabric, a set of gateways and client devices on the industrial edge that form the blockchain among themselves,” he said. “ The company is working with IBM on the Hyperledger Fabric project to build their blockchain along with some of the Ethereum technology.

The product is generally available today. The company is located in Palo Alto and currently has 20 employees. Among their early customers are ABB and Itron, which is using the technology to provision smart electricity meters.

Featured Image: Hipspeeds/Getty Images

Security robots are being used to ward off San Francisco’s homeless population


Is it worse if a robot instead of a human is used to deter the homeless from setting up camp outside places of business?

One such bot cop recently took over the outside of the San Francisco SPCA, an animal advocacy and pet adoption clinic in the city’s Mission district, to deter homeless people from hanging out there — causing some people to get very upset.

Silicon Valley game developer and Congressional candidate Brianna Wu tweeted yesterday her dismay at the move, saying, “I’m sorry for being so frank but this absolutely disgusts me as someone that experienced homelessness.”

The homelessness issue in S.F. is thorny and complicated. One could get whiplash at seeing the excess of wealth and privilege juxtaposed with the dire circumstances just steps outside Twitter headquarters on Market Street.

However, the city’s homeless are also associated with higher rates of crime, violence and sometimes episodes of psychosis, leading to safety issues that many feel San Francisco has not had an adequate handle on.

The S.F. SPCA rolled out the use of a robot unit dubbed K9 from security startup Knightscope a month ago, citing these same safety concerns.

“Over the summer our shelter was broken into twice. The inside was vandalized and property and cash donations were stolen,” S.F. SPCA spokesperson Krista Maloney told TechCrunch. “Furthermore, many staff members and volunteers have filed complaints about damage to cars and harassment they experienced in our parking lot when leaving work after dark. We currently employ security guards, but we have a large campus and they can only be in one area at a time.

The K9 units are also cheaper than humans. One robot costs $6 an hour to use vs. paying a security guard the average $16 an hour.

“Unfortunately, in the last year we’ve been forced to spend a significant amount of money to ensure the security and safety of the people on our campus as well as the animals in our care,” Maloney said.

And, according to both the S.F. SPCA and Knightscope, crime dropped after deploying the bot.

However, the K9 unit was patrolling several areas around the shop, including the sidewalk where humans walk, drawing the ire of pedestrians and advocacy group Walk SF, which previously introduced a bill to ban food delivery robots throughout the city.

“We’re seeing more types of robots on sidewalks and want to see the city getting ahead of this,” said Cathy DeLuca, Walk SF policy and program director, who also mentioned S.F. district 7 supervisor Norman Yee would be introducing legislation around sidewalk use permits for robots in the beginning of 2018.

Last week the city ordered the S.F. SPCA to stop using these security robots altogether or face a fine of $1,000 per day for operating in a public right of way without a permit.

The S.F. SPCA says it has since removed the robot and is working through a permitting process. It has already seen “two acts of vandalism” since the robot’s removal.

But putting permits and public use of sidewalks aside, it seems the robot could do more than just discourage homeless camps. It could keep an eye on the surrounding area and report crimes, yes, but it could also possibly be used to alert police and social workers to areas where homelessness seems to have increased or look for anyone who may be facing violence or a psychotic episode and in need of intervention.

The Knightscope bots are equipped with four cameras able to read more than 300 license plates per minute. They can move about and keep tabs on an area, noting anyone on a list of those who shouldn’t be there.

Already the S.F. SPCA said it has experienced a drop in crime when using the bot cop. The same might be said if it had increased the use of human security guards but humans, as mentioned above, cost more. They also can’t monitor 24/7 or immediately upload what they see to the cloud.

Further, robots aren’t going away. While it isn’t clear what solution San Francisco’s city council will come up with to handle the increase of these types of bots on our sidewalks in the future, it’s inevitable we’re going to see more of them.

It’s an age-old human vs. machine argument. But machines usually win.

Upstream Security reels in $9M Series A to protect connected cars


Upstream Security, a new startup founded by two cyber security industry veterans, announced a $9 million Series A today to help protect connected vehicles and eventually autonomous cars.

Today, that probably means a car using a service like OnStar to connect over the internet to your manufacturer for a menu of in-car services such as automated crash detection and stolen vehicle assistance. In the future, it could involve a set of communications between cars, cloud services and a host of other technologies as we move deeper into the use of autonomous vehicles.

The investment was led by CRV. Israeli-based Glilot Capital Partners and Maniv Mobility also participated. Today’s round comes on the heels of $2 million seed round in June.

The co-founders, Yoav Levy and Yonatan Appel decided to bring their years of cyber security experience to bear on securing the connected car. While some companies have looked at this problem in the past by trying to apply the security inside the car itself, Levy said his company is taking a different approach by moving the security layer to the cloud.

By installing the security in the data center between the car, the telematics server and whatever applications are running on the server, Levy believes it will simplify and enhance the ability to secure the car. What’s more, there is also a machine learning component. So the more data they collect, the better they can distinguish anomalous behavior from normal behavior.

For now, that mostly involves fraudulent use of a vehicle, rather than anything like malware or hacking (although that could be something they look at in the future). Possible customers could be OEMs, rental fleets, truck and bus companies or ride sharing services.

Upstream monitors usage and could tell for instance if a person were using a rental car for ride-sharing in violation of the rental agreement. They could determine this because a person picking up people, traveling a short distance and stopping to drop them off leaves a particular data footprint.

Today the company has 15 employees, but has plans to expand to 40 in the next year including opening east and west coast sales offices in the US. Upstream currently has five companies piloting their solution. The plan is to Beta by the end of the month and go to GA by the end of January.

Featured Image: Bryce Durbin

Menlo Security secures $40 million Series C to keep malware at bay


Menlo Security, a startup with a unique approach to protecting your company from malware and phishing attacks, announced a $40 million Series C round today.

Menlo protects customers by never lets letting employees access an actual website or email containing malware. Instead, they isolate the original in a container, then display a clean mirror image in the browser, which has been stripped of any of the bad stuff. The thinking goes that if the malware never reaches you, it can’t harm you.

As CEO and co-founder Amir Ben-Efraim explained after the company’s $25 million Series B round in 2015, “We isolate all web pages and email in the cloud (either public or private). As content gets isolated, it never makes it to the end point. This eliminates the malware at an architectural level.”

It’s an effective approach, as Ben-Efraim reports that they now have more than a million users at hundreds of customers and have had zero infections to date.

Those kind of results are resonating with customers and investors alike, he says. “We have now at this point hundreds of customers, mostly from the Global 2000. There has been a tremendous uptick in adoption. We are hitting the nail on the head in terms of impact we’ve been having. The big breaches over the last couple of years [often] trace back to an end user being targeted by malware,” Ben-Efraim said.

This round of funding adds several strategic investors including American Express Ventures, Ericsson Ventures and HSBC. Menlo’s existing investors JPMorgan Chase, General Catalyst, Sutter Hill Ventures, Osage University Partners and Engineering Capital also participated. The company has now raised over $85 million.

Tim Dawson, who is head of cyber technology at HSBC, says they are always looking for innovative security solutions. “Cyber security is a top priority for us. This investment is an example of how as threats constantly evolve, we will continue to dedicate time and resources to the challenge, exploring innovative ways to protect our clients and staff,” he said in a statement.

The company currently has 125 employees, but Ben-Efraim expects that to increase to close to 200 by the end of 2018. “Series C is tends to be about accelerating go-to market motion,” he said, and to that end, they intend to concentrate those hires on building a worldwide sales and marketing team in the coming year.

Featured Image: nadia_bormotova/Getty Images

Former Disrupt Battlefield competitor Coronet automates security for SMBs in latest update


Coronet, a startup that launched as part of the TechCrunch Disrupt Battlefield competition in New York City in 2015, announced the release of the latest version of its cloud security product aimed at SMBs today. The new system introduces a layer of autonomy which lets IT or security personnel define a set of rules and the system takes care of the rest without any additional intervention.

The Coronet SecureCloud has been designed to be as simple as possible, Coronet co-founder and CISO Dror Liwer told TechCrunch. This means that the system makes sure any device an employee is using is secure, while validating the user’s identity, making sure the network is safe and preventing anything malicious on a device from spreading to a cloud service.

It defaults to the new fully autonomous platform, meaning you simply set it and forget it. Whereas many security systems funnel issues to a security team, this one is designed to detect and mitigate the threat in real time, Liwer explained. If there is an issue, the employee won’t be able to log on unless they fix the problem, so a device infected with malware wouldn’t be allowed on the company Dropbox account until the problem is resolved. This would prevent the malware from spreading from the device to files stored in the cloud.

As an example, just last week Apple had a huge security vulnerability in OSX High Sierra that would have allowed anyone to log onto an unpatched machine. Apple released a patch within 24 hours and it was imperative that people get the update. Using Coronet SecureCloud, the system would recognize the patch is available and not let the user log on to their system without updating, thereby forcing them into compliance.

It wouldn’t require an email or any communication or action on behalf of a small or medium business IT department. This would all happen automatically and without a lot of pain to the end user. All they would know is they need to update the OS to continue.

Of course, there is some work up front to define the rules, but there are pre-configured rules for popular cloud software packages like Office 365, Box, Slack and Dropbox. Companies can adapt those rules for their company or leave the defaults.

Security is growing ever more complex and tracking all of the latest vulnerabilities and patches takes trained people. It’s hard enough for an enterprise with deep resources to find them and keep all employees up to date. It’s even more difficult for small- to medium-sized businesses (SMBs).

The Coronet SecureCloud autonomous security is available starting today.

Featured Image: vertigo3d/Getty Images