16 Nov Securitas aims to counter virus behavior
Madison, Wis. – Profit-driven hackers, armed with increasingly sophisticated malicious software, have caused over $8 billion in damage to corporation computer systems this year alone, and variations of existing viruses are proliferating faster than ever before. Fortunately for beleaguered businesses, the skill demonstrated by computer criminals is speeding the development of pre-emptive countermeasures.
One such effort has taken shape under the banner of the Madison-based Securitas Technologies, Inc., a startup that is building on research conducted at the University of Wisconsin-Madison Department of Computer Science into the underlying behavior of viruses, spyware, and other computer threats.
“We think that the behavior-based technology – sometimes called semantically aware – has the best long-term prospects to keep up with the arms race of people who are creating malware,” said Roger Chylla, chief technology officer for Securitas.
While most contemporary malware detection systems are signature-based, reacting to new byte patterns as they are identified, Securitas will develop software capable of automatically targeting classes of harmful programs by discerning what they do.
“In the end, the malware always has to perform some malicious action, and that’s when you have your window of opportunity for detection,” Chylla said.
Chylla joined the company soon after it was founded by president and CEO Praveen Sinha and UW-Madison researchers Somesh Jha and Mihai Christodorescu. Together they are quietly developing their technology with plans to launch a product sometime next year.
The operation is in “quasi-stealth mode,” according to Sinha, as the founders build their core team of programmers, perfect their first detection tools, and establish connections inside the data security industry.
Securitas took shape in October 2005 and operations were formally launched in January 2006, but its roots extend much farther.
Sinha’s first venture was UltraVisual Medical Systems, a software medical imaging company he co-founded with Chylla and Mark Gehring that later merged with Emageon. That company completed an initial public offering last year and currently has a market capital value in excess of $300 million.
Sinha left Emageon two years ago looking for other disruptive computer technologies that could impact larger markets. He found researcher Jha and his Ph.D. student, Christodorescu, who were investigating the underpinnings of common virus detection systems.
The prototype software they developed proved very effective against virus variants, garnered early attention from industry leaders, and generated three patent-pending technologies that now are being developed commercially at Securitas.
Christodorescu said changes in the behavior of malware occurs on a five-year time scale and signals a shift in the goals of malware writers, as opposed to the creation of new malicious programs, which occurs on a weekly basis.
“We have research knowledge together with a prototype developed and tested over a period of three years and any competitors in this space will necessarily play catch-up to our technology,” Christodorescu said.
Satisfied with the market potential of such a technology, Sinha and Chylla, with a significant contribution from investor John Thompson, president of Thompson Investment Management, provided $2.1 million in startup capital. Sinha used his connections to build the core team and Chylla came on board to convert the technology into products and services.
“Neither one of us is a security expert.” Chylla said. “We look at this as finding the right experts to put together at the right time.”
Securitas also recently received a small business innovation research Phase I grant from the National Science Foundation to develop novel technology to counter spyware threats.
A confluence of expertise
“We have very good technology and I believe we have one of the best malware research teams in the country or in the world,” Sinha said, adding that the team collaborates with the top researchers at University of California-Berkeley and Carnegie Mellon University. “They are very well respected in the research field.”
Gurindar Sohi, professor in the UW-Madison Electrical and Computer Engineering department and chair of the Computer Science Department, complimented Securitas’ chief scientist Jha, who recently earned tenure.
“He is a nationally-recognized star in his field, and we, as well as other national and international experts, think very highly of his potential as a scientist and innovator,” Sohi said.
Securitas’ advisory board has been very active in the early decision-making process. Chylla, Sinha, and Jha hold weekly meetings with people like Sanjay Sawhney, co-founder of two data security companies, Neoscale Systems and Ukiah Software.
The 12 newest full and part-time team members, programmers whom Chylla described as both passionate and creative, responded quickly to job offers from the company.
“We’re finding some really good, really smart people,” Chylla said. “We have made a conscious decision to keep the team small to figure out how to enter the market.”
Bringing it together
Chylla said Jha’s technology “has a lot of new ways of thinking in every step of defining and detecting viruses.” The commercial approach will be to develop those ideas and construct a sophisticated, behavior-based scanner, one that will initially focus on servers and e-mail.
Whether or not that scanner will succeed outside the virtual testing environments Securitas is using to perfect the technology remains to be seen. As George Davida, director for the Center for Cryptography, Computer and Network Security at the University of Wisconsin-Milwaukee, puts it: “The ability of malware generators to adapt to tactics is just as good if not better than the defense mechanism designers.”
The Securitas team has collected tens of thousands of pre-existing viruses and is now creating basic tools used to discern what sample programs are doing to detect whether behavior is malicious or not.
“Initially what we want to do is develop the ability to respond faster to threats and write signatures much more quickly,” Sinha said. “We’ll have automated tools for developing signatures, pulling malware off the Internet, and recognizing it.”
Sinha said that although several industry leaders are aware of the concept, Securitas will definitely be one of the first companies to market robust behavior-based malware detection software.
“Do we have the expectation of being the only company in 2008 that will have behavior-based technology?” Chylla asked. “No, we don’t, but no vendor today has truly mature behavior-based technology.”
• Geoff Bastow: Web-centric entrepreneurs find models that attract investment
• Commerce qualifies seven for investor tax credits
• Safe Internet requires total network security, prof. says
• NSA certifies MATC’s network security program
• New UW position focusing on Internet security