Tel Aviv-based cyber-attack prevention firm Solebit Labs, currently establishing new global headquarters in Silicon Valley, has announced completion of an $11 million Series A funding round led by ClearSky Security.
Solebit was founded in 2014 by Boris Vaynberg, Meni Farjon, and Yossi Sara — all of whom graduated from Israel’s IDF technology units. The funding announced today will be used to accelerate adoption and deployment of the SoleGATE Security Platform from the new headquarters in Silicon Valley.
SoleGATE is an attack prevention system that can be used as a replacement or alternative to traditional endpoint protection systems. Such systems typically rely on either malware signatures or malware behavioral analysis engines — with or without benefit of machine learning AI algorithms— to detect malware; and both of these approaches can be evaded by zero-day fileless attacks.
SoleGATE is an attack prevention system that uses neither signatures nor behavioral analysis to detect malicious code before it enters the network. Instead, it creates a logical ‘no code zone’ that inspects every data stream for executable code, no matter how encrypted or hidden. By inspecting every data stream, malicious code has nowhere to hide, and cannot evade detection. Solebit claims that it has a false positive rate of less than 0.002%.
“Attackers still possess the edge, particularly in zero-day attacks, despite considerable security investment,” said Vaynberg, CEO of Solebit. “DvC (Solebit’s patent-pending inspection engine) assumes that there is no legitimate reason for executable code to be present in any data file. DvC also accurately identifies and blocks malicious active content using advanced flow analysis, de-obfuscation techniques and deep content evaluation, to reveal threat intent within any data file covering machine, operating system and application levels, thereby rendering such sandbox-evading malware harmless to the enterprise.”
SoleGATE is a virtual appliance that can analyze data streams at high speed. For large companies, “SoleGATE supports both vertical and horizontal scaling,” Vaynberg told SecurityWeek. “Each SoleGATE virtual appliance can scan many files concurrently (based on number of CPU cores dedicated to the virtual appliance) and customers can use multiple SoleGATE instances working in Active-Active mode.”
The technology is closer in concept to Content Disarm and Reconstruct (CDR) solutions than it is to standard malware detection products — but still has fundamental differences. “The SoleGATE DvC engine analyzes the binary content of each scanned file and reaches a conclusive verdict regarding the file, whether it is malicious or not. It covers a wide range of file formats, does not change anything in the scanned file and, of course, there is no effect on user experience,” explained Vaynberg.
“CDR, however, is reconstructing the file, assuming that reconstruction will remove any malicious payload. This technology is generally limited in the number of supported file formats, and it can affect user experience since it is actually altering the file the user receives.”
SoleGATE does not create signatures for files or malicious behavior — all data streams are inspected as if never before seen. Nor does it share or export any data from the customer’s environment — eliminating, for example, the sequence of events that triggered Kaspersky Labs’ issues with the US government. In that instance, it is thought that files exported from an NSA contractor’s home computer for Kaspersky malware analysis somehow alerted Russian intelligence services to the presence and location of those sensitive files; which were later obtained by hacking the contractor’s computer.
SoleGATE does, however, provide IoCs to the customer, “in order,” said Vaynberg, “to leverage the customer’s entire security stack based on SoleGATE’s unique detection.” He added, “SoleGATE also supports malicious links detection and prevention. It provides customers with prevention against links that lead to malicious web pages or malicious files to be downloaded from the web. A phishing web page that seeks to socially engineer user credentials will be supported later.”
“Solebit provides the most effective, real-time, and accurate cyber-attack prevention platform that is incredibly simple to use, integrate and manage,” said Peter Kuper, Managing Director, ClearSky Security. “As organizations struggle to better manage risk against unknown threats, Solebit is ideally positioned to be a trusted partner to both enterprise and large-scale security vendors as they contend with ever increasingly sophisticated attackers.”