San Antonio’s Infocyte Takes Cybersecurity Threat Hunting to Linux
San Antonio — For any modern company, it’s always possible that some hacker has breached its security network, and is waiting to mine private information or steal other data. The fear is more prevalent today than ever as stories of security breaches range from Sony to Zuckerberg.
That type of thinking has sparked a cybersecurity approach marketed as “threat hunting,” an increasingly popular way to detect seemingly dormant hackers who have already gained access to a network and are waiting in the rafters to attack. A San Antonio company called Infocyte, which has developed its own threat-hunting software for eradicating hackers from businesses’ computer networks, announced recently that it has expanded its hacker-seeking offerings to Linux. It previously worked only on Windows operating systems.
The venture-funded company hopes Linux will boost its base of customers—typically businesses with more than 250 computers or servers—as it continues to build out its software to operate on more systems, such as Max OS X and Android smartphones. After receiving $1.4 million in funding from Austin, TX-based Live Oak Venture Partners starting in 2014, Infocyte is now sustaining its business on revenues from a half-dozen enterprise customers—it charges $60 per computer annually to run Infocyte’s software, says CEO Chris Gerritz.
Infocyte also has about 12 more clients using trial versions of its software or in beta tests, Gerritz says.
“We’re designed proactively to find compromises that are in your network,” he says. “If you’re already breached, we can find those breaches you haven’t found yet.”
Traditional virus detection typically must be installed on each individual computer or server and will run through a dictionary of signatures—snippets of code left behind by the malware—to detect something. That approach can be time-consuming and laborious, Gerrtiz says. Infocyte’s software is agentless—not installed on a computer—which allows it to scan an entire company’s computer system more quickly, he says.
While hackers can do things to adjust signatures the malware leaves behind, Infocyte’s software targets signatures that typically won’t change in the operating system or memory, he says.
“Our methodology is to dig through all the memory, look for the manipulations in the system for a current or previous active compromise,” Gerritz says. “It’s built on device validation, so we validate that the operating system and the device is clean, and doesn’t have anything on it or triggered to run.”
The idea for the technology stems from the time Gerritz spent working in the Air Force’s Computer Emergency Response Team, which responds to incidents and hacks. He started the business in 2014 after taking medical retirement from the Air Force.
Infocyte has plenty of competitors joining it in the threat hunting sector, from Seattle-based DomainTools to Waltham, MA-based Carbon Black. Gerritz says Infocyte’s lead in systems it can work with—he says it is the first threat hunting tool for Linux—and experience in hacking with the Air Force helps his company stand out.
“We can take an untrusted device and you can begin to trust it after you scan it with our software,” he says. “That’s going to be very important in the future as organizations have less control over their devices: you have laptops, handheld devices, iPads. You don’t know where they’ve been—in a Starbucks, out of the country.”