- Jun 24, 2016
- 636
Metapacket analyzes outbound network traffic to flag and block malware:
Metapacket, one of YC’s current batch of startups, is hoping to get its SaaS on corporates’ list of essential threat detection software with a technique to stop malware attacks by analyzing outbound network traffic to determine whether it’s human or not.
Rather than by trying to assess where data is being sent, to try to ID suspicious outbound connections, its technology focuses on trying to determine whether network traffic is really being generated by a human or not. And thereby, it claims, catch (and block) malware in the act of relaying pilfered data elsewhere.
“Malware cannot completely mimic human beings’ behavior and the whole functioning operating system plus browser when it’s surfing the web,” says founder Nir Krakowski, who along with his co-founder has a background working for the Shin Bet Israeli state security agency.
“We know how attackers work, how they think, how they strategize… That’s when I realized we had to do this in order to catch them where they’re going to be” is how he explains the thinking behind the startup.
“There’s a tactical reason why malware uses web communications and not other things — because initially it wants to look as human as possible. 99.9% of the traffic out there is web-based. And it wants to hide itself in plain sight, between user interactions. But it can’t do that completely,” he adds.
Trying to ID malware based on where it’s sending data can be complicated by hackers looping in legitimate services to mask malicious intent — such as the Russian Hammertoss malware uncovered last year which sends data to services such as Twitter and Github. Hence Metapacket taking the opposite tack of looking to determine the source.
“What are you going to do, are you going to block all of Twitter? You can’t do this at the website level, at the target level,” argues Krakowski. “It’s almost impossible to do it this way, via the target.
“What we’re doing is, unlike all the other proxy solutions or web-analysis solutions, we are not just passively looking at the data but we are modifying it. So we are challenging the user and browser to prove that they’re human by adding to the traffic.”...
To read the full article please follow the link at the top of the page
Metapacket, one of YC’s current batch of startups, is hoping to get its SaaS on corporates’ list of essential threat detection software with a technique to stop malware attacks by analyzing outbound network traffic to determine whether it’s human or not.
Rather than by trying to assess where data is being sent, to try to ID suspicious outbound connections, its technology focuses on trying to determine whether network traffic is really being generated by a human or not. And thereby, it claims, catch (and block) malware in the act of relaying pilfered data elsewhere.
“Malware cannot completely mimic human beings’ behavior and the whole functioning operating system plus browser when it’s surfing the web,” says founder Nir Krakowski, who along with his co-founder has a background working for the Shin Bet Israeli state security agency.
“We know how attackers work, how they think, how they strategize… That’s when I realized we had to do this in order to catch them where they’re going to be” is how he explains the thinking behind the startup.
“There’s a tactical reason why malware uses web communications and not other things — because initially it wants to look as human as possible. 99.9% of the traffic out there is web-based. And it wants to hide itself in plain sight, between user interactions. But it can’t do that completely,” he adds.
Trying to ID malware based on where it’s sending data can be complicated by hackers looping in legitimate services to mask malicious intent — such as the Russian Hammertoss malware uncovered last year which sends data to services such as Twitter and Github. Hence Metapacket taking the opposite tack of looking to determine the source.
“What are you going to do, are you going to block all of Twitter? You can’t do this at the website level, at the target level,” argues Krakowski. “It’s almost impossible to do it this way, via the target.
“What we’re doing is, unlike all the other proxy solutions or web-analysis solutions, we are not just passively looking at the data but we are modifying it. So we are challenging the user and browser to prove that they’re human by adding to the traffic.”...
To read the full article please follow the link at the top of the page
