The “WannaCry” virus, which took down, among others, the National Health Services’ computer network in the United Kingdom last May, was formally labeled a North Korean plot by the U.S. last month. Lost in the foreign intrigue were some basic questions. Why had computer administrators in the U.K. and elsewhere not applied the software fix issued by Microsoft months earlier to protect the vulnerable Windows software? Or was the U.S.’s National Security Agency partly to blame for stockpiling malicious code?
Perhaps most important, why hadn’t billions of dollars worth of computer security gear from leading cyber protection companies such as Cisco Systems (ticker: CSCO), FireEye (FEYE), Palo Alto Networks (PANW), and Symantec (SYMC) foiled the attacks?
Not too surprisingly, the founders of a three-year-old cyber security start-up called Polyverse are convinced their new system “would have completely prevented WannaCry,” says Alex Gounares, the company’s CEO.
The chief technologist of Microsoft’s (MSFT) online unit back in the 2000s, Gounares—who was Bill Gates’ personal technology advisor—says the hackers’ success relied on a simple asymmetry: It costs far less to attack a computer system than it does to protect one. Existing systems build the equivalent of walls and moats around a castle, the so-called firewall that sniffs out intruders and tries to block access. The defenders must guess where they might be attacked and try to anticipate every possibility. It’s a costly and never-ending process.
The problem is that attackers can spend all the time they want studying the situation, looking for holes or ways to get around the protections. If anything, new discoveries have made it easier for hackers far less sophisticated than WannaCry’s creators to take control of a computer.
Polyverse, which has gotten good reviews for its fledgling system, tries to shift the balance of economic power back to the defenders. By replacing the basic instructions inside a computer program with alternate instructions, Polyverse keeps scrambling the code. Doors and windows familiar to hackers disappear quickly, raising the stakes—both on speed and spending—for attackers.
“Dollar for dollar, offense has been winning,” despite billions spent on computer defense, says Bryan Smith, who worked for six years at the National Security Agency and now runs a tech incubator called Bantam Technologies. “Polyverse actually does switch the advantage back to the defender.”
If #Polyverse or a rival does succeed, it will mark the latest shift in the decades-long war for control of computer networks. A computer operates via a series of instructions written by a programmer telling the microprocessor, the brains, to carry out one basic function over and over. That function is to take some values stored in its memory circuits, to perform an operation on them, such as addition, and stick the result back in memory. A hacker tries to gain control of a computer by replacing the programmer’s series of instructions with his own, either changing the operations specified or sometimes changing where in memory the chip fetches and stores values.
One of the last big strategic shifts in the war came in 2007, when a computer scientist named Hovav Shacham showed it was possible to use a computer’s own code against it without injecting new code. Code is a long string of ones and zeros, and the computer chip only knows the instructions by knowing how to divide the ones and zeros into the right sequence of bits that make up each successive instruction. But Shacham realized he could direct the chip to divide the ones and zeros differently, thus changing the instructions.
To complicate hackers’ task, Gounares, 46, conjured ways for them to find not the traditional string of instructions, but a completely different set. Polyverse’s technology is what’s called a binary scrambler. It mixes up the ones and zeros of a program but lets the users’ tasks be completed undisturbed. The exercise turns the attackers’ own game against them, employing different instructions before the attacker can.
AT MICROSOFT, Gounares was well aware of the common complaint that Windows was a “monoculture,” a uniform system that attracted a mass following of developers but also armies of attackers aware of the software’s vulnerabilities. At Gates’ famous retreats to contemplate high-level software issues, the two would occasionally discuss using epidemiology, or the study of the spread of disease, as a guide.
Gounares, who is fond of nerdy references, poses the question, “Why hasn’t the earth been taken over by the zombie apocalypse?” The answer is because human DNA varies enough that no diseases can spread so far they devastate the entire population. But software is like DNA that’s uniform: It can be compromised because it’s reliably the same.
The solution was to create “entropy,” as he puts it—a divergence in the code so that every computer has unique sequences of instructions running through it. Polyverse’s product to date has been for scrambling the Linux operating system. Later this year, it will offer a version that can scramble the entire Windows operating system and programs that run on Windows, says Gounares. Some customers have been given the Windows version to test.
POLYVERSE IS A VERY small company with a promising idea. Funded with just $6 million in private capital, the Seattle-area entity has less than $10 million in annual sales, though Gounares pledges that will rise into the tens of millions over the course of the next 12 months. That’s compared with roughly $2 billion annually in security-related revenue for Cisco, the biggest publicly traded cyber security vendor.
To be sure, Polyverse is not the only company to have thought of what’s known as “moving target defense.” The Massachusetts Institute of Technology’s Lincoln Labs has a rich literature on the subject. But researchers there found problems cropping up: Either the scrambling is limited, leaving avenues of attack, or the scrambled programs degrade in performance.
“We have taken this from an academic approach to an industrial-strength system,” insists Gounares. Polyverse scrambles all the parts of a program, not just some, he says, and without affecting the performance a user experiences.
Steven Potter, a former Navy SEAL who heads sales, sees the military as a key market for Polyverse. There are U.S. weapons systems running on versions of Windows no longer supported by Microsoft. To rip and replace, as they say, those computer systems to make them safer can run into billions of dollars. Hence, a Polyverse sale can be an economical option for government, notes Potter, who served as a contractor in Afghanistan ensuring cargo was safe for the war effort. The firm has already won several military contracts.
Potter, however, becomes most animated when discussing the possibilities offered by the weakness of existing cyber companies. “Where the disruption comes from,” says Potter, “is that with the Palo Alto’s, and the FireEyes, and Symantecs, you can literally take a class and for $1,000, you can hack through any known firewall on the planet.”
Cisco, FireEye, and Symantec declined to comment, while Palo Alto did not return my calls last week.
With the publicity and questions that accompany each new WannaCry-like cyber disruption, Polyverse’s opportunity grows. The system of walls and moats just might be giving this company a great opening.
ABCO Technology offers a complete program for cyber security. Cyber security jobs in Los Angeles are exploding. If you are interested in a career in this exciting field, contact ABCO Technology.
You can reach us by telephone from 9 AM to 6 PM Monday through
Friday at: (310) 216-3067.
Email your questions to: info@abcotechnology.edu
Financial aid is available to all students who qualify for funding.
ABCO Technology is located at: 11222 South La Cienega Blvd. STE #588
Los Angeles, Ca. 90304
Cyber security jobs will expand through 2030 says the US Department of Labor. Start your new career today!