I generally cover consumer technology, not enterprise. And particularly not enterprise IT security, which can be extremely arcane. But given this week’s political developments, with the Wikileaks release of the Democratic National Committee’s email (suspected to have been purloined by Russian hackers), security has certainly been on my mind.
Silicon Valley startup ThinAir Labs made me an interesting promise: that they could explain their security approach so concretely and succinctly that I would understand the gist of it in less than an hour, if not minutes. So I made a quick trip to their downtown Palo Alto offices to check it out. And company founder and CEO Tony Gauda was right; it’s an easy concept to grasp (though it took him three years to implement).
Gauda spent much of his career building fraud prediction systems for Mastercard—systems that, he says, were the first to detect the massive security breaches at Target and Home Depot. He then went on to found BitCasa, a company that offered encrypted cloud storage for consumers. ThinAir Labs, founded in 2013, combines both approaches, he says.
Generally, when the company’s software, ThinAir, is running on a computer, it’s monitoring behavior, in the same way credit card fraud prediction systems monitor behavior, Gauda explains. If the system spots something odd, say, a number of files are being rapidly opened in succession, at a pace far faster than you’d be able to do manually, or screen shots are being taken of documents, or documents are being copied and sent somewhere you’ve never had contact with previously, you’ll get an alert on your phone that will not only tell you what is happening with your computer, but where.
“People’s behavior is usually consistent, they open things at a human speed, they run normal applications. Malware and hackers have different behavior. Copying two terabytes of data isn’t normal behavior,” says Gauda.
In the case of the DNC emails, the system, Gauda says, would have spotted that files were being copied and showed on a map where they were going to so a system administrator could have stopped the export and given investigators a good idea of where the hack originated.
For confidential files, Gauda says, ThinAir has another layer of security: a virtual vault on the user’s computer. To protect a file, the user puts it into the “safe.” That locks the file so only authorized users can access it. It stays protected when it comes out of the safe, whether dragged, copied, or emailed. Others will be able to open the file if they are people that the user normally allows to open these types of files (that behavior tracking again); when new correspondents get the file and try to open it, the documents creator will get an alert asking for authorization. If files are stolen, the document owner can lock them all up instantly. The system works with any kind of file, even ones it has never seen before. “You could be a spook agency with an app that has never seen the light of day, and this would still work out of the box to protect it,” Gauda says.
“We deeply protect files in the safe, and monitor the files outside the safe,” Gauda says. “If one of the protected files gets stolen, we have a record of everyone who touched it, we can understand the scope of the breach, we know where it happened geographically, and we can go back and undo it. In the case of the DNC emails, the system would have noticed that tons of data were being exfiltrated because files were being opened. It could see where they were going—to the Kremlin, perhaps? And the DNC might have received an alert indicating, say, that Putin has requested access.”
The simplicity, Gauda indicates, is hugely important, because people don’t use things that aren’t simple. “People and organizations make bad security decisions all the time, especially in the government,” he says, “just turn on the news any night to see it.”
“We make the default behavior secure, rather than requiring people to change their behavior.”
ThinAir will be launching next week at the Black Hat USA conference in Las Vegas. The company plans to charge a monthly fee; the price has yet to be announced.
