The flood of data and the increasing cyber threat pose major challenges for IT security teams. Threatray therefore wants to help you to better understand threat data and malware threats. […]
Hackers are getting smarter these days and are coming up with more and more perfidious attack methods. IT security teams and those responsible for information security are therefore more challenged than ever – and often overwhelmed. The professionalization in the field of cybercrime has now gone so far that malicious software can be obtained from criminals as a service. On the other hand, companies are faced with the great challenge of successfully fending them off.
Therefore, new services and tools are in demand that not only support and strengthen the defense, but also automate it. One trend that is also emerging in order to cope with the insidious attacks is the use of data analytics in cyber defense. Endre Bangerter and Jonas Wagner are active in this area. Bangerter is a professor of IT security at the Bern University of Applied Sciences. Together with his lab colleague Wagner, he founded Threatray in 2018, a start-up with a focus on data-based security analytics.
A new approach to malware analysis
The collaboration between the two began with Wagner’s master’s thesis, which he was able to develop in Bangerter’s laboratory at the Bern University of Applied Sciences. “The aim of the work was to find a new way to automatically analyze malware,” explains Wagner. Because classic procedures have their downsides. According to Wagner, one option is to search the attacks for specific patterns. The IP address with which a malicious program communicates can also be used to detect malware. However, since it can be changed quickly, reliable identification is not always possible, says the IT security specialist.
Wagner therefore concentrated instead on the program code. This usually remains the same or at least similar – even if new versions or mutations of malicious programs appear to trick antivirus software. “Changing the code of a malware from scratch would be very time-consuming. This would have to be practically rewritten,” he explains. By recognizing program code, a correlation between already known and new attacks is now possible. To make this work, Wagner developed search algorithms that automatically compare the unknown with the known within seconds, in order to finally find out whether connections exist.
Motivation from practice
Wagner didn’t just take the idea out of thin air. As Bangerter explains, the master’s thesis could be carried out in collaboration with an antivirus company. So the motivation for this came from practice. “Cyber defense is generally strongly driven by data and analytics. You want to quickly understand what exactly is going on in order to be able to make decisions quickly and react to attacks,” Bangerter explains. And this is exactly where Wagner’s new approach should help. The BFH professor is convinced that he has achieved “a breakthrough” with this.
So after the founding of Threatray in 2018, the two set out to put together their team with the help of a first seed financing round. According to Bangerter, the CEO of the start-up, the first Minimum Viable Product (MVP) was then ready between summer and autumn of last year. After that, the market launch already followed. “We received cool feedback and were also able to achieve first degrees,” he says. The next round of financing followed in winter 2020/21. According to the CEO, this helped Threatray to eliminate the last rough edges of the product. In addition, the capital gave the start-up the opportunity to build up the operational team in the background in order to be able to operate the solution for the customers.
“Search engine for malware threats”
With Threatray, the two company founders now want to provide security analysts with a new tool to better understand data. According to Bangerter, this is exactly where the problem often lies. Because in order to be able to make data-driven cyber defense, the information would have to be collected first. “Everybody’s good at that, that’s the easy part.” But the challenge lies in the abundance of data. A paradoxical situation: “Actually, you want to improve security, but this overloads the analysts,” Bangerter explains. That’s why the goal of Threatray is to enable customers to implement data- and analytics-driven cyber defense.
He describes the core technology offered by the start-up as a “search engine for malware threats”. According to the founders, a private repository is put together for the customers with their own threat data. Bangerter describes this as a “memory” of the threats they have already been confronted with.
In addition, there is the large database of Threatray, which should reflect the global threat situation. “We feed her thousands of malicious files every day,” explains Wagner, the CTO of the start-up. If a customer analyzes a file with the solution, then the file is first broken up into individual code elements, adds the head of technology. These are then compared with known code. In this way, Threatray can make overlaps with known attacks visible and additionally reveal correlations to as yet unknown attacks.
In this way, threats could be identified in the first place – but not only. In addition, Threatray supports many other analyses, as Bangerter explains. From the local, private repository, for example, you can also read out who is attacking and who is the opponent. By means of a retro-detection, it is also possible to determine, for example, whether one’s own company has been affected by an attack in the past after new information has become known. The solution could also help to increase efficiency.
“Depending on the skill level of the analysts, this can usually take hours to days. We are reducing this process to a few seconds to minutes,” promises the CEO. According to Wagner, the solution can be integrated with customers, for example, via APIs. “But we also build extra features and integrations for them to embed the solution as well as possible in their respective environment.»
A promising market
The Threatray founders are convinced that their tool appeals to a wide range of customers. Bangerter basically mentions three types: direct corporate customers, managed security service providers (MSSPs) and IT security companies that analyze malware and conduct cyber threat intelligence themselves. The industry plays no role for direct B2B customers. “As soon as a company has, for example, a SOC, a threat Intel or an incident response team, it is a potential customer of ours.»
It is clear that a sufficiently large team is needed to be able to attract and serve new customers – especially in view of the competition in the cybersecurity sector. Bangerter and Wagner also know this. You therefore want to invest the capital from your second seed financing round – which you completed in the winter of 2020/21 – in particular in the development of a sales organization. But the tech team is also to be continuously expanded and the expansion is to be driven forward, according to the two founders.
After all, Wagner predicts that the solution will be expanded to include the core technology in the future. “Ultimately, we want to create a deeper understanding of malware attacks for our customers.” And considering the daily cyber attacks on companies, the timing could hardly be better. His co-founder Bangerter also sees it this way: “The need is there now. Companies understand that it is serious.»