T he Cybersecurity Startup Report
The startups making waves in cybersecurity this month
The Equifax breach made clear the threat of centralised identity stores and the mass damage that hackers can do with an enterprise data breach. Hypr’s Decentralized Authentication looks to minimise that risk by taking away the store of credentials that most organisations keep on their servers and putting the business of identity processing onto the user’s device.
Company co-founder and CEO George Avetisov explains: “The goal of these companies in moving to decentralised authentication is to isolate account breaches to one person.”
Developers can use Hypr with an app or a website to force authorisation to the appropriate device, making use of methods such as phone fingerprint sensors or two-factor authentication systems to provide the security check. Over time, centralised storage can slowly be deleted as the transfer to Hypr progresses. Ultimately, if a breach ever occurs, a hacker could only get the credentials from a single device, a result that would largely not be worth either the time or effort.
Aside from the task of securing your own company, it is important to know that those you do business with are equally secure. Security Scorecard provides a way for security signals to be automatically captured and used to rate companies on how well they are handling security, and what their specific strengths and weaknesses are.
According to company co-founder and CEO Aleksandr Yampolskiy, the company stemmed from a simple idea: “Companies were doing business with third-party partners. If one of those companies gets hacked, you lose. How do you vet the security of companies you do business with?”
Using publicly available information, Security Scorecard grades companies from A-F, provides a detailed breakdown of areas of strength and weakness, and allows users to compare the company of interest to others in their peer groups. With the option to track performance over time, it also allows for users to judge both their own improvement and that of the vendors they use.
When approaching cybersecurity, it can sometimes be difficult to parse the underlying connections between events, especially as analysts may be approaching the problem with a varying skill set. Uplevel looks to address this difficulty by providing a graphical view of security data, giving all analysts involved a better view of a problem, and helping to build, by correlating machine and human learning, a better understanding of how future events might rely on similar connections.
Uplevel’s system works by learning from the analysts involved: if an analyst agrees or disagrees with the graph, that information is fed back to it and the system can, in the future, present a view that is more relevant to the organisation’s security concerns and the likely interplay of events within the given organisation.
“What is exciting about [our approach] is you get a new alert and build a mini graph, then merge that into the historical data, and based on the network topology, you can start to decide if it’s malicious or not,” founder Liz Maida said.
As data privacy issues continue to run out headlines as fast as they can be written, companies are having to quickly reckon with becoming compliant with regulation such as the EU’s GDPR. New York-based BigID is attempting to assist with this issue by enabling users to identify the most sensitive data that may be contained within their large data stores.
Named Most Innovative Startup at April’s RSAC Sandbox competition, BigID is providing a modern architecture for companies to quickly identify data requiring attention and avoid the fines for failing to comply with regulations.
“When we first started talking about this [in 2016] people didn’t grok it. They didn’t understand why you would need a privacy-centric approach. Even after 2016 when GDPR passed, most people didn’t see this. [Today] we are seeing a secular change. The assets they collect are valuable, but also incredibly toxic,” company CEO and co-founder Dimitri Sirota told TechCrunch.