I hadn't until just a few minutes ago. I was performing research for a consulting job for an investor who's considering making an investment in a security company. I'll sometimes do these on the side. Anyway, in this case I happened a cross a company called Invincea --using the words in their summary:
"Developed a patent-pending, revolutionary technology for protecting computer workstations from Internet attacks."
I love these words. Nothing thrills me more than patent-pending, revolutionary technology for protecting computers from Internet Attacks! Right now, I'm typing with sweaty palms and my hearts racing because the thought of new, patent pending revolutionary new software to protect my computer workstation from Internet attacks makes me, well, downright giddy!
So I read on... at the website (http://www.invincea.com/), I found a white paper. All startups have them. I was hoping to also find a list of reference customers I might contact while contemplating this paper. You see, the company is headed by the standard board of venture capital execs, but also by Dr. Anup Ghosh. That name might ring a bell for many reasons -DARPA program manager, NSA? That said, he's a smart guy and at first glance the company looked interesting. Now, while I haven't taken the time yet to look at the patent application, just reading the whitepaper tells me a little about the product:
1. It's revolutionary (their words not mine.. I'll stop making fun of them now ok?)
2. It uses virtualized browsers
3. It captures everything that happens during utilization of the browser during an attack
4. It sends everything from the virtualized session to a database somewhere (local or, as it states, in the cloud -I'm guessing Invincea is offering a managed service as well as software?)
Virtualization seems to be a great buzzword for protecting from drive-by downloaded malware. I've seen a number of vendors (most of our favorites) pitch their wares on how good their product is in protecting from these threats. Some say the product can be reset at the close of each session (actually they all say that); some talk about how the virtual wall between the child and parent operating systems can't be broken (it's true, I've heard this before). Invincea however seems to be using a honeynet process in a virualized session. I like it. If you can't beat'em, set a smart trap for 'em. It seems to me, to be the best of both worlds -protection and collection; intel gain/loss (speaking in a purely network protective context of course!).
What's next? I'm really interested in seeing some reference customers posted on the site. I've seen presentations on the technology before it became Invincea. I had doubts at the time. It looked to me to be far to much overhead to be powered on an already overburdened laptop, but what the hell. If it works, it could be good!
Back to you Dr.~!