7 Startups Working to Secure Communications
Cybersecurity continues to be a hot topic, and we’ve talked about some of the biggest players out there along with startups that are targeting niche applications like mobile and IoT. In its most basic form however, cybersecurity needs to provide a method for one or more parties to send messages and communicate securely. You probably think about this every time you email sensitive information using your personal email or work email. The ultimate path towards secure communications is quantum encryption. We talked about this in our article on defining quantum everything and it’s frankly kind of weird. With quantum encryption, if a third party actually looks at the photon keys used for encryption while they are being transmitted, they will change and then the receiving party knows there has been a security breach. Of course, this futuristic tech is still a long ways away.
With the recent news that China has set up its first quantum computing network for government officials to communicate securely, we thought it’d be a good time to revisit what’s happening with other companies in the field of secure communications aside from the 5 Quantum Cryptography and Quantum Encryption Companies we covered last year. With the digital defenses of virtually every company under attack, the need to lock down internal communications and data is somewhat dire. There are a wide variety of innovative proprietary solutions on the market—and a substantial amount of investment to boot.
Encrypting Your Device
One of the most talked about companies in the field of secure communications is Wickr, a messaging app that provides a free and easy way for anyone to send encrypted messages with no trace. Founded in 2011 in San Francisco, the company has $73 million in funding, most notably from Erik Prince, the controversial founder of Blackwater. Wickr’s protocol for ‘ephemeral’ messaging, or messages that disappear after a certain time, encrypts them directly on the device, each with its own random key. The only people who can read said messages are the intended recipients—not even Wickr can access. The platform supports one-to-one chat messaging, group messaging, voice calls, and even file transfers:
The company claims that breaking just one of its keys would take a trillion years. Prominent users of Wickr include the Democratic Congressional Campaign Committee, Australian Prime Minister Malcolm Turnbull, and the House Majority PAC.
Another startup employing device encryption is Virtru, a D.C.-based company with $35 million in funding from Bessemer and Soros Fund, among others. Founded in 2011, Virtru has the ability to plug into existing platforms such as Google, Outlook, and iMail, a differentiator that could give it an edge over others in this space. It’s basically “encryption-as-a-service” and it allows full control over message and files allowing authorized parties to receive and decrypt protected content without installing Virtru’s software.
The user has more control with Virtru, with the ability to choose expiration dates and manage and revoke access even after content is shared, from either desktop or mobile. The technology is so easy to use that one digital agency who deployed it had two questions from the 70 employees who first tried it—and those were questioning if it was as easy as it seemed.
Sometimes passwords are just too tough to hack, and the best way to get them is by just tricking someone into handing them over by using methods like this:
In the above example, the sender of the email is trying to trick someone into giving up their credentials. That’s called “phishing”, and it’s a massive problem in email security, be it the spreading of malware (software that sits on your computer looking for sensitive information) or attempts to extract sensitive information using methods like the above example. Symantec found that one of every 131 emails contained malware in 2016, the highest rate in five years. Here are three startups working on the phish problem.
PhishMe, specializing in phishing threat management, has $58 million in funding, from Bessemer and Paladin among others. Based in Leesburg, VA and founded in 2011, PhishMe has developed a platform that
makes the employees do all the work empowers employees, turning them into an active line of defense against breaches. In direct contrast to another company in this space (KnowBe4, which treats its employees as threats to be trained), PhishMe believes employees should be held responsible for their own behavior and trains them to recognize and report threats by actually sending them real phishing emails as practice. When an actual incident takes place, this then triggers incident response teams to analyze and respond accordingly. A defense and aerospace company implemented PhishMe Simulator, to help employees recognize threats, and PhishMe Reporter, to analyze data internally. The company now boasts a phishing susceptibility rate of less than 2%.
Founded in 2009, Sillicon Valley startup Agari has taken in $44.7 million to develop their “Email Trust Platform” which combines a global email telemetry network with the company’s predictive “Trust Analytics” giving them visibility into more than 10 billion email messages per day across three billion mailboxes. With such a large set of communications data, the system can determine the true sender of emails. This platform underlies the company’s “Enterprise Protect” product, which protects companies from advanced spear phishing, and “Customer Protect”, protecting consumers from email attacks that spoof enterprise brands. The company boasts Aetna, Informatica, and the US Postal Service as customers and counts Dell as an investor.
GreatHorn, based in Belmont, MA and funded with $8.83 million, is a newer entrant in the market, founded just several years ago. With your average organization spending 300+ hours a week reviewing phishing threats, GreatHorn believes that technology, in particular machine learning, is the answer to identifying phishing threats before they actually make it to employees. Their technology platform enables security teams to respond to phishing attacks while working seamlessly with a company’s legacy tools.
The cloud-based platform integrates into G Suite, Office 365, Slack, and more, analyzing millions of emails weekly, remediating threats, and then uploading that resulting intelligence back into its cloud to further increase protection and get better at detecting threats over time.
When it comes to multinational companies, ‘communications’ extend further than just email and text. A couple of companies worth noting are tackling the problem from 50,000 feet.
Ionic Security is something of a behemoth for a company so young, with $122.4 million in funding from Amazon, Google, Goldman Sachs, and Kleiner Perkins. It was originally founded, in 2011 in Atlanta, as “a kind of anti-Facebook,” and has since doubled in size and counts two million+ users in banking, retail, government, and more. Ionic’s cloud services protect data anywhere it travels, no matter the device, whether on-premise or in the cloud, unstructured or structured. Its Email Protect solution, developed in partnership with TITUS Inc., lets customers classify and automatically protect Microsoft Outlook emails via an integrated plugin. Amazon Web Services has integrated Ionic Security solutions into their cloud offering so it’s only a matter of time before we’re all using it.
Founded in 2001, Virginia startup GigaTrust has taken in $46.17 million in funding to provide email security and document protection for Windows, iOS, and Android devices. Their secure cloud-based content collaboration service protects native Microsoft Office documents, PDFs, and emails – at rest, in transit, and in use – by applying and enforcing security permissions throughout the entire lifecycle. According to GigaTrust, “over 100 million healthcare records from more than 8,000 devices in more than 100 countries were compromised in 2015”. Healthcare records aren’t the only extremely sensitive information the company is helping to secure. Gigatrust recently partnered with Forcepoint, ICM, and Raytheon to deliver a security compliance platform for all U.S. Department of Defense suppliers in order to provide compliance for new security mandates.
Major cyber attacks seem to now hit on a weekly basis. Just in the past day, Deloitte announced an attack that revealed confidential emails of some of its biggest clients—and much like the Equifax hit, an attack that went on for months before someone noticed. Securing our digital communications is of vital importance to everyone on the planet, and now we know of at least 7 ways we can work towards making secure communications a reality.