U.S. Markets closed

Intezer raises $15M for its DNA-style 'genetic' approach to identifying and tracking malware code

Ingrid Lunden
A person uses a laptop computer with illuminated English and Russian Cyrillic character keys in this arranged photograph in Moscow, Russia, on Thursday, March 14, 2019. Russian internet trolls appear to be shifting strategy in their efforts to disrupt the 2020 U.S. elections, promoting politically divisive messages through phony social media accounts instead of creating propaganda themselves, cybersecurity experts say. Photographer: Andrey Rudakov/Bloomberg via Getty Images

As the total cost of cybercrime reaches into trillions of dollars and continues to rise, an Israeli firm called Intezer -- which has built a way to analyse, identify and eradicate malware by way of an ordering system similar to what's used when mapping out DNA -- has raised $15 million to double down on growth.

The funding, a Series B, is being led by OpenView Partners, the VC with a focus on expansion rounds for enterprise software companies, with participation from previous investors Intel Capital (which led the Series A in 2017), Magma, Samsung NEXT, the United Services Automobile Association, and Alon Cohen, the founder and former CEO of CyberArk, who is also a co-founder of Intezer. The company is not disclosing its valuation, and it has raised a relatively modest $25 million to date.

Itai Tevet, Intezer's other co-founder and CEO who had previously run the Cyber Incident Response Team (CERT) in Israel's IDF, notes that the startup's customers include "Fortune 500 companies, late stage startups, and elite government agencies" (it doesn't disclose any specific names although it's notable to see the USAA as an investor here).

In an interview, he said Intezer will be using the funding both to expand that list -- through two products it currently offers, Intezer Protect and Intezer Analyze (which comes without remediation) -- and also to explore how to apply its model to other areas under threat from malicious cyberattacks not traditionally associated with malware.

"Because our technology deals with binary code in general, it’s applicable in many different ways," he said. "Since any digital device runs binary code (even drones, medical devices, smart phones, …), our technology has the potential to create a big impact in numerous aspects of cyber security to provide visibility, control and protection from any unauthorized and malicious code."

Intezer describes its technique as "genetic malware analysis", and the basic premise is that "all software, whether legitimate or malicious, is comprised of previously written code," Tevet said. (He said he first came up with this revelation at the IDF, where he was "dealing with the best cyber attackers in the world," later working with Cohen and a third co-founder, Roy Halevi, to perfect the idea.)

Intezer therefore has built software that can "map" out different malware, making connections by detecting code reuse and code similarities, which in turn can help it identify new threats, and help put a stop to them.

There is a reason why cybercriminals reuse code, and it has to do with economies of scale: they can reuse and work faster. Conversely, it also becomes "exponentially harder for them to launch a new attack campaign since they would need to start completely from scratch," Tevet notes.

While there are literally hundreds of startups now on the market building ways to identify, mitigate and remediate the effects of malware on systems, Intezer claims to stand apart from the pack.

"The vast majority of security systems in the market today detect threats by looking for anomalies and other indicators of compromise," usually using machine learning and AI, but Tevet adds that this "can be evaded by 'blending in' as normal activity." One consequence of that is that these methods also drown security teams with vague and false-positive alerts, he added. "On the other hand, Intezer doesn’t look for the symptoms of the attack, but can actually uncover the origins of the root cause of nearly all cyber attacks -- the code itself."

The startup's proof is in the pudding so to speak: it has scored some notable successes to date through its use. Intezer was the first to identify that WannaCry came out of North Korea; it built a code map that helped provide the links between the Democratic National Committee breach and Russian hackers; and most recently it identified a new malware family called "HiddenWasp" linked specifically to Linux systems.

Itai Tevet, the co-founder and CEO, says that "hands down," Linux-focused threats are the biggest issue of the moment.

"Everybody’s talking about cloud security but it is rarely discussed that Linux malware is a thing," he said in an interview. "Since the dawn of cloud and IoT, Linux has become the most common operating system and, in turn, the biggest prize for hackers." He added that in the more traditional enterprise landscape, "banking trojans such as Emotet and Trickbot remain the most common malware families seen in the wild."

“Itai, Roy and the team at Intezer possess a rare expertise in incident response, malware analysis, and reverse engineering having mitigated many nation-state sponsored threats in the past,” said Scott Maxwell, founder and managing partner of OpenView, in a statement. “The Genetic Malware Analysis technology they’ve developed represents the next-generation of cyber threat detection, classification, and remediation. We’re excited to support them as they build a category-defining company.”