Cryptonite, a network security startup, emerged today and released its flagship product.
The security platform, called CryptoniteNXT, is a network appliance with embedded software. It includes two technologies: the first uses microsegmention to stop east-west traffic, which makes it easier for ransomware to spread. The other prevents reconnaissance, in which an attacker gains information about network vulnerabilities.
Cryptonite wrote the code for both, and its platform is network infrastructure and device agnostic, said Michael Simon, president and CEO of Cryptonite. “Our product can sit on the network and make it look invisible,” he said. “If you have an IoT [Internet of Things] device that can get taken over by a DDoS [distributed denial of service] attack, we can make that device look invisible.”
In the ’90s, Simon also cofounded AIB Software, which was acquired by Platinum Technology (later bought by CA Technologies), and Localize, which was purchased by AOL.
Three years ago, Intelligent Automation Inc. (IAI), a Maryland defense contractor, approached Simon about spinning up a security technology that could make their network look invisible to hackers. “This formulated the start of Cryptonite,” which launched in 2015, Simon said. The CTO is Justin Yackoski, who was former lead researcher at IAI.
Initial funding came from the U.S. Department of Defense and Department of Homeland Security.
Over the past couple of years the startup has raised about $5 million from investors including Ron Gula, founder of Tenable; David Walker, founder of Pangia Technologies; Al Nardslico, founder of SMS; Abtin Buergari, co-founder of Model B; Don Rogers, cofounder of Shulman Rogers; and Leonard Haynes, cofounder of IAI.
Cryptonite Use Cases
While its security technology can protect any network, Simon said Cryptonite focuses on critical vulnerability use cases. These include power plants, industrial systems, health care medical devices, connected mobile, IoT devices, point of sale terminals, and other large enterprise environments with missing software updates and patches.
“We all hear about how companies aren’t updating their software in a timely fashion,” Simon said. “Hackers are getting to these vulnerabilities before companies do these updates.”
One Cryptonite manufacturing customer didn’t install a needed security update because they worried it would bring their core processes to a halt. “The average time it takes for a customer to do one of these security updates is 176 days, so for 176 days they are vulnerable to attacks,” Simon said. “At the same time, the network might have thousands of these patches they need to do and they are all vulnerable to hackers. By installing our product and not having these vulnerabilities visible, it gives the manufactures a lot more time to test these updates before they are installed.”
Its product can improve both wired and wireless security, Simon said, adding that the startup will announce technology partnerships with a “major player in the mobile networking space and one in the next-generation firewall space” in the next few weeks.
But the security startup space is a crowded field. New companies seem to be emerging — and compete for investors’ dollars — nearly every day. They also face stiff competition from big guns like McAfee, Cisco, Juniper Networks, and IBM Security.
CryptoniteNXT competes against TrustSec, Cisco’s software-defined segmentation product. But Cryptonite’s advantage is that it’s not network specific, Simon said. TrustSec “is a Cisco-centric product. Our product is both device and architecturally independent, and doesn’t care about what switch you have. On top of that, Cisco’s does not have the capabilities to stop reconnaissance where we do.”
This technology, he said, competes against Morphisec endpoint security.