Security Startup TaaSERA Attempts Real-Time Malware Detection

By Robert Westervelt
January 28, 2013 5:56 PM ET

Page 2 of 2

TaaSERA will be one of a number of new security startups touting behavioral analysis and other methods as part of a proactive defense strategy next month at RSA Conference. Security experts say organizations may be able to employ offensive tactics against cybercriminals by using deception, phony environments and next-generation honeypotting. To be effective, enterprises need to detect malware quicker than ever before, said TaaSERA's Kumar, who believes his tool can help support the offensive approach by enabling incident response teams to quickly quarantine a potential threat, setting up a phony, virtual environment to study the malware and determine its purpose.

"This is positively proactive and could help my clients get a notch ahead," said Howard Johnson, president, TSCM Security Services, a Marlboro, Md.-based firm that specializes in computer security and counter surveillance technologies. The firm recently started testing the TaaSERA technology and Johnson said he believes it holds promise. "After it establishes a baseline for your network you can see abnormal activity in real-time."

TaaSERA has been compared to Milpitas, Calif.-based FireEye, Inc., led by former McAfee CEO Dave DeWalt, which does stateful inspection packet analysis to detect threats, rather than using signatures. Other companies, such as Palo Alto Networks and Damballa inspect traffic looking for abnormal behavior. TaaSERA, led by Scott Hartz, the former CEO of PwC Consulting, differentiates itself through its analysis engine, Kumar said. Rather than looking for traffic that doesn't fit a set profile, the analysis finds trends over time, reducing false positives, he said.

The company plans to sell its detection technology as a virtual appliance and is seeking early adopter customers in the financial industry, retail, energy and government and critical infrastructure facilities.

The TaaSERA Android mobile app and Windows endpoint technology looks for the target configuration on the device or PC that sets off the malware. It could be a keystroke, a combination of keystrokes or another activity, Kumar said. The system monitors user action, application action and system action to look for anything out of the ordinary.

"We're looking at the fuse that triggers the malware," Kumar said of the endpoint agents. "We cluster these actions, and [over a period of time], we see if this is a natural progression of events or not."

PUBLISHED JAN. 28, 2013

<< Previous | 1 | 2

To continue reading this article, please download the free CRN Tech News app for your iPad or Windows 8 device.

Related: Videos | Slide Shows | Comments

SHARE THIS ARTICLE

More Security

Comments by Vanilla

Recent Articles

	Head-To-Head: Symantec Vs. McAfee In Endpoint Protection McAfee and Symantec are archrivals with a firm grip on the North American security market. CRN pits both vendors' endpoint security products against each other and names a winner.
	The 8 Steps Behind The Massive $45M Cyber Bank Heist More than $45 million was stolen from banks in the U.S. and 19 other countries in a scheme that law enforcement is calling an international conspiracy to drain millions from bank accounts using stolen debit cards and PIN numbers. Here's how they did it.
	Name Of The Game: Top 10 States For Identity Theft A Federal Trade Commission report provides statistics on identity theft and fraud complaints in 2012. Learn which state has the dubious distinction of having the most victims.
	More Slide Shows