April 1, 2023

The Pentagon as Silicon Valley’s Incubator

In the last year, former Department of Defense and intelligence agency operatives have headed to Silicon Valley to create technology start-ups specializing in tools aimed at thwarting online threats. Frequent reports of cyberattacks have expanded the demand for security tools, in both the public and private sectors, and venture capital money has followed. In 2012, more than $1 billion in venture financing poured into security start-ups, more than double the amount in 2010, according to the National Venture Capital Association.

For years, the Pentagon has knocked on Silicon Valley’s door in search of programmers to work on its spying technologies. But these days, it’s the Pentagon that is being scouted for expertise. Entrepreneurs and venture capitalists are finding it valuable to have an insider’s perspective on the national security apparatus when trying to find or prevent computer vulnerabilities or mine large troves of data.

“They have unique insights because they’ve been on the front line,” said Matthew Howard, a former intelligence analyst in the Navy and now a managing partner at Norwest Venture Partners, referring to former military and intelligence operatives who have hatched start-ups. He has invested in several such companies. “Now they’ve got commercial desires. The lines are blurring.”

One of the start-ups is Synack, which promises to vet an army of hackers to hunt for security vulnerabilities in the computer systems of government agencies and private companies. The company’s co-founders, Jay Kaplan and Mark Kuhr, met in Fort Meade, Md., in the counterterrorism division of the National Security Agency. They left the agency in February after four years there, and later decamped to Silicon Valley. Within weeks, they had raised $1.5 million in seed money; they are now working with their first customers and pitching their experience in the spy agency.

“Doing things on a classified level really opens your eyes,” Mr. Kaplan said. “The government is doing a lot of interesting things they don’t disclose. You have a unique perspective on what the adversary is doing and the state of computer security at a whole other level.”

Security, another of the start-ups, was founded by Raj Shah, a former F-16 fighter pilot for the Air Force in Iraq. He described himself as “a policy adviser” to the N.S.A. before moving to Silicon Valley to establish the company this year with two former analysts. Morta’s work is in such “stealth mode,” in valley parlance, that the company has said nothing about what it is working on. Nor would Mr. Shah describe fully what his two co-founders were doing at the agency before they formed the company.

“There are very sophisticated threats that are able to steal data from corporations and government,” is all Mr. Shah would say. “Our guys’ background — they just have a deeper understanding of that problem.”

Though Silicon Valley sees itself as an industry far removed from the Beltway, the two power centers have had a longstanding symbiotic relationship. And some say the cozy personal connections of ex-intelligence operatives to the military could invite abuse, like the divulging of private information to former colleagues in the agencies.

“They have enormous opportunities to cash in on their Washington experience, sometimes in ways that fund further innovation and other times in ways that might be very troubling to many people,” said Marc Rotenberg, executive director at the Electronic Privacy Information Center in Washington. “Both sides like to maintain a myth of distant relations. The ties have been in place for a long time.”

The ties are more than personal; the National Security Agency is among the few organizations in the world, along with companies like Facebook and Google, with a cadre of engineers trained in mining big data.

By working at the N.S.A., “you get to be on the bleeding edge, not just the cutting edge of what’s possible,” said Oren Falkowitz, who left the agency last year to start Sqrrl, a big data analytics company based on technology developed at the agency. Mr. Falkowitz has since left Sqrrl, which is in Boston, and is considering moving to Northern California to start working with a big data company.

Last year, Sumit Agarwal left his post as a deputy assistant secretary of defense to join Shape Security, a Mountain View company that offers what it calls “military grade” security solutions against botnets, groups of infected computers used for attacks.

Article source: http://www.nytimes.com/2013/08/23/technology/the-pentagon-as-start-up-incubator.html?partner=rss&emc=rss

Antivirus Makers Work on Software to Catch Malware More Effectively

Consumers and businesses spend billions of dollars every year on antivirus software. But these programs rarely, if ever, block freshly minted computer viruses, experts say, because the virus creators move too quickly. That is prompting start-ups and other companies to get creative about new approaches to computer security.

“The bad guys are always trying to be a step ahead,” said Matthew D. Howard, a venture capitalist at Norwest Venture Partners who previously set up the security strategy at Cisco Systems. “And it doesn’t take a lot to be a step ahead.”

Computer viruses used to be the domain of digital mischief makers. But in the mid-2000s, when criminals discovered that malicious software could be profitable, the number of new viruses began to grow exponentially.

In 2000, there were fewer than a million new strains of malware, most of them the work of amateurs. By 2010, there were 49 million new strains, according to AV-Test, a German research institute that tests antivirus products.

The antivirus industry has grown as well, but experts say it is falling behind. By the time its products are able to block new viruses, it is often too late. The bad guys have already had their fun, siphoning out a company’s trade secrets, erasing data or emptying a consumer’s bank account.

A new study by Imperva, a data security firm in Redwood City, Calif., and students from the Technion-Israel Institute of Technology is the latest confirmation of this. Amichai Shulman, Imperva’s chief technology officer, and a group of researchers collected and analyzed 82 new computer viruses and put them up against more than 40 antivirus products, made by top companies like Microsoft, Symantec, McAfee and Kaspersky Lab. They found that the initial detection rate was less than 5 percent.

On average, it took almost a month for antivirus products to update their detection mechanisms and spot the new viruses. And two of the products with the best detection rates — Avast and Emsisoft — are available free; users are encouraged to pay for additional features. This despite the fact that consumers and businesses spent a combined $7.4 billion on antivirus software last year — nearly half of the $17.7 billion spent on security software in 2011, according to Gartner.

“Existing methodologies we’ve been protecting ourselves with have lost their efficacy,” said Ted Schlein, a security-focused investment partner at Kleiner Perkins Caufield Byers. “This study is just another indicator of that. But the whole concept of detecting what is bad is a broken concept.”

Part of the problem is that antivirus products are inherently reactive. Just as medical researchers have to study a virus before they can create a vaccine, antivirus makers must capture a computer virus, take it apart and identify its “signature” — unique signs in its code — before they can write a program that removes it.

That process can take as little as a few hours or as long as several years. In May, researchers at Kaspersky Lab discovered Flame, a complex piece of malware that had been stealing data from computers for an estimated five years.

Mikko H. Hypponen, chief researcher at F-Secure, called Flame “a spectacular failure” for the antivirus industry. “We really should have been able to do better,” he wrote in an essay for Wired.com after Flame’s discovery. “But we didn’t. We were out of our league in our own game.”

Symantec and McAfee, which built their businesses on antivirus products, have begun to acknowledge their limitations and to try new approaches. The word “antivirus” does not appear once on their home pages. Symantec rebranded its popular antivirus packages: its consumer product is now called Norton Internet Security, and its corporate offering is now Symantec Endpoint Protection.

“Nobody is saying antivirus is enough,” said Kevin Haley, Symantec’s director of security response. Mr. Haley said Symantec’s antivirus products included a handful of new technologies, like behavior-based blocking, which looks at some 30 characteristics of a file, including when it was created and where else it has been installed, before allowing it to run. “In over two-thirds of cases, malware is detected by one of these other technologies,” he said.

Article source: http://www.nytimes.com/2013/01/01/technology/antivirus-makers-work-on-software-to-catch-malware-more-effectively.html?partner=rss&emc=rss

DealBook: Sequoia Capital Said to Be Expanding to Brazil

Doug Leone, a partner with Sequoia Capital, is said to have been to Brazil in December 2010 to explore potential investments.Francis Specker/Bloomberg NewsDoug Leone, a partner with Sequoia Capital, is said to have been to Brazil in December 2010 to explore potential investments.

SAO PAULO, Brazil — Sequoia Capital is expanding to South America, becoming the latest Silicon Valley stalwart to tap into the region’s growing economy, according to two Brazilian investors with direct knowledge of the plans.

The venture capital firm plans to send one of its partners, David Velez, to Brazil in July to head up its regional office, likely in São Paulo. It is also seeking a research associate, said the investors, who asked to be anonymous because the plans were not finalized. Officials at Sequoia declined to comment.

The move has apparently been in the works for over a year. Doug Leone, a Sequoia partner, came to Brazil in December 2010, to look for potential investments and entrepreneurs looking to expand, according to the two investors. The firm hired Mr. Velez in 2011 to oversee South American investments.

Mr. Velez, a graduate of Stanford’s engineering school, had helped start General Atlantic’s Brazilian operations. Before that, he was an investment banker at Morgan Stanley in the financial sponsors group, based in New York.

Sequoia has not yet invested in any Brazil-based technology companies, but the country is an important market for two South American investments that the firm made late last year.

Its first investment in South America was a $10 million infusion to Scanntech, based in Montevideo, Uruguay. Sequoia was introduced to the company through Sergio Monsalve, a partner at Norwest Venture Partners.

Scanntech, started in 1991, makes technology to connect independent grocers and retailers with suppliers. Customers include Kraft, Coca-Cola, Scotiabank and Visa. The company had revenue last year of $18 million, which is projected to grow to $36 million this year.

Austral Capital, a venture capital firm based in Chile that had previously invested in Scanntech , also contributed $1.5 million in the recent round. Mr. Velez and Austral’s Felipe Camposano serve on Scanntech’s board.

Scanntech considers Brazil critical to its growth and is also looking to Asia, said one of Scanntech’s co-founders, Raúl Polakof.

Sequoia may seem an unlikely partner because it does not have deep expertise in Brazil. But Mr. Polakof said that the venture capital firm’s expansive reach made it appealing. “I want Scanntech to become a global company,” he said.

He also said that Sequoia would not invest less than $10 million, the total that Scanntech sought to raise, which prevented it from bringing on Brazilian firms as co-investors.
“For the next two years, I do not want to have to raise more capital,” Mr. Polakof said.

Sequoia’s second investment was in Despegar, an online travel company for the region based in Argentina and Brazil. Founded in 1999, the company’s majority shareholder is Tiger Global Management.

Despegar declined to comment on the investment, but Securities and Exchange Commission filings indicate that the company has raised a total of $50.85 million in recent months. Its investors include Sequoia and Accel Partners.

Article source: http://dealbook.nytimes.com/2012/05/23/sequoia-capital-said-to-be-expanding-to-brazil/?partner=rss&emc=rss