Area 1 Security, a two-year old Valley startup not yet out of stealth, just raised $8 million for a product that is meant to stop the most impossible hacker attacks, something called "social engineering."
Social engineering is basically lying to trick people into giving away their passwords or to visiting a malicious website. If hackers are trying to break into a specific network (a "targeted attack") they are going to lay traps that the target is likely to fall for.
This could be via email (known as "phishing"), malware-laced ads ("malvertising") or planting whole malware-laced websites that look authentic but aren't ("watering holes.")
It's very difficult to come up with a technology solution to protect against targeted social engineering because it manipulates human nature itself.
But after learning tricks from the NSA, Area 1's co-founders think they've got the solution. It's a cloud service that basically watches the whole Internet and can then detect when something fishy (phishy?) is going on at a particular company.
"The hardest thing a human can do [when hacking] is to pretend to be normal. There's all of these subtle behaviors when someone is being attacked, deviations when they go to banking sites, search the web," CEO Oren Falkowitz tells us.
Area 1 isn't the only security company working on this. FireEye made its name with a product that protects against a similar kind of targeted attacks. And the whole field of "anomaly detection" security is decades old.
But because Area 1 is watching the whole internet, not just looking at data inside the company, it thinks this service will perform better.
"We look outside of companies," to see where websites, emails, or ads are coming from and if they are behaving weird. If so, it can bl! ock them or take other actions, depending on how an IT department has the service set up.
The three founders met a few years ago during stints with the NSA.
"We've all gone on and done other things since our time there. We wanted to go after root cause of hacking, social engineering attacks. This would be the holy grail of solutions. When attackers can’t manipulate people, they can’t succeed in attacks," Falkowitz says.
This latest round was led by Ted Schlein at Kleiner Perkins, with total raised so far at $10.5 million. Other VCs include Allegis Capital, Cowboy Ventures, and Data Collective, plus angels like Shape Security CEO Derek Smith.