RunSafe could eliminate an entire class of infrastructure malware attacks

RunSafe, a Mclean Virginia startup, got started doing research for DARPA on how to defend critical infrastructure. They built a commercial product based on that initial research that they claim eliminates an entire class of attacks. Today, the company released a product called Alkemist that enables customers to install the solution without help from RunSafe.

RunSafe co-founder and CEO Joe Saunders says that the product began with the DoD research and a simple premise: “If you assume hardware in the supply chain is compromised, can you still build trusted software on top of untrusted hardware. And so we came up with techniques that we have since greatly expanded to protect the software from compromise. We eliminate an entire class of attacks and greatly reduce the attack surface for software across critical infrastructure,” he told TechCrunch.

Saunders uses a data center cooling system as an example. If someone were able to control the cooling systems, they could cause the whole data center to overheat in order to shut it down. RunSafe is designed to prevent that from happening whether it’s a data center, a power plant or water works.

The way they do this is by hardening the software binary so malware and exploitations can’t find the tools they need to execute across the infrastructure. In the data center example, that means the attacker could find their way in, and attack a single machine, but couldn’t replicate the attack across multiple machines.

“They’re looking for functions and memory and different things that they can use in their exploitation. What we do is we make it very difficult for the attack tool to find that information, and without the ability to find the memory or the functions, they can’t execute their attack,” he said.

He says that they do this by making every instance “functionally identical but logically unique” by relocating where functions and memory exist at a low level in the software. “When an exploit is looking for memory or function to exploit the software product, it can’t locate them,” Saunders said. And that makes it practically impossible to move across the system, he explained.

He points out this is a far different approach from how most security vendors approach the problem. “Other solutions that are leveraging intrusion detection or monitoring or analytics are detecting when there’s a compromise, but they’re not solving the problem — you still can be breached and the exploit can still execute. We’re eliminating the exploit,” he said.

The company works with hardware manufacturers to install their solution at the factory before they get deployed, and with customers like data center operators to protect their critical infrastructure. Prior to the release of Alkemist, the installation required some hand-holding from RunSafe. With today’s release, the customer can install the product themselves and that could increase their customer base.

RunSafe launched at the end of 2015 and released the first version of the product last year. They currently count a dozen customers and are protecting hundreds of thousands machines across their customer base and expect to cross one million protected machines by the end of the year, according to Saunders.

The company has raised $2.4 million in seed investment.

Oracle open sources Graphpipe to standardize machine learning model deployment

Oracle, a company not exactly known for having the best relationship with the open source community, is releasing a new open source tool today called Graphpipe, which is designed to simplify and standardize the deployment of machine learning models.

The tool consists of a set of libraries and tools for following the standard.

Vish Abrams, whose background includes helping develop OpenStack at NASA and later helping launch Nebula, an OpenStack startup in 2011, is leading the project. He says as his team dug into the machine learning workflow, they found a gap. While teams spend lots of energy developing a machine learning model, it’s hard to actually deploy the model for customers to use. That’s where Graphpipe comes in.

He points out that it’s common with newer technologies like machine learning for people to get caught up in the hype. Even though the development process keeps improving, he says that people often don’t think about deployment.

“Graphpipe is what’s grown out of our attempt to really improve deployment stories for machine learning models, and to create an open standard around having a way of doing that to improve the space,” Abrams told TechCrunch.

As Oracle dug into this, they identified three main problems. For starters, there is no standard way to serve APIs, leaving you to use whatever your framework provides. Next, there is no standard deployment mechanism, which leaves developers to build custom ones every time. Finally, they found existing methods leave performance as an afterthought, which in machine learning could be a major problem.

“We created Graphpipe to solve these three challenges. It provides a standard, high-performance protocol for transmitting tensor data over the network, along with simple implementations of clients and servers that make deploying and querying machine learning models from any framework a breeze,” Abrams wrote in a blog post announcing the release of Graphpipe.

The company decided to make this a standard and to open source it to try and move machine learning model deployment forward. “Graphpipe sits on that intersection between solving a business problems and pushing the state of the art forward, and I think personally, the best way to do that is by have an open source approach. Often, if you’re trying to standardize something without going for the open source bits, what you end up with is a bunch of competing technologies,” he said.

Abrams acknowledged the tension that has existed between Oracle and the open source community over the years, but says they have been working to change the perception recently with contributions to Kubernetes and Oracle FN, their open source Serverless Functions Platform as examples. Ultimately he says, if the technology is interesting enough, people will give it a chance, regardless of who is putting it out there. And of course, once it’s out there, if a community builds around it, they will adapt and change it as open source projects tend to do. Abrams hopes that happens.

“We care more about the standard becoming quite broadly adopted, than we do about our particular implementation of it because that makes it easier for everyone. It’s really up to the community decide that this is valuable and interesting.” he said.

Graphpipe is available starting today on the Oracle GitHub Graphpipe page.

Twistlock snares $33 million Series C investment to secure cloud native environments

As the world shifts to a cloud native approach, the way you secure applications as they get deployed is changing too. Twistlock, a company built from the ground up to secure cloud native environments, announced a $33 million Series C round today led by Iconiq Capital.

Previous investors YL Ventures, TenEleven, Rally Ventures, Polaris Partners and Dell Technologies Capital also participated in the round. The company reports it has received a total of $63 million in venture investment to date.

Twistlock is solving a hard problem around securing containers and serverless, which are by their nature ephemeral. They can live for fractions of seconds making it hard track problems when they happen. According to company CEO and co-founder Ben Bernstein, his company came out of the gate building a security product designed to protect a cloud-native environment with the understanding that while containers and serverless computing may be ephemeral, they are still exploitable.

“It’s not about how long they live, but about the fact that the way they live is more predictable than a traditional computer, which could be running for a very long time and might have humans actually using it,” Bernstein said.

Screenshot: Twistlock

As companies move to a cloud native environment using Dockerized containers and managing them with Kubernetes and other tools, they create a highly automated system to deal with the deployment volume. While automation simplifies deployment, it can also leave companies vulnerable to host of issues. For example, if a malicious actor were to get control of the process via a code injection attack, they could cause a lot of problems without anyone knowing about it.

Twistlock is built to help prevent that, while also helping customers recognize when an exploit happens and performing forensic analysis to figure out how it happened.

It’s not a traditional Software as a Service as we’ve come to think of it. Instead, it is a service that gets installed on whatever public or private cloud that the customer is using. So far, they count just over 200 customers including Walgreens and Aetna and a slew of other companies you would definitely recognize, but they couldn’t name publicly.

The company, which was founded in 2015, is based in Portland, Oregon with their R&D arm in Israel. They currently have 80 employees. Bernstein said from a competitive standpoint, the traditional security vendors are having trouble reacting to cloud native, and while he sees some startups working at it, he believes his company has the most mature offering, at least for now.

“We don’t have a lot of competition right now, but as we start progressing we will see more,” he said. He plans to use the money they receive today to help expand their marketing and sales arm to continue growing their customer base, but also engineering to stay ahead of that competition as the cloud-native security market continues to develop.

Rising fuel prices push up UK inflation for first time in 2018

Higher costs at the pump add to squeeze on household incomes after months of falling wages growth

Higher fuel prices in July pushed up the rate of inflation for the first time this year to put an extra squeeze on household incomes following several months of falling wages growth.

The consumer prices index (CPI) rose at an annual rate of 2.5% last month after holding at 2.4% in the previous three months, following a steep rise in annual energy price growth from 8.7% in June to 9.3%.

Continue reading…

To fight the scourge of open offices, ROOM sells rooms

Noisy open offices don’t foster collaboration, they kill it, according to a Harvard study that found the less-private floor plan led to a 73 percent drop in face-to-face interaction between employees and a rise in emailing. The problem is plenty of young companies and big corporations have already bought into the open office fad. But a new startup called ROOM is building a prefabricated, self-assembled solution. It’s the IKEA of office phone booths.

The $3,495 ROOM One is a sound-proofed, ventilated, powered booth that can be built in new or existing offices to give employees a place to take a video call or get some uninterrupted time to focus on work. For comparison, ROOM co-founder Morten Meisner-Jensen says, “Most phone booths are $8,000 to $12,000. The cheapest competitor to us is $6,000 — almost twice as much.” Though booths start at $4,500 from TalkBox and $3,995 from Zenbooth, they tack on $1,250 and $1,650 for shipping, while ROOM ships for free. They’re all dividing the market of dividing offices.

The idea might seem simple, but the booths could save businesses a ton of money on lost productivity, recruitment and retention if it keeps employees from going crazy amidst sales call cacophony. Less than a year after launch, ROOM has hit a $10 million revenue run rate thanks to 200 clients ranging from startups to Salesforce, Nike, NASA and JP Morgan. That’s attracted a $2 million seed round from Slow Ventures that adds to angel funding from Flexport CEO Ryan Petersen. “I am really excited about it since it is probably the largest revenue-generating company Slow has seen at the time of our initial Seed stage investment,” says partner Kevin Colleran.

“It’s not called ROOM because we build rooms,” Meisner-Jensen tells me. “It’s called ROOM because we want to make room for people, make room for privacy and make room for a better work environment.”

Phone booths, not sweatboxes

You might be asking yourself, enterprising reader, why you couldn’t just go to Home Depot, buy some supplies and build your own in-office phone booth for way less than $3,500. Well, ROOM’s co-founders tried that. The result was… moist.

Meisner-Jensen has design experience from the Danish digital agency Revolt that he started before co-founding digital book service Mofibo and selling it to Storytel. “In my old job we had to go outside and take the call, and I’m from Copenhagen, so that’s a pretty cold experience half the year.” His co-founder Brian Chen started Y Combinator-backed smart suitcase company Bluesmart, where he was VP of operations. They figured they could attack the office layout issue with hammers and saws. I mean, they do look like superhero alter-egos.

Room co-founders (from left): Brian Chen and Morten Meisner-Jensen

“To combat the issues I myself would personally encounter with open offices, as well as colleagues, we tried to build a private ‘phone booth’ ourselves,” says Meisner-Jensen. “We didn’t quite understand the specifics of air ventilation or acoustics at the time, so the booth got quite warm — warm enough that we coined it ‘the sweatbox.’ ”

With ROOM, they got serious about the product. The 10-square-foot ROOM One booth ships flat and can be assembled in less than 30 minutes by two people with a hex wrench. All it needs is an outlet to power its light and ventilation fan. Each is built from 1088 recycled plastic bottles for noise cancelling, so you’re not supposed to hear anything from outside. The box is 100 percent recyclable, plus it can be torn down and rebuilt if your startup implodes and you’re being evicted from your office.

The ROOM One features a bar-height desk with outlets and a magnetic bulletin board behind it, though you’ll have to provide your own stool. It’s actually designed not to be so comfy that you end up napping inside, which doesn’t seem like it’d be a problem with this somewhat cramped spot. “To solve the problem with noise at scale you want to provide people with space to take a call but not camp out all day,” Meisner-Jensen notes.

Booths by Zenbooth, Cubicall and TalkBox (from left)

A place to get into flow

Couldn’t office managers just buy noise-cancelling headphones for everyone? “It feels claustrophobic to me,” he laughs, but then outlines why a new workplace trend requires more than headphones. “People are doing video calls and virtual meetings much, much more. You can’t have all these people walking by you and looking at your screen. [A booth is] also giving you your own space to do your own work, which I don’t think you’d get from a pair of Bose. I think it has to be a physical space.”

But with plenty of companies able to construct physical spaces, it will be a challenge for ROOM to convey the subtleties of its build quality that warrant its price. “The biggest risk for ROOM right now are copycats,” Meisner-Jensen admits. “Someone entering our space claiming to do what we’re doing better but cheaper.” Alternatively, ROOM could lock in customers by offering a range of office furniture products. The co-founder hinted at future products, saying ROOM is already receiving demand for bigger multi-person prefab conference rooms and creative room divider solutions.

The importance of privacy goes beyond improved productivity when workers are alone. If they’re exhausted from overstimulation in a chaotic open office, they’ll have less energy for purposeful collaboration when the time comes. The bustle could also make them reluctant to socialize in off-hours, which could lead them to burn out and change jobs faster. Tech companies in particular are in a constant war for talent, and ROOM Ones could be perceived as a bigger perk than free snacks or a ping-pong table that only makes the office louder.

“I don’t think the solution is to go back to a world of cubicles and corner offices,” Meisner-Jensen concludes. It could take another decade for office architects to correct the overenthusiasm for open offices despite the research suggesting their harm. For now, ROOM’s co-founder is concentrating on “solving the issue of noise at scale” by asking, “How do we make the current workspaces work in the best way possible?”

10 Wednesday AM Reads

My midweek morning train reads: • The evidence is in: Austerian economists got everything wrong. (TheWeek) • The hunt for the next Nostradamus (FT Alphaville) • We All Have It Now (Of Dollars And Data) see also The Trajectory of Great Ideas (Collaborative Fund) • Where even Walmart won’t go: how Dollar General took over rural America (The Guardian) • Is…

Read More

The post 10 Wednesday AM Reads appeared first on The Big Picture.