Bill Alderson is Founder and Chief Technology Officer of HOPZERO, an enterprise-focused internet security company based in Austin, Texas working out of IncubatorCTX. Firewalls focus on keeping things out; HOPZERO focuses on keeping your company’s data inside the organization. Kerry Keller, former CIO of US Strategic Command, calls HOPZERO “a game-changing way of turning the tables on would-be attackers.” To learn more, visit HOPZERO’s website, or read our previous blog post about HOPZERO.
In his leadership lunch webinar “Cybersecurity: Ask Me Anything (AMA)”, Bill goes into detail as he answers the viewer’s questions about data security:
- Say it has something like what you offer, then can they see who tried to come in and who didn’t get in? Do you have that?
Bill: Exactly. So our system puts things into two categories. Someone who’s attempting to get in, but your security stops them. And then those people who successfully get in behind the firewall and are communicating inside. So which one’s more important? The ones that are attempting on the outside to get in are not as important as the one who successfully gets in. So we categorize our functions so you know who has actually gotten in and who is merely attempting.
- And so what are you able to do for all these people working from home? Does it have to happen at the server or are you seeing individual solutions as well?
Bill: Yeah, it’s very easy. We put one of our devices, a virtual device, or in the cloud, and we simply listen only to the data portion or only to the header portion. We don’t listen to your data, we don’t take and … But we look at the addresses that help us know where your data is going, how much of it is going there, and who it’s going to so that you can then stop it with a firewall or stop it with some other method inside the VPN.
But if you don’t know where your data’s going, if all you have is these cryptic logs that they spit out of these products, those cryptic logs cost a lot of money to buy the software to decrypt those logs to understand them. A matter of fact, a product called Splunk is what is very popular. It’s a barn buster right now because everyone just sends all their logs from all their servers and routers and switches and firewalls over to Splunk because they don’t understand the logs that they are producing.
And so they are in compliance because they’ve sent the logs to Splunk. Well, now what a Splunk do with them? Well, they basically, what I call, boil the ocean, and a few weeks later they come back and they say, got really bad news for you. Three weeks ago, an interloper got in and took our entire database. Because what Splunk does is retrospective, it does things after. So what you need is a solution that allows you to look at and see who’s coming and going and then be able to stop them from attempting and making those types of attempts.
- So big businesses obviously are addressing this problem and having have been addressing this problem, but again, for small businesses, what should they be looking at if they want to do something like this to spend? You’d mentioned like 10% as a threshold before receives kind of high to me, but especially for a small business, what, what should they be thinking about in terms of budgeting for this type of thing?
Bill: Well, a small company, as I said, our solution at least starts at $18,000 a year, but you can go to companies called managed service providers who will provide this service for smaller companies and charge a smaller amount and they will come in and spot check your environment for much less. If you have your company grows and gets larger, it makes sense then to put the product on your own network so that you can then operate it or maybe have a third party operator who’s smarter than you, but you don’t want to hire a full time it guy. But you can use this third party to come in and help you when you have problems and to manage the service for you. So that’s what small companies are doing today. And managed service providers are becoming very popular. Cisco has over 10,000 managed service providers and several managed service providers are beginning to use the hop zero product. So it’s, it’s cheaper, it’s faster. You have an expert to take care of it for you. So smaller companies definitely even sometimes larger companies who don’t want to provide the service or don’t want to have their employees do it, can use a managed service provider to actually get the job done.
- If Splunk is retrospectively boiling the ocean, is there anything that can tell you what’s happening in real-time?
Bill: So that’s part of our messaging, is that Splunk, I think the minimum cost on a Splunk implementation is about $3 million for the software. And then to store all those logs for a year or two costs another $10 million. So most Splunk implementations are anywhere probably minimally at $5 million to $20, $25 million. That puts it out of the ability of even a medium-sized company of really effectively using a Splunk solution. So our product does the recording of all the sessions, which makes you compliant for having log every communication session. And so that’s what we’re hoping people will see, is not only do we stop you from getting compromised, we alarm on the attempt, but we record every session, making you compliant with HIPAA and other DOD requirements. So that’s for a small company, I can provide them with that capability for $18,000 that otherwise if you go into the enterprise market, you’re talking millions.
- What if the criminal doesn’t steal your data but actually locks the data so the company can’t use it, could HOPZERO prevent that from happening?
Bill: Yes. Here’s the issue. When a criminal comes in and takes over your computer, where is the data that the criminal is trying to encrypt or harm? Well, frankly, I’m sorry, we all think we’re really important but it’s not on your computer. The data that you store in the cloud, the data that you store in the company network or your network-attached storage server, that’s the data that the criminal wants to go and encrypt. A lot of times they do it a cheap and easy way. Instead of encrypting thousands of files and taking all that time it takes to encrypt the file, encrypt the file, encrypt the file, it takes … Have you ever downloaded or moved whole several gigs of files? It takes a long time.
Well, it takes that much time to encrypt those files. So the hacker will not encrypt the files. What they do is they encrypt the file structure, the place on the drive, the information about files one, two, three, four, or the latest quotation that you sent out that you’ve stored on a server. What they want to do is get access to that server that has all of those files on it and then they take and they try to encrypt the data structure of where the files are and what the files are named. And so, then when you go out to do file manager, all the names are Kanji or weird characters and you can’t understand it.
The goodness is, is that actually the data in those piles are still there. The problem is, is that you don’t know the names of them anymore. So it’s kind of hard to resolve that. So the very best thing that you can do is have offline copies as soon as possible. You can go to Costco and you can get a 10 gig file storage system. I happen to use a system, and I’ll just show you right here, this is a Synology unit and I have 12 gigabytes of storage. Here’s the trouble. If I don’t copy that off and then shut it off, then the hacker still has access to the very data that I’ve backed up. So you need to back it up and then unplug it, because if the hacker comes in and encrypts your data structure you still have the data and the data structure to rebuild your capability. So you have to really be careful.
Then, even if you’ve paid the ransom, the hacker’s still in there. What do you think? He’s some benevolent, wonderful Robin Hood kind of guy? When you pay him those Bitcoins, he’s still in your network. He’s still there, and then lots of times he wants to decrypt it and give you the password but, he may not even know. He made have encrypted it and lost the password himself, so when you pay a cybercriminal to decrypt or to help you, you’re really, really in serious danger. The reason why you get in that serious danger is that you don’t do backups. Now, it wouldn’t be so bad if I backed up my drive and sequestered it two weeks ago, because all I would lose is two weeks. But there are organizations, like the entire city of Baltimore, lost years of data. Can’t even charge somebody for garbage service pickup, lost all of it.
Why? Because they didn’t have simple offsite backups, everything was connected, so the hacker gets in, the criminal gets in and he encrypts and decrypts everything. That’s when you’re really in trouble. So the best thing that you can do is go buy a few of those little drives. Go down to Costco, they’re $89. They’re $89 that can absolutely change your life if you get compromised. You can buy three of them. One of them you put in monthly, one of them you put in weekly, one of them you put in daily. Now you have a daily, weekly, and monthly archive of your data, and it’s costing you $240. Now try to go get all that data restored and all the work that you did to put that data and the value of that data and the fines that you’re going to get for having lost that data. Now, $240 for three USB drives looks pretty cheap
- Does HOPZERO pinpoint the source of the attack better than prior methods or is it pretty much a mature technology already? I guess, basically, what’s new? What’s new with technology?
Bill: Yeah, well all of the older, even the brand new current technology, what they do is they use artificial intelligence. There’s a company, you can look them up, their name is Darktrace. They come in and they sniff the wire, very similar to the way that we do. They look at all the data. We don’t. We only look at where your data is going and then we make sure it’s not going to the wrong place and give you a tool to stop it from going there.
This company called Darktrace, a great company out of the UK, selling like hotcakes. Their solution is well over $50,000 to start and you can buy that thing and put it in and if they see something that you shouldn’t be connecting to. They’re pretty smart. They send what’s called a TCP reset out to disconnect it. 30 seconds later, it reconnects. Then they send another TCP reset.
Their way of mitigating the problem is to send all these resets and try to get it to block. Our method is different. It’s deterministic. If I have put protection on your server, it’s only going to travel this far so that if you have a hole in the firewall, that data can’t get out. That’s what’s new about our technology and the patent associated with it. That’s brand new. That delivers this new capability to the environment.
You know, until people start licensing our patent, we’re the only ones who have it. And we’re, by the way, very happy to start talking to people. But it was premature until we got the patent. We believe that we have the latest technology. Now the other thing is Darktrace, we got $4.1 million. Darktrace got $230 million. Well, they can fund marketing and sales. If you gave me $230 million, I could figure out a way to sell a lot of stuff.
It’s hard today to market. It’s hard to get the CIOs and the chief information security officers to even listen to you. Like I said unless you have tattooed on your forehead the name of a large company.
That’s why we are trying to partner with them to make their solution have our capability in the future and thereby make a lot more people safe. If we partner with them, we can implement that solution much faster than if we just try and build it out ourselves. But right now, that’s what we’re doing. We’re looking for proof of concepts and people who want us to even help them for free, to help them see where their data is traveling so that we can get that experience and then eventually have those use cases that expand into different markets.
Written by Hannah Watson
IncubatorCTX helps startups and early-stage companies grown and succeed. Our goal is to promote innovation and impact in Northwest Austin along the HWY 620 corridor. We are located on the campus of Concordia University Texas amidst 400 acres of Hill country preserve.
IncubatorCTX members have 24/7 access to vibrant co-working space alongside other entrepreneurs. IncubatorCTX is much more than a co-working space; our members also benefit from a network of mentors, entrepreneurial programming, classes, events, and access to faculty and student workers.
For more information or to become a member, please go to www.incubatorctx.com or to learn more about Concordia University Texas go to www.concordia.edu