Update: The following post was published in February 2017. After an amazing and fruitful adventure at Minerva Labs, I've joined Axonius in June 2019.
As much as I look forward to change sometimes, I am often hesitant to forego the familiar despite recognizing the risks of becoming too comfortable in the same job. Fortunately, I've come across an opportunity to take on a new role that matches all three professional objectives I defined for myself:
- Contribute towards advancing the practice of information security.
- Grow commercial businesses whose value is tied to securing information.
- Help organizations in their fight against malicious software.
I'm joining a young anti-malware company Minerva Labs as VP of Products. I'm taking on this role not only because it'll allow me to curtail the effectiveness of malware on endpoints, but also because I love the character and ingenuity of the people that built Minerva. The position will allow me to continue teaching malware analysis at SANS Institute and maintain the REMnux toolkit, which is consistent with the above-mentioned objectives.
Why Minerva Labs?
Minerva's underlying technology is focused on controlling how malware perceives its reality. What if you could fool malware into thinking it's running in an analysis sandbox, causing it to stop executing to avoid revealing its true nature? What if you could make ransomware believe it's encrypting files while blocking the encryption and backing up the user's files? What if you could simulate the presence of infection markers that malware checks to avoid infecting the system twice?
I've written about similar ideas before (immunization, ransomware), yet dreaming up ideas is the easy part. The folks at Minerva actually managed to create products that make it feasible to employ such deception-based approaches in the real world. I'm joining them to continue evolving this platform and the technologies that could be built upon it.
I was also impressed by Minerva's attention to the practicality of deploying their products in production. Extremely lightweight agent; no reboots to install or upgrade; no irrelevant alerts. Strengthen the security architecture without expecting the enterprise to overhaul it. Not only work alongside existing anti-malware solutions, but also help them reach their full potential.
Oops, is this starting to sound like a sales pitch? Sorry, I felt inclined to explain my reasons and share my excitement about this step in my professional journey. It's kind of a big deal.
Getting to Know Minerva
By the way, Eddy Bobritsky, Minerva's CEO, recently participated in the Startup Security Weekly podcast. This interview, which you can watch below, explains Minerva's objectives and gives you a chance to hear from some of the people behind the company.
If you are working to better protect your organization's systems and have a wish-list for ideas you'd like to see in an anti-malware solution, let me know. What would you like to see in an innovative endpoint security product? What's your take on the way Minerva positions its approach? I'd love to hear your thoughts. Also, if you want to get to take a closer look at our products, I'll be glad to schedule a discussion and arrange a demo.