The immense growth of information technology over the past few decades has necessitated the development of various tools which work to protect critical information from falling into unauthorized hands. A cybersecurity market report released this March by Zion Market Research predicts the global market for cybersecurity products and solutions will increase by a compound annual growth rate (CAGR) of 9.5 percent between 2016 and 2021. Between 2015 and 2021, global revenues for this market are expected to rise from $105.45 billion up to $181.77 billion.
One firm working to get itself well-situated to capture a valuable sector of this market is U.S.tech firm SafeBreach, which recently announced the issuance of three U.S. patents in the field of breach and attack simulation. This news follows weeks after SafeBreach closed a $15 million series B round of funding involving backing from major payment solutions firm PayPal. SafeBreach patents include:
- U.S. Patent No. 9892260, titled System and Method for Creating and Executing Breach Scenarios Utilizing Virtualized Elements. It discloses a computing system for analyzing potential breach points utilizing instructions executed by a processor to parse a breach scenario file. This patent covers the format, process and user experience for designing, mapping and applying breach and attack scenarios to specific environments.
- U.S. Patent No. 9710653, titled System and Method for Verifying Malicious Actions by Utilizing Virtualized Elements. It claims a networked system of hardware components configured with computer program code for verifying breach vulnerabilities within the networked system through parsing, targeting and coordination of breach scenario elements to avoid false positives in breach testing.
- U.S. Patent No. 9473522, titled System and Method for Securing a Computer System Against Malicious Actions by Utilizing Virtualized Elements. It covers a system for protecting a target computer system which includes methods of simulating malicious activity, determining whether that malicious activity was successful and providing remediation feedback based on breach simulation results.
According to the company’s recent news release, SafeBreach is the first company operating within the breach and attack simulation market to be awarded patents covering its technologies. According to Itzik Kotler, SafeBreach co-founder and CTO and the lead inventor listed on the SafeBreach patents, this particular sector is very valuable given the need that most companies have to remain proactive in defending against malware and other cyber threats. “Today, the person in charge of information security for a company knows that they need to stay ahead of threats and adversaries; the challenge is the list of adversaries is growing,” Kotler said. “Companies can now be targeted by nation-states like North Korea, cybercriminals operating in China or Russia or simply a curious teenager that downloads a hacking tool. The SafeBreach philosophy is, in order to defend your capital, you need to know how it can be attacked in the first place. Our software executes thousands of attack scenarios to reveal problems ahead of time, and advises you how to fix them, typically by optimizing the security tools and investment that are already in place.”
According to Kotler, SafeBreach’s major customer base consists of companies which are actively investing in security technologies and have already bought security control and not so much smaller companies which don’t have firewalls or other basic security measures in place. “The question we’re trying to help customers answer is how to improve their return on investment,” Kotler said. “How can they increase that return through their existing spend or what can they change in their security operations center to help them better detect threats in their information technology system.”
Kotler acknowledges that SafeBreach has competitors but he notes that the company is offering a major advance in automating work which has typically been performed by human consultants. “Our competitive advantage is in the fact that you can buy our software once instead of having to hire a consultant multiple times,” said Kotler, who himself used to work as a security consultant. “The problem with using consultants to validate security is that they can only provide a point-in-time approach, with a constrained set of test requirements. For example, a company would pay me to come in and tell me their specifications, then we’d agree on the rules of engagement. Once my pen-testing project was complete, the findings were only valid until any changes were made. After those changes, there would be additional charges for new tests. I was engaged in that process for years, and realized the need for a consistent, automated way to actually validate security, not just once per quarter, but on a continuous basis. That was the genesis for developing this technology.”
Aside from the technologies patented by SafeBreach, the company also offers their Hacker’s Playbook™ which Kotler considers to be part of the SafeBreach intellectual property portfolio. “We provide content to customers on a weekly basis to simulate hacker techniques and narrow down to a binary ‘yes’ or ‘no’ whether a hacker can do A, B or C,” Kotler said. “We also augment this playbook with top attacks in the headlines like WannaCry, Meltdown, and US-CERT Alerts to enable our customers to proactively address security issues.”
Of course, given that SafeBreach software technology automates work previously performed by human consultants, there would seem to be some question of the validity of the company’s patents in light of the U.S. Supreme Court’s 2014 decision in Alice Corp. v. CLS Bank International, a decision which has greatly hindered the patent-eligibility of software inventions. Seth Ostrow, patent counsel for SafeBreach and chair of the patent group at Meister Seelig & Fein, offered the following statement on the patent-eligibility of SafeBreach’s technologies:
“SafeBreach has little concern about the impacts of the Alice standard on its patents. SafeBreach’s patents were filed and prosecuted through the U.S. Patent Office after the Supreme Court’s 2014 Alice decision. The new patentability subject matter standards which resulted from that decision were thus considered by the Patent Office as part of its rigorous examination process. In one instance, the examiner raised concerns under Alice and those were resolved through claim amendments and explanations. Ultimately, SafeBreach’s patents cover its groundbreaking technical solutions on system security which improve the workings of the system and thus clearly qualify as patentable subject matter under the new Alice standards.”