VMRay, RIPS Technologies and Rhebo: Young enterprises address the dangers of cybercrime
Start-ups

Start-ups

Cybersecurity

How start-ups address the dangers of cybercrime with expertise and creativity: We present VMRay, RIPS Technologies and Rhebo – three inventive IT security providers who received promotion from KfW.

VMRay, RIPS Technologies and Rhebo: Young enterprises address the dangers of cybercrime
The heavy price of digitalisation

Cybercrime results in EUR 55 billion in damages per year to the German economy alone.

Digital life has become very convenient: your calendar entry automatically finds its way from your PC to your mobile phone. You always have the music from your streaming service, no matter where you are. Your digital assistant orders a taxi or pizza or tells you the weather report for tomorrow. Even in factories, machines are constantly learning new things and can easily share measurements, sensor data and much more without the need for human intervention.

But convenience has its price. Every online device makes the network larger and more powerful, but also more vulnerable to abuse. For example, when your webcam connects with the Internet to send photos online from your office or living room, it isn't just the rightful owner who can see them: even hackers who manage to intercept the photos know right away; they can see if someone is at home and whether it would be worthwhile to break in. The same applies to offices and employee activities — information that can be of great value to competitors.

VMRay, RIPS Technologies and Rhebo: Young enterprises address the dangers of cybercrime
Creative defence

Anti-virus programmes alone are not sufficient to fight cybercrime.

In fact, the number of cyberattacks is increasing drastically every year. McAfee, a security solutions provider, registered nearly 700 million variations of malware worldwide in 2017 — 300 million more than in early 2016. Attacks on mobile devices (whether mobile phone, smartwatch or tablet) and the Internet of Things are growing at a particularly fast pace.

The ways hackers try to reach their targets change constantly. At the beginning of 2018, the main concern of many IT departments was still a ”ransomware“ attack: criminals infect selected computer systems with malware to encrypt data and then demand a ransom.

Last year, security service provider F-Secure recorded nearly 350 new software families of this type — four times as many as in 2016 — and major attacks, with code names like ”Wannacry“ and ”Petya“, made headlines worldwide for crippling millions of computers around the world, including Deutsche Bahn train displays and vital systems in British hospitals. Cybercrime results in EUR 55 billion in damages per year to the German economy alone according to the industry organisation Bitkom.

Successful defence requires constant new ways of thinking: if you don't want to become a victim, you have to be as creative as the attackers. Anti-virus programmes, for example, are useful for detecting malicious files flooding the Internet quickly — but when hackers come up with new ways to infect computers, they usually can do very little.

”The problem with anti-virus programmes is that, in most cases, they can only detect known malware,“ explains Carsten Willems, CEO and co-founder of VMRay. The Bochum-based IT security company helps companies to defend themselves against first-time threats. The VMRay software continuously monitors which files come in from the outside — for example as email attachments — and isolates suspicious candidates as a precaution until it is clear whether the intent is good or malicious.

VMRay Managing Director Carsten Willems on the balcony
Intelligent and creative

Carsten Willems and his company VMRay have invented the ”sandbox“, a clever computer system to eliminate malicious files.

To prevent infections, the files are run in quarantine conditions: on a computer system that has no connection to other computers in the company. In this ”sandbox“, even possible perpetrators of evil can frolic without actually causing damage. ”The sandbox lets the file do its job and meticulously records everything,“ Willems explains. After a short observation phase, the system decides which files are harmless and which have to be stopped. ”For example, a Word document that starts to encrypt the hard disk or tap the microphone when clicked would be dangerous,“ says Willems. ”This way the sandbox can detect if it is a malicious file, even if this attack is the first of its kind.“

More than four years after its formation, VMRay has around 60 customers, most from the USA and Germany. ”We are not the cheapest, but we have developed a unique technology,“ says the VMRay co-founder, explaining the success of his start-up, which now has 56 employees and tripled its sales in 2017. DAX corporations, government agencies and even secret services use the software from the German city of Bochum. Willems cannot name names because any indication of who is protecting themselves by what means could be exploited by potential attackers.

”The threat is intensifying,“ says the VMRay CEO. ”Everything is interconnected, critical infrastructure is linked to the network, so is the refrigerator, and almost every mobile phone today has GPS and a camera.“ Incentives to digitally spy on opponents are on the rise — in business as well as in politics. ”It's just worth it,“ says Willems. ”And it's not going to diminish.“

”What's often forgotten, are websites.“

Johannes Dahse, CEO RIPS-Technologies

The need for companies to protect themselves more effectively, on the other hand, creates new opportunities for entrepreneurs. Willems and his partner Ralf Hund quickly found investors when they decided to commercialise the findings of their research work at the University of Bochum. KfW invested in VMRay through the High-Tech Start-up Fund and through its stake in venture capital provider eCapital.

VMRay, RIPS Technologies and Rhebo: Young enterprises address the dangers of cybercrime
International and visionary

customers rely on the company's security checks — among them car manufacturers and government organisations.

The need for companies to protect themselves more effectively, on the other hand, creates new opportunities for entrepreneurs. Willems and his partner Ralf Hund quickly found investors when they decided to commercialise the findings of their research work at the University of Bochum. KfW invested in VMRay through the High-Tech Start-up Fund and through its stake in venture capital provider eCapital.

To ensure this goes well, websites contain functions in a complex code that regulates data exchange with the computers (known as servers). This is precisely where attackers see their opportunity. ”Almost everyone today is familiar with viruses, worms and Trojans,“ says Johannes Dahse, CEO of RIPS Technologies. ”What's often forgotten, are websites.“

His company specialises in checking the programme code line by line for vulnerabilities — completely automatically through software analysis. If the system finds possible points of attack, it alerts developers to the problem. ”We convert the programming code into a graph model and look for recurring patterns,“ explains Dahse. How are passwords entered? Do special characters cause problems for the system? Can user input be read or modified?

VMRay, RIPS Technologies and Rhebo: Young enterprises address the dangers of cybercrime
Detecting suspicious actions

Dr Frank Stummer (left) and Klaus Mochalski (right) are among the founders of Rhebo. The Leipzig-based security service provider concentrates on networked industrial plants and critical infrastructure and critical infrastructure.

Whether the vulnerability is exploited by hackers to steal credit card information or for bitcoin mining is ultimately irrelevant. "This does not change the concept of vulnerability," explains Dahse. ”Which is why we can automatically detect it.“

Using clever algorithms to discover unusual, possibly suspicious factors — this is also the working method behind the Leipzig-based security service provider Rhebo, which concentrates on networked industrial plants and critical infrastructure and thus became the state winner in Saxony at the KfW Entrepreneurs' Award 2016. Since municipal utilities and energy suppliers are also increasingly using digital systems, the security of system networks is becoming a top priority for operators, says Rhebo COO Kristin Preßler: ”We have developed a monitoring solution that checks the network control technology in real time for errors. This means that we can also be a solution for operators who have to prove that they handle the security of their networked systems in compliance with the IT Security Act.“ The venture capital investor eCapital, in which KfW has a stake, has also invested in Rhebo.

VMRay, RIPS Technologies and Rhebo: Young enterprises address the dangers of cybercrime
Award-winning

In 2016, Rhebo became the state winner in Saxony at the KfW Entrepreneurs' Award.

Like a good security guard who never gets tired, the Rhebo software continuously checks in real time whether all communication data shared in the network is in the realm of what is allowed. If a suspicious action — known as an anomaly — is detected, the Rhebo solution immediately sounds the alarm. ”Since we identify unknown events, we do not automatically block them. We assess the risk value of an anomaly for the system and report it to those responsible for detailed analysis,“ says Preßler — after all, changes can have very different causes. ”The system operator knows his systems best, can assess the anomaly and then respond accordingly.“

To use it, the software must first become familiar with its environment. During the short, automatic learning phase, the software recognises patterns in the data analysed, which then enables Rhebo to identify deviations from the standard.

This not only serves to ensure security but can also help to detect early on whether devices are at risk of failure. ”We are also a data provider for predictive maintenance,“ says Preßler. Rhebo therefore promises dual benefits to companies that rely on Industry 4.0: fewer losses from production facilities that unexpectedly come to a standstill due to defects and, at the same time, more protection against the consequences of cybercrime. Even when the attackers try to reach their targets in completely new ways. ”Since we only report events that deviate from the standard communication of a network,“ explains Preßler, ”our technology can also point to attack patterns that were unknown until that time.“ The human expert then needs to take a look; but at least he or she is warned in advance and has all the details available.

Published on KfW Stories: Tuesday, 9 October 2018

null

All United Nations member states adopted the 2030 Agenda in 2015. At its heart is a list of 17 goals for sustainable development, known as the Sustainable Development Goals (SDGs). Our world should become a place where people are able to live in peace with each other in ways that are ecologically compatible, socially just, and economically effective.

Many vulnerabilities of this kind can be identified in the software architecture of websites: ”We are looking for open doors and are investigating whether the opportunities for access can lead to security-critical breakdowns,“ says Dahse. Many international customers rely on RIPS Technologies' security checks — among them automakers and government organisations, but also the e-commerce specialist Magento, which now belongs to the American software giant Adobe, and the popular Joomla! CMS.

Financed by eCapital with KfW's participation, the company, which was founded in 2016, aims to grow rapidly and transfer its system, which is currently specialised in the PHP programming language, to other languages. Not an easy task: ”We are similar to a specialised translator,“ explains Dahse. In order to deliver the promised benefits, the RIPS software must understand the programme code in detail before it can detect vulnerabilities. Every nuance counts — just as it does when translating human language. ”When we try to translate a joke from different languages, the subtleties often get lost,“ says Dahse. ”And when it comes to security, subtleties are the crux of the matter.“