Watching A Cyberattack Bloom: vArmour Visualizes The Data Breach

Financial firm Morgan Stanley is the latest big company forced to acknowledge a data breach, after finding to its horror early this month that the names and account numbers of thousands of its wealthy investment clients had been posted on the Internet. The New York firm follows entertainment giant Sony and a long list of other apparent cybercrime victims, whose vulnerability leaves other businesses wondering what bugs and cracks might lie undetected in their own computer systems.

Cybersecurity firms seem to be popping up like mushrooms to help companies protect themselves, and the Bay Area is a particularly rich patch. I’ve been checking in with a number of them to sample their various approaches to the problem.

Mountain View, CA-based vArmour‘s system has two distinct features: it tracks the proliferating harm within a data center once it has been penetrated by hackers, and it translates its findings into a kind of graphic dashboard where clients can virtually “see” the wreckage. (One of its displays is pictured above)

The company began building its weapons against hacker attacks and in-house data thieves back in 2011, when it was founded by network security veterans Roger Lian and Michael Shieh. It operated below the radar until late 2014, when vArmour announced it had a data center security system ready to serve clients, and had reaped a total of $42 million from investors including Highland Capital Partners, Menlo Ventures, Columbus Nova Technology Partners, Citi Ventures, Work-Bench Ventures, and Allegis Capital.

Despite the company name, which calls to mind a suit of armor shielding the body from being pierced by a lance, vArmour’s security protections are more akin to an immune system that battles the damage from within once a company data center has already been invaded, says CEO Tim Eades. It’s that spreading internal damage—as when a hacker tunnels through a computer system for months to find a trove of credit card numbers—that vArmour tries to thwart.

 Tim Eades

Tim Eades

An external shield alone doesn’t work any more to provide full protection from hacker attacks, says Eades, who compares traditional cybersecurity services to building castle walls with a moat around them to defend the perimeter. These days, a company’s data center isn’t confined to its own servers and computers, but extends globally to mobile devices and Web-based storage sites. Defending this sphere is like protecting “the air over the castle,” he says. Walls alone won’t do the job.

The security risk for businesses has also increased because they need to share their data with other entities that have their own system vulnerabilities, such as “suppliers, government regulators, and third-party financial advisors such as Morgan Stanley,” Eades says.

“We would argue that your data defines your perimeter,” Eades says. “It is wherever the data is.”

To chart the interior data traffic that could carry contagion throughout a company’s network, vArmour does repeated check-ups on “nodes” throughout the system, which include computers, applications, printers, and servers, Eades says. Through its analytics software, vArmour detects abnormal activity between these nodes. For example, a printer might start pumping information to a part of the network it hadn’t served before, he says.

Using an analogy to infectious disease control, Eades says vArmour moves to block malicious activity inside a network by putting the compromised printer or other node into a sort of technological “quarantine.”

And just as doctors use an MRI scan to visualize infections in the brain or nervous system, vArmour has a way of creating real-time images of the creeping blight that hackers can inflict. Using the methods of data visualization, the company converts its findings on the health or contamination of the network nodes into graphic displays where a trouble spot may stand out as a flaming red circle or another alarming symbol.

Once a compromised area is identified, vArmour investigates further, says director of product management Ryan Wager. By dissecting the communication patterns between two points, for example, the company might discover that a server containing confidential information has been “talking” to a shady device in an archaic computer language that has no encryption or authentication procedures. Wager says vArmour then follows the trail to find the other spots where that device has made contact with the network.

The stark visual displays help vArmour’s clients understand the findings as they plan a remediation campaign together, Wager says. But the visual dashboard also helps vArmour’s engineers to quickly identify the most important discoveries within reams of data in text form, he says.

The graphic display shown above reminded me of a petrie dish nurturing colonies of pathogenic bacteria. That’s intentional, says Wager. The designers in vArmour’s user experience unit chose data visualization formats that would evoke familiar images, thereby improving a viewer’s intuitive grasp of the meaning of the information presented, he says.

Eades declined to give details on the identities or numbers of clients vArmour has attracted since the recent debut of its security service, but he says the company has been focusing on banks, e-commerce outfits, and large service providers such as cell phone carriers. In late December, vArmour announced a distribution deal for its service with Tokyo-based Hitachi Solutions, and the company has been expanding sales efforts in both Europe and Japan. The staff count at vArmour has risen to about 100 employees, Eades says.

While Eades says vArmour offers next-generation protection for a much more complex data environment, he says the  system can integrate with the products of other companies, including traditional network security firms.

“We don’t replace the moat or the castle wall,” Eades says.

Trending on Xconomy