Security attacks today, unlike in the past, tend to focus on businesses rather than consumers—and hackers have realized that the most vulnerable point of attack is the one item that people now have with them virtually 24/7: their smartphones. In addition to downloading malicious apps, a common scenario is when someone logs into a hotel or airport Wi-Fi network, s/he usually gets a prompt asking if they want to continue or stop – 92% of the time people choose to continue. Doing so sometimes leads to them connecting to a rogue network, where their passwords are hacked, sensitive information is stolen, and a host of other unpleasant consequences.
As enterprises have come to widely embrace the practice of BYOD (bring your own device), for the gains in productivity that it results in, they’ve also opened themselves up to maliciously creative attacks on their systems—unauthorized WiFi connections, malware, content manipulation, and more means of mischief being invented every day. At Foundation Capital, we knew there was a huge opportunity for an innovative mobile security solution. Which is why we’re proud to announce that we’re leading the Series B round of funding for Skycure.
Skycure offers the most compelling and comprehensive forms of protection in enterprise mobile security. The products they’ve built—broad, multilayered defenses—are the best in the market. They’ve grown at an impressive pace adding multiple Fortune 500 customers to its roster and increasing existing customer investment and use cases. Since Skycure’s series A funding in March 2015, the company has expanded the number of devices and active users under Skycure protection by more than 400 percent. The Skycure Mobile Threat Defense platform has performed more than 150 million network tests and detected tens of thousands of malware installations, including repackaged versions of the latest mobile game sensation, Pokémon Go. They are poised to be the number one company in the space.
Moreover, we were extremely impressed with Skycure’s founding team. Adi Sharabani and Yair Amit, Skycure’s CEO and CTO, respectively, bring to the table years of experience and deep technical expertise in enterprise software and mobile security, along with a record of building successful businesses. But rather than continue to just heap praise and high-fives, I thought it might be more interesting if we asked Adi some questions and let him enlighten us about mobile security and Skycure.
Let’s start with the most basic questions, Adi: Why should businesses be concerned about mobile security? And what are some of the greatest mobile security threats to enterprises?
Mobility has become a huge productivity, and often competitive, advantage for businesses. This means that a lot of sensitive business information is passing through, and being accessed from, mobile devices. Without effective mobile security, all of that information may be exposed for spying, theft and manipulation. The scary trend for enterprises is that malicious hackers have recently been shifting their tactics from broad-based, spam-type attacks to more sophisticated attacks that target specific companies, and even specific individuals within companies that have access to high-value information and are more likely to pay off, either in the value of the information itself or as a target for ransom. We publish a quarterly Mobile Threat Intelligence Report that does a great job of exposing the scope and danger of these threats. Organizations need to understand that mobile devices are the best surveillance and infiltration tools ever created because they have cameras and microphones, GPS and access to all of their corporate information – and they are always on.
Now that you’ve sufficiently frightened everyone, can you tell us what kind of protection Skycure offers against these threats?
The first thing to understand is that there are multiple ways for hackers to attack these devices – malicious apps, network-based attacks, OS and app vulnerability exploits, and physical attacks – and any one of them, if successful, could be devastating to an organization. This is why we feel it is very important for our solution to defend against all of these threat vectors, which no other solution does. I’ll give an example of a very recent success: Within 48 hours of the release of the new Pokémon Go app, Skycure started detecting repackaged app versions that contained malicious code. While most mobile security tools rely on signature databases to identify malware and would miss this new threat, Skycure has patent pending technology that identifies repackaged apps the very first time they appear.
How does Skycure stand out from its competitors in mobile security?
In addition to providing the broadest scope of protection, as described above, Skycure has a depth of intelligence that is unparalleled. Most mobile threat defense products rely primarily on either the mobile device or a server for data and analysis. The Skycure solution offers a superset of those approaches and also adds massive crowd-sourced threat intelligence collected from every Skycure mobile app around the world. With access to such huge amounts of data, Skycure’s reputation engines can evaluate and correlate many factors to determine quickly and with great accuracy whether an app is legitimate or malicious, or whether a network someone is trying to connect to is safe or suspicious. The scale of this data is partly a byproduct of having a public app that is free for individuals and easy to install and use. Individuals and our enterprise customers all benefit from this approach. This is very similar to the department of homeland security slogan – “See Something, Say Something” to make sure everyone benefits from it.
How do you address user concerns about privacy?
I just mentioned that the Skycure app is publicly available, and privacy is just one of the many inherent advantages to this approach. To distribute an app through the public app stores, we must to adhere to the strict sandboxing rules that prevent one app from seeing what another app is doing or observing communications from the device. With this strategy, we could not violate privacy even if we wanted to. This is not true for most of the other vendors who have created private apps that must be deployed internally through EMM/MDM tools.
Why did you choose Foundation Capital as your partner on this journey?
The reason is twofold. First, Foundation Capital has been one of the leaders in mobile IT and security investing. Your previous involvement as an investor in companies such as MobileIron, Confer, and Cyphort was very appealing to us. You represent the third EMM vendor now present on our board, joining Jayaram Bhat, former CEO of Zenprise (now Citrix) and Peter McKay, formerly of VMware AirWatch. This board presence complements our partnerships with all three EMM leaders to address the mobile threat gap in securing enterprise mobile devices. Second, Skycure is at a point where our sales and our customer base are growing dramatically, and this is an opportunity to work with you and benefit from your industry-leading experience scaling sales from early stages all the way to IPO.
Do you have any tips for everyday consumers on safeguarding their smartphones from being hacked?
My first recommendation is to install a free version of Skycure. But more generally, I have 3 specific suggestions:
1. Always download new apps from the primary app stores – that’s either the Google Play store or Apple’s App Store. We reported in our latest Mobile Threat Intelligence Report that third party app stores can be up to 72 times more likely to have malware.
2. Never join free public Wi-Fi networks if you can avoid it. Our recent Threat Report on Most Risky Tourist Destinations for Mobile Devices found that 8% of all the malicious WiFi networks had the word “Free” in them. If you must use free Wi-Fi, avoid doing business while connected.
3. Always update to the latest version of your mobile operating system as soon as possible. Every new OS version contains multiple patches to security holes in the previous versions. Hackers take advantage of the fact that people do not do this, leaving many users vulnerable to well-known vulnerabilities.
Thank you, Adi. And from all of us at Foundation Capital: Congratulations and welcome to the FC family!
For the other side of the story, here’s Adi interviewing Paul about why Foundation invested in Skycure.