Infosec 2015 Technology originally developed to keep Chinese hackers from stealing SpaceX's secrets more than a decade ago has become the centrepiece of a browser isolation security startup.
Branden Spikes, the chief exec of Spikes Security, spent 15 years as the technological right hand of Elon Musk at startups including PayPal, Tesla and SpaceX.
After serving as chief of IT at PayPal, Spikes became the fourth employee at SpaceX, where he was tasked with building its corporate network, among other tasks as CIO.
Musk's instructions to Spikes when he started out in the job in 2002 were clear, Spikes told El Reg: "He said don't let China hack our stuff. I already knew the threat-scape pretty well from working at PayPal.”
Musk's advice came more than 10 years before the start of ongoing accusations that China hoovers up industrial secrets on an industrial scale using cyber-espionage tactics, with defence contractors and aerospace firms among the primary targets.
Spikes' start-up is seeking to commercialise a network security technology he developed during 10 years at SpaceX. The technology, dubbed AirGap, provides a barrier against malware which is deployed outside of the company firewall, creating isolated virtual machines for each web session. Isolating the browser on a specialised appliance outside the network defends against drive-by download attacks that exploit weak browser or plug-in security.
To access the web, users connect to the appliance, which processes web content, then transforms it into a benign, malware-free format and delivers it to the end user. There are limitations to this approach, chiefly in handling ActiveX, Silverlight and other Microsoft-based web technologies. The whole approach is designed to prevent web malware from infecting devices inside the network. AirGap is also designed to prevent outbound communication from existing malware.
Spikes explained that the startup’s technology was comparable with thin-client computing. He’d gone with developing this type of technology, rather than sandboxing, as a better approach to defending against drive-by downloads and other web-based hacking threats.
“Endpoint sandboxes offer only a false sense of security,” Spikes explained. “The technology is routinely defeated by either bugs in the OS or malware capable of breaking out of sandboxes.”
The Pwn2Own competition at Can Sec West proves the insecurity of sandboxes every year, according to Spikes.
The internet security expert-turned-entrepreneur was born in Silicon Valley. He moved back there from LA-based SpaceX after 10 years to found Spikes Security in 2012.
Spikes Security already works with high-profile organisations including the US Department of Homeland Security, Novartis, Boeing, Wells Fargo and Federal Deposit Insurance Corporation. Following its launch in Europe earlier this year, the three year-old firm is exhibiting at this year's Infosecurity Europe trade show. ®