Date: Jun 01, 2012 Author: Scott Kirsner Source: Boston Globe (
click here to go to the source)
Gita Srivastava, CEO of the information security startup Gigavation, has a pretty alarming sales pitch. She'll ask an IT executive to "bring in your most protected computer, and then we'll demonstrate how vulnerable that machine is to a USB drive or another peripheral plugged into the USB port. We show that you can use the USB port on any computer to compromise the entire network."
It's a scary scenario, and some companies, Srivastava tells me, try to deal with the vulnerability of USB ports by simply filling them with epoxy so users can't plug in anything, or trying to ban USB drives from corporate campuses.
Gigavation, co-founded by Srivastava and Charles Herder, another MIT alum, is working on a combination hardware/software product it calls the Gigashield, and targeting customers in defense, healthcare, and financial services. "For the first time, you can secure the USB port," Srivastava says. "It's a huge claim." They've been cultivating the company since 2008, relying mainly on funding from friends and family. (After MIT, Srivastava went on to earn a degree at Harvard Law School; Herder, the CTO, went to work at Texas Instruments.)
The Gigashield (a product rendering is at right) is a USB hub that has a software layer that guards against "data leaking out, or attacks coming in," Srivastava says. "As long as our product sits in between a computer and a USB device, communications in both directions is totally secure." The software is a collection of algorithms designed to detect things like complex attacks and device spoofing. What's that? "It's when you plug in a mouse, and it looks and feels like a mouse, but after a few months it sees a file it is looking for, and it can download it and send it somewhere else," Srivastava explains. "Any device connecting over USB can carry malicious code, so we treat every device as untrusted."
The company has a "black box" prototype version of the hub that it has been showing to prospective customers, helped along by new security threats like the Flame virus; the growing gray market for sales of sensitive corporate data; and the BYOD ("bring your own device") trend at many corporations, wherein employees are increasingly bringing in consumer electronics that they own (an iPad, for instance), and perhaps connecting them to company-owned computers.
Srivastava says Gigavation is adding technical and sales staff in Cambridge, and may seek venture capital soon. "We wanted to develop our technology and our customer relationships to a certain point before we did that," she says.