Startup TrustPipe is announcing a security platform that categorizes network-based attacks and blocks them. The company claims that in two years of testing the software has never let attackers compromise the systems it has been protecting.
As it emerges from three years of stealth mode TrustPipe is announcing perhaps surprisingly that its first version, called Trust XP, is written specifically for Windows XP, an operating system Microsoft stopped supporting last spring.
But XP is still in use in countless devices particularly point-of-sale (POS) machines as well as millions of PCs around the world, especially in China. Trust XP has the potential to address security concerns about these systems and keep them in service longer.
The company has won the confidence of NCR, a major supplier of POS devices, which plans to offer Trust XP as a service.
These unsupported XP devices can benefit from TrustPipe because it will block attacks before they have the chance to carry out exploits against newly discovered vulnerabilities for which Microsoft will never issue patches, says TrustPoint co-founder and CEO Ridgely Evers.
He says the company will ship versions for other Windows OSs, Linux and Macs by the end of 2015.
The company's goal is to make TrustPipe available for any device phones, tablets, computers, industrial controls systems, light switches, thermostats, the entire Internet of Things.
This is possible in part because the entire body of expressions to identify all malicious events across all operating systems is just 1.5MB plus a 500kB engine to scan traffic, Evers says. By contrast, typical anti-virus signature libraries range from 50M to 350MB and TrustPipe claims that it defends against all known network attacks not just viruses.
Independent testing from West Coast Labs says it has been unable to break through TrustPipe defenses in two years of trying and has found no cases of the platform delivering false positives or false negatives. "We couldn't effectively compromise the endpoints behind the router that the [TrustPipe] engine was on via network attacks, which is something new for us," says West Coast Labs CEO Scott Markle.
The system consists of a server and a software agent that checks traffic to and from the host machines looking for markers that definitively identify malicious traffic and blocks it.
The server provides a management interface for the agents, receives traffic captures of new threats that are collected by the agents, writes markers for these threats and distributes the new markers to all the agents. Typically these updates are necessary once or twice a year, Evers says.
The servers are deployed within what the company calls a Trust Cloud, and that can be either public or private. NCR will run its own, and the one run by TrustPipe itself is based inside Amazon Web Services' cloud, he says. All Trust Clouds share markers for newly discovered attacks.
Sign up for CIO Asia eNewsletters.