Cybersecurity startup Solebit Labs Ltd. has raised $11 million in funding after developing what it calls an evasion-proof approach to malware identification and prevention.

The Series A round was led by ClearSky Cyber Security, with participation from MassMutual Ventures and Glilot Capital Partners. Solebit said it’s planning to use the funding to accelerate the adoption and deployment of its SoleGATE security product, which specializes in preventing malicious code from executing itself to launch an attack.

In its pitch, Solebit explains that most malicious code enters corporate networks via the data streams of commonly used applications such as Microsoft Office and Adobe Acrobat. This code executes itself as soon as a user opens an infected application, before exploiting the apps’ vulnerabilities to start stealing data.

Traditional cybersecurity software tries to identify malicious code by analyzing and identifying suspicious behavior within software applications. But Solebit said this is often counter-productive because it requires actually opening the object to be analyzed in the exact target environment. In many cases, once that happens, previously unknown malware can execute itself immediately and evade detection.

Solebit reckons its SoleGATE platform is evasion-proof, however, because it doesn’t need to open or execute the files in order to identify malicious code hidden within them. Instead, it relies on what the company calls a “Data vs Code engine,” which can inspect data streams, files and objects as they enter the network without opening them beforehand.

The DvC engine works by scanning this data for hidden code instructions, encrypted and polymorphic payloads — those that continually change their features to evade detection — and other commands that could indicate malicious intent. If something suspicious is detected in a data stream, SoleGATE simply blocks its access to the network, placing it in quarantine for further analysis to confirm if it really is malicious code. As a result, there’s no way for the malicious code to “evade” detection because it never gets a chance to execute itself, the company said.

“Attackers still possess the edge, particularly in zero-day [new] attacks, despite considerable security investment,” said Boris Vaynberg, Solebit’s chief executive officer. “DvC assumes that there is no legitimate reason for executable code to be present in any data file.”

Image: geralt/Pixabay