One of the greatest threats to personal and national security today is malware. It is estimated that nearly one million new malware threats are released each day, leading to annual costs of approximately $4.5 billion in the U.S. alone. SecondWrite, a startup company created by University of Maryland researchers, is working to alleviate threats to computer and software systems one type of malware at a time.
UMD Professor of Electrical and Computer Engineering Rajeev Barua, founder of SecondWrite, began researching malware detection in 2014 after realizing his work in program analysis could be applied to cybersecurity.
SecondWrite specializes in a certain kind of malware called evasive malware. Cybersecurity software typically detects malware using sandbox space detection, which runs malware in a protected environment in order to catch malicious behavior. However, evasive malware hides from detection by changing its behavior when it is in the sandbox versus when it is running in a live system. Dr. Barua’s software forces the evasive malware to behave as it would in a live system while it is in the sandbox, making it easier to detect and stop.
More and more sensitive information is generated and stored online every day, from banking information to social security information to details about national defense systems. As a result, malware continues to become a greater and more serious threat to the security of nations and their citizens.
“The United States is particularly vulnerable because it has modern infrastructure and information that is controlled by computers,” Barua noted. “Securing computers and infrastructure installations and protecting information, not just in the United States but worldwide, will become a bit easier with this technology.”
Many different kinds of malware exist, and current cybersecurity software, even from the largest and most advanced companies, does not have the capability to defend computer systems against evasive malware. Barua does not envision competing with large cybersecurity companies, but rather complementing them.
“In cybersecurity there is no single silver bullet. You can’t have one product that deals with all kinds of threats, so this will be a good complement to a security suite that an enterprise or a government can deploy,” said Barua.
Barua’s inspiration for the software came from his work with program analysis, but his inspiration for creating a startup company came from another source entirely. While completing his Ph.D. at MIT Barua’s advisors were, as he described them, “serial entrepreneurs,” who inspired him to one day create his own startup.
“I guess this was bound to happen at some point,” he said.
SecondWrite’s technology was licensed with the help of the Office of Technology Commercialization (OTC) within the Division of Research, which has licensed more than 900 technologies since its creation in 1986. Additionally, SecondWrite is a UMD incubator company through the Maryland Technology Enterprise Institute, or Mtech, which provides support and guidance for entrepreneurs at UMD, and is a member of the National Science Foundation’s Innovation Corps (I-Corps) program. SecondWrite has raised nearly $1.5 million from a variety of sources including the National Science Foundation’s Small Business Innovative Research (SBIR) program, Maryland’s Technology Development Corporation, and private donors.
“We owe a debt of gratitude to lots of people,” said Barua, naming Mtech’s Edmund Pendleton and Satish Tamboli; OTC Director Gayatri Varma; and the company’s board of trustees in particular.
SecondWrite is currently marketing its software to large, established cybersecurity companies with the hopes that the technology will be widely licensed and incorporated into well-known and commonly used malware detection suites. They plan to branch out and explore other kinds of advanced malware detection in the future as the company grows.
For more information, contact the Office of Technology Commercialization at the University of Maryland at: firstname.lastname@example.org
March 29, 2016