Software Company Helps to Protect Data From Human Error

Editor’s Note: Sponsored by Monday Properties and written by ARLnow.com, Startup Monday is a weekly column that profiles Arlington-based startups and their founders, plus other local technology happenings. The Ground Floor, Monday’s office space for young companies in Rosslyn, is now open. The Metro-accessible space features a 5,000-square-foot common area that includes a kitchen, lounge area, collaborative meeting spaces, and a stage for formal presentations.

An software company born out of an Arlington-based research lab says it has the solution for stopping certain types of large computer hacks, such as the recent federal Office of Personal Management hack.

Invincea helps prevent information leaks and hacks by protecting companies from human error.

Hackers commonly use “spear phishing,” which is when a hacker sends an email to an unsuspecting that appears to be from someone they know, with a link containing malicious code. The virus only enters the computer when the person who receives the email clicks on the link, said Invincea CEO Anup Ghosh.

“October is cybersecurity month. And you’ll see a lot of software companies telling their employees, ‘hey, don’t click on suspicious link.’ But the reality is employees will always click on links, they’ll always open attachment,” Ghosh said. “Not because they are bad, but because they don’t know.”

Invincea was born out of Ghosh’s first venture, a research and development company that later became Invincea Labs. Ghosh was working with the Defense Advanced Research Project Agency (DARPA) on the first company when he noticed that most computer attacks came in the forms of links in emails.

Ghosh built the software while he was a faculty member at George Mason University and started Invincea. The main company, Invincea, has its headquarters in Fairfax, while the original research and development company, Invincea Labs, operates out of Ballston.

The name Invincea came out of the software’s ability to stop threats that other antivirus programs do not, Ghosh said.

“I think it represents our core values in the product which is its meant to signal strength,” he said. “That our product can protect from any threat.”

Invincea works to protect data two different ways. The first is a preventative measure.

When an employee clicks on a link in a spear phishing email, Invincea’s software isolates the code and examines it in a virtual space. The software looks at the code to see if there is anything dangerous, and if there is, it destroys the virus, Ghosh said.

“When it comes to spear phishing, which is how they get on the network, security is depending on users,” he said. “They depend on user to not click the link, which we know does not happen.”

However, for many customers, the computers are already compromised by a virus when they hire Invincea.

“Once we identify a machine as compromised, we will quarantine that machine from the enterprise network,” Ghosh said.

By quarantining the computer, Invincea’s software prevents the virus from hopping to other computers on the network and accessing data, he said.

Invincea’s software can stop hacks like the OPM leak or the attack on Target, which leaked personal information from thousands of customers. Attacks like these happen all the time and in all types of sectors, including government and retail, Ghosh said.

“Every single day, Invincea stops sophisticated threats that most security networks don’t,” he said.