Trustar, a start-up headed by a former Bush Administration cyber-security advisor, announced Monday that it has raised $2 million from West Coast investors for a platform that allows companies to anonymously compare notes on cyber-threats.
Chief executive Paul Kurtz held senior positions on the Bush Administration’s National Security Council from late 1999 to 2004 and co-founder Dave Cullinane served as eBay’s chief information security officer for five and a half years.
The financial injection comes as several Washington-area start-ups are attracting investor interest. Tenable Network Security and Ironnet Cybersecurity, both based in Maryland, announced fund-raises of $250 million and $32.5 million respectively in the last few weeks.
Rather than try to spot hackers or keep them out, Trustar’s business hinges on getting companies to talk to one another.
“The problem is that every enterprise is getting hit and what they’re trying to do is secure themselves on an individual basis,” said Kurtz, “but at the end of the day they’re fighting a losing battle.”
Trustar’s system, which it calls “Connective Defense,” already has 12 Fortune-500 companies feeding information into the platform.
The young start-up has yet to charge clients, but the idea is that companies will use the service to share things like hackers’ IP addresses, which parts of the system are under attack, and how they’re being attacked, all in real time.
“We are the fabric that connects enterprises to begin to work together to solve problems,” Kurtz said.
Some companies are loath to talk about the data breaches they experience for fear of giving away information about their vulnerabilities or attracting bad press. But some industry experts say the scale and ubiquity of recent attacks is prompting more companies to work together.
Trustar is plugging into a broader set of efforts to create safe spaces for information security professionals to talk to one another. Last month the Senate passed a law that would give companies legal immunity for sharing data with the federal government. A crowded field of so-called threat intelligence companies like Chantilly-based iSight Partners sells information and analysis in the form of specialized reports and real-time feeds.
And numerous industry-specific Information Sharing and Analysis Centers already provide a forum for collaboration. Among the first was the Financial Services Information Sharing and Analysis Center, which was set up in 1999, and other industries are getting up to speed. Last May, a collection of retailers banded together to create the Retail Cyber Intelligence Sharing Center.
Even within the platform space, Trustar is not alone. Wendy Nather, research director at retail center, says she is aware of at least 10 companies that offer some form of automated cyber-security information-sharing platform.
Kurtz says the industry-by-industry approach isn’t enough because hackers tend to move from one industry to the next using the same type of attack. The company plans to make money by charging companies a fee for using the platform, with prices depending on the size of the enterprise. The latest investment round was led by Resolute Ventures, a California-based venture capital firm.