Can three ex-NSA snoops stop the worst hacks before they start?

December 10, 2014, 8:41 PM UTC
Handcuffs in binary pattern
Handcuffs in binary pattern
Photograph by Patrick George—Getty Images/Ikon Images

An e-mail arrives in your inbox: relevant, knowingly addressed to you, hardly suspicious. The note requests that you open a link or download, innocuously, a file—huh, intriguing; let’s just see. One click and it’s all over.

Most companies suffering major recent data breaches—Target, Home Depot, J.P. Morgan and other banks, even Sony Pictures—have been felled by so-called advanced persistent threats, a virulent kind of cyber attack that works by infiltrating a computer network, insidiously lingering and, in time, extracting information. These hacks mostly start the same way: with a targeted message, historically e-mail, and an unwitting employee.

More than nine in 10 APTs begin with so-called spear phishing emails, according to a 2012 study by cyber security firm Trend Micro. In other words, the overwhelming majority of such breaches occur because someone accidentally led a malevolent intruder through the front door. (Wait…you say you’re from which utility again?)

What if companies could nip this problem in the bud, long before it snowballs into a costly nightmare? That’s the question three alumni of the National Security Agency—Oren Falkowitz, Blake Darche, and Phil Syme—are trying to answer with their company Area 1 Security, founded last year in Menlo Park, Calif.

“If you look at the world of cyber attacks taking place today, there’s usually one thing quite common across all of them, which is how they get almost always start in some socially engineered manner, usually in a phishing attack,” says Ted Schlein, a general partner at Kleiner Perkins Caufield & Byers.

On Wednesday, Kleiner announced that it led an $8 million Series A funding round for the startup. Other participants include Allegis Capital, Cowboy Ventures, Data Collective, First Round Capital, and two individuals—Ray Rothrock, CEO of RedSeal Networks, and Derek Smith, CEO of Shape Security. All were involved in the startup’s $2.5 million seed round last May, too.

Area 1 Security’s approach goes beyond building a better spam filter, Schlein says. Viagra-themed solicitations may be much more common in one’s inbox, but targeted phishing attempts are orders of magnitude more damaging, potentially leading to stolen intellectual property, financial data, and credentials. Schlein likens the company’s methodology to what intelligence-gathering agencies do in the physical world: collect data from disparate places, then analyze it to prevent terrorist attacks from taking place.

“Rather than focus on a payload, a piece of malware,” Schlein continues, “how about focus on delivery mechanism—make sure that email never actually enters into an organization, prevent it from ever coming in so the temptation to click the link is never presented?”

Falkowitz, the company’s CEO, remains vague about its methodology. “We focus on the root cause component rather than the intricacies and subtle differences that occur across many different types of malware,” he says. When Fortune pressed for more detail on the technology, Falkowitz demurred. “What we don’t want to do is, from our standpoint, overtip our hand,” he says.

Before Area 1, Falkowitz, worked with—indeed, sat next to—co-founders Darche and Syme at the NSA. Falkowitz says he helped conduct attacks on behalf of the U.S. government for foreign intelligence purposes.

By 2009, the ideas that would lead to the formation of Area 1 Security began to gel. The trio noticed two trends: how valuable social engineering attacks had become—“Loss of that capability is crippling to organizations,” Falkowitz says, citing his federal experiences—and how the ability to store and process vast amounts of web data had become a technological reality. In June 2012, Falkowtiz left the NSA to co-found Sqrrl, a Cambridge, Mass.-based big data and security startup. A year later, he co-founded Area 1.

The company started with an initial team of five and has since expanded to 13, pulling veterans from FireEye (FEYE) and Cisco (CSCO). Eventually, it plans to offer software-as-a-service for businesses. “At the end of the day, the idea is to prevent breaches before they happen,” Schlein says.

“I’ve long been impressed by the quality of talent that comes out of NSA,” he adds. “It’s great for me as a VC building companies, bad for the country as it loses these well-versed, uniquely qualified people.”