Hooded, in a darkened room, illuminated exclusively by the brightness of the computer screen on which he schemed his misdeeds, the hacker has turned this distorted image of himself into a daily figure in our popular imagination. Novels, movies and series they worship an icon that could gain followers in the near future. Because, even if there are advances in the field of cybersecurity, there is no inaccessible system and computer attacks continue to occur. Not all companies have their defenses ready to be prepared before the next WannaCry nor are they aware of what may be lurking.
Let's talk about CounterCraft. Its founders met working for a computer security company. Their paths separated, but after a while, the three decided to leave their jobs to embark on their own startup. "Every time we saw more news about security breaches. We realized that the industry had not found a more effective way to counteract these incidents, "recalls David Barroso, CEO of the company, in addition to one of its creators.
In its three years of activity, CounterCraft has grown from three to 25 employees. Most are located at its headquarters in San Sebastian, although there are also programmers working from London, Madrid, Seville or Albacete. In February they closed an investment round of two million euros.
Barroso uses a metaphor to explain the field in which his company is framed. For him, companies and governments often use computer security as if it were a medieval castle: they are dedicated to building walls, hiring soldiers and building a pit so that attackers can not access their information. "In this way, if one layer is committed, others can resolve the incident," he explains. But still, in many cases, a few hackers are able to overcome these barriers.
In CounterCraft, they start from the premise that someone will overcome these barriers and focus on being prepared when the gap occurs. For this, they deploy traps inside and outside the system to be protected where the attacker will not find what he is looking for and, through them, they will try to guess who he is, what his objectives are and understand his modus operandi. "It is not the same to face a government that wants to steal information, an employee that is selling your data or a group of hackers external with other intentions, "reflects Barroso.
The information of any company resides in active repositories, web servers, mobile phones … And that's where they look for the hackers. "We create parallel scenarios that an employee would not find, but with whom you can find who tries to access without authorization," he explains. Thanks to a monitoring network, if someone opens a document within this scenario, the company receives an alert and can follow the path of the intruder through the system. "If we detect that something happens we can cut the threat, but we are not interested; we want to leave him in a controlled place, study him and, when we get the necessary data, block him. "
The CounterCraft solution It is not intended for all audiences; Its main clients are large companies and multinationals, mature from the point of view of cybersecurity. "We work with several Ibex 35 companies, with more developed sectors in this area, such as the financial or pharmaceutical," he says. Although they work from Spain and the United Kingdom, they have clients in several European countries, Mexico and Colombia.
If we detect an attacker, we do not want it to leave the system. We are interested in having it in a controlled place to see its intentions.
The originality of their proposal leads them to compete in a market with little competition. The most important comes from Israel and the US and operates primarily in the North American market. "We are the only European company with this type of product", says Barroso, who wants to consolidate in the continent and gain strength in Latin America before thinking about facing his counterparts.