Proofpoint, Inc. to Acquire Armorize Technologies, Inc.

To our Customers, Partners, and Friends,

Today we light the firecrackers at Armorize!

We're extremely excited to let you know that Armorize Technologies Inc. will become a part of Proofpoint Inc.! The acquisition has been approved by the Proofpoint Board of Directors and by the requisite Armorize shareholders and is expected to close in the third quarter of 2013. We owe this incredible success to our current team and to our many friends who've supported us along the way. Thank you everyone!

For me personally, the past few years have been the happiest time of my life. At Armorize I get to work with a great team, and I really appreciate the chemistry, the friendship, and the sense of mission; we're like a family and I constantly felt we were making progress, innovating, overcoming challenges, learning, improving, helping each other, helping our users, and making impossible happen. It's an incredible feeling, indescribably great, utterly satisfying, and highly addictive. It was worth every minute of the hard work! Money can't buy this and I am grateful for the amazing experience and memories. I feel very lucky.

Proofpoint is a worldwide leader in email security and it's incredible to see their progress as highlighted by Gartner's report: Magic Quadrant for Secure Email Gateways 2013.

An important reason for Proofpoint to stand out as a clear leader in Gartner's 2013 report, is its new Targeted Attack Protection (TAP) offering, which leverages Armorize's advanced malware scanning platform. Email is the primary attack vector in Advanced Persistent Threats (APT), and is often used as means to deliver malicious URLs and documents to victims.

An interesting question is: even if a victim was lured into opening a malicious URL or document, why would he or she get infected? How did the attack bypass the antivirus solutions, the UTMs, and the email security gateways? To dig into this, let's reflect back on how the antivirus industry all started: most antivirus started out aiming at detecting viruses on the PC. The keyword here isn't "virus;" it's "PC." The PC has always had very limited computation power and therefore, all along the way, antivirus' goal has been to "detect as much as possible" under constrained resources. After all, who'd like to use antivirus products that consume half of our PC's resources, and reduce our notebook's battery life by half?

This concept rooted even deeper into the antivirus industry as the Internet boomed and antivirus vendors started to integrate with all sorts of network devices – firewalls, gateways, email servers, IDS, etc. These were great new markets for the antivirus vendors, but because speed is critical and computation power is limited to what's available on an appliance, antivirus went further down the road of signature-based pattern matching.

In today's world where mature cloud technologies are readily available, an important question we ask ourselves is:

Can we scale up our detection rate proportionate to our available computation power? For antivirus, the answer is NO. Since antivirus detection rate quickly plateaus as we add resources, it is hard for antivirus to benefit from today's cloud advancements. Don't get me wrong, antivirus can still leverage the cloud to scale up their detection "volume" and "speed," but when it comes to increasing the detection rate, not really.

Aimed at detecting next generation threats, Armorize set its goal to build a detection platform whose detection rate scales up in proportion to the computation power. This allows us to leverage recent cloud advancements and increase our detection rate as cloud technologies improve.

If we look at sandboxing, which we use heavily, well, sandboxing isn't really "new." Sandboxing was a hot security technology in the early 2000, but it didn't pick up as well as expected. The reason? The concept was innovative at the time, but the mindset was not so. Vendors were trying to offer sandboxing as better antivirus products – meaning, designing sandboxing products to run on PCs and notebooks.

It wasn't a great fit at the time, again, due to the PC's limited resources. Using dedicated hardware for sandboxing is a better approach, but it still doesn't leverage modern cloud advancements.

Today at Armorize, we've successfully built a platform that combines sandbox-based attack detection with cloud-based technologies. The boost in detection rate was phenomenal. Scaling up the detection rate has become practical. This is what Proofpoint is using for their TAP (Targeted Attack Protection), and this has contributed greatly to their improved status in Gartner 2013's Magic Quadrant as a clear leader in email security.

Our new platform is focused on detecting "next generation attacks," and it doesn't just include APT. For example, an important APT requirement is to focus the attack scope. To reduce exposure and prolong attack lifespan, APT attacks limit the delivery scope and focus only on desired targets. This coincides with the requirements of the online advertising industry--targeted, selected delivery scope, differentiating bots (ex: crawlers) against humans, and so on.

For online advertisers, each click or impression costs money and therefore, it is critical for the ecosystem to be extremely accurate at differentiating between bots and humans. Serving ads to bots results in wasted advertising dollars due to the fact that there is no hope of converting a bot to a customer. For APT attackers, serving exploits to these bots runs the risk of exposing attack campaign, and so they must also be very good at differentiating visitors and at targeting content.

Because these requirements coincide, attackers have been leveraging the online advertising ecosystem to spread malware, resulting in a new type of hard-to-detect threat. We call this "malvertising," which in our view makes up another type of next generation threat.

For Armorize, the acquisition presents a Launchpad from which we plan to soar to new heights. In recnet years we've been quiet on our blog, because we've been very busy building our new platform. We've even created our own static+dynamic analysis engine that goes together with our own threat description language we call Vicara. As per the Chinese idiom, "Like adding wings to a tiger," Proofpoint's comprehensive email security platform, combined with Armorize's new cloud-based next generation defense platform, is going to change the way people consider email security. At the same time, armed with Proofpoint's resources, we'll be quickly improving all products under HackAlert Suite, including HackAlert Website Monitoring, HackAlert SafeImpression, HackAlert Vulnerability Assessment, and HackAlert CodeSecure.

Powered with Proofpoint's extensive experience in cloud computing, HackAlert Suite is going to incorporate innovations at a much faster rate. Coupled with Proofpoint's sales and customer support resources, HackAlert Suite will be able to help a much wider spectrum of businesses in their fight against next generation threats.

Starting out eight years ago, Armorize has grown solidly, step by step. We are so very excited about the future, and to have the opportunity to make a much greater impact in helping businesses protect their investments, customers, employees and Intellectual Property, allowing them to focus on their own core competencies and generate further value for all of their stakeholders.

We'd like to express our sincere gratitude to all the friends we've made along the way. It is because of your help that we have made it this far and we will always be grateful and cherish the memories. Moving forward, please give us and Proofpoint your continued support as we strive to deliver the world's most advanced defense platform against next generation threats. Thank you!

Wayne Huang
Aug 8, 2013

Read more (rest of article)...