Interest from the federal government into Polyverse’s secure Linux product prompted several undisclosed “strategic investors” to get in on a new $2 million funding round for the Bellevue company.
Polyverse CEO Alex Gounares confirmed the new round in an interview with GeekWire, saying that the company didn’t really need to raise money at this point but wanted to accommodate new investors he was unwilling to disclose at this time. Some of the company’s existing investors led the new round, which increases the total amount of funding raised by the company to $9 million.
Polyverse is drawing attention from the federal government and other customers with sensitive information to protect because the company has established that its Polymorphic Linux server software works as advertised, Gounares said. “Now they’re calling us,” he said.
Polymorphic Linux fools memory-based attack software, a growing type of attack that takes advantage of vulnerabilities in widely used software, as opposed to older methods of delivering malware onto a network through a compromised email attachment. It does this by “scrambling” some of the basic system information those in-memory attacks use to target Linux applications, creating a unique version of Linux by producing “individually unique binaries that are semantically equivalent,” according to Polyverse material.
“If you’re running the same software the Russians have, you’re in trouble,” Gounares said. “They’re getting your copy of Linux, they are studying it, they are finding those flaws, and today those economics favor them” given how many machines they can access if they discover a zero-day flaw in something as widely used as Linux or Windows, he said.
Polyverse will also protect systems against the side-channel memory attacks that shook the enterprise tech and security worlds last year after Intel disclosed the Spectre and Meltdown chip vulnerabilities, it claims. Companies running Linux applications on cloud providers like Amazon Web Services were protected against such attacks after cloud providers worked very closely with Intel and researchers, but companies that are managing their own servers find it much harder to respond quickly and apply patches for serious vulnerabilities.
The company now has 28 employees, mostly in the Seattle area, and also plans to expand this year in Washington D.C. as it works with the Department of Defense and the intelligence community, Gounares said. Polymorphic Linux is being used by the Department of Defense on naval ships and various weapons systems, and the National Security Agency is testing and validating the product, he said.
[Editor’s note: This post was updated to clarify that not all existing Polyverse investors participated in the new round of funding.]