:format(webp)/cdn.vox-cdn.com/uploads/chorus_image/image/63701728/zenedge-graphic1.0.1510321240.0.jpg)
Black Friday is upon us, and if you’re one of 70 million consumers who were affected by the massive breach of credit card data at the retail giant Target last year, it’s an anniversary you’d prefer to forget.
Alp Hug and Leon Kuperman have not forgotten. They are, respectively, the COO and CTO of the new security startup Zenedge. Based in Los Angeles, it aims to fight the specific kind of hacking attack used in the Target breach, as well as one that followed at Home Depot.
Zenedge specializes in securing not just a company’s own internal network, but in securing vendors and partners who may, for one reason or another, be granted access to those networks.
Securing an internal corporate network like the one used to process payments at Target won’t necessarily prevent attacks using stolen passwords from third-party companies. In that case, the breach was traced to a company responsible for maintaining the heating and air conditioning systems inside Target stores.
“You have to look at the concentric circles around your network,” Hug said. “You may be very sophisticated about your own security. But the other companies you do business with may not be.”
Target’s heating and air vendor had access to its internal company network, and it had been the victim of an attack by hackers using malware designed to steal passwords. Among those they stole were the passwords used to access Target’s network. That gave them the entry they needed to probe the retailer’s networking and find a way in to its in-store payments system. Hackers ultimately hijacked the card numbers by installing software at Target’s point-of-sale terminals.
The breach ultimately cost Target’s CEO and CIO their jobs.
Zenedge has raised $3.5 million in a Series A investment round from several individuals, including Andrew Malik, the chairman of investment bank Needham and Co. Today, it will launch Zenshield, a cloud-based security service that’s designed to enforce security rules on a company’s third-party vendors and partners.
The service monitors all of a company’s inbound network traffic, adding an additional layer of protection to existing firewalls and other products. Every company that does business with the customer and is granted any level access to their internal network gets protected.
“The best way to mitigate against an attack is to distribute the same rules and information to everyone,” Kuperman said. “Everyone gets a common set of security rules, and gets the same information.”
And to be sure, this sort of multi-tiered attack isn’t a new problem for companies. But it’s one that Kuperman says hasn’t been well addressed by existing products. Zenedge won’t disclose any customers — security companies rarely do — but it plans to offer the service to outfits in the financial services, health care, e-commerce and manufacturing industries.
This article originally appeared on Recode.net.
