Security startup Airgap Networks brings telco technologies to the LAN

AI-generating malware, deep fake identity spoofing, and state-sponsored ransomware are just a few of the latest methods that attackers are using to bypass traditional cybersecurity tools. Ritesh Agrawal, CEO of cybersecurity startup Airgap Networks, noticed that many of the attacks that compromise enterprise networks fail to penetrate telco and service provider networks.

“Even though they’re deploying the same routers, switches, and firewalls, there’s something fundamentally different about telco networks that shields them from many threats to enterprise LANs,” Argawal said. Agrawal has 20 years of experience with cybersecurity, enterprise networking, and cloud computing, most of that time spent with Juniper Networks focusing on telco and large enterprise clients.

“I learned that the fundamental difference in service provider, and especially telco subscriber, networks is that one user does not affect other users because they are in a zero-trust environment. I can text you or Zoom with you, but my phone cannot talk to your phone on a network level,” Argawal noted.

His insights about the different security profile of telco versus enterprise networks led Argawal and several of his Juniper colleagues to found Airgap Networks in 2019. Since their launch, the startup has raised seed and Series A funding, developed a “ransomware kill switch,” and attracted several on-the-record customers, including Dropbox and Skyline Enterprises.

Airgap recently received more than $4 million in follow-on funding to its Series A round, which brings its total funding to $23 million. Storm Ventures is the lead investor. Other investors include Cervin, Engineering Capital, Sorenson Ventures, and individual investors.

Airgap’s kill switch is designed to stop ransomware with a single click

According to Argawal, nothing illustrates the divide between enterprise and telco networks like ransomware. Whereas telco networks are segmented in a way that makes it difficult for malware to spread from device to device, enterprises tend to be caught flat-footed when ransomware hits, with technicians running around data centers pulling cables to try to isolate infected machines. Meanwhile, as enterprises continue to address the problem with outdated tools and manual methods, attackers are getting more sophisticated, leveraging AI and machine learning, which pushes the cost of ransomware attacks higher.

According to a report from Cybersecurity Ventures, by 2031 a ransomware attack will hit every 2 seconds, and, in total, ransomware will cost victims $265 billion each year. The recent ransomware attack on MGM Resorts International illustrates just how damaging these attacks can be. Attackers penetrated MGM’s networks through a simple phishing call to a help desk, and once their ransomware spread, a range of business-critical systems were shut down, from ATMs to casino gaming machines to hotel keycard systems. The attack continued to disrupt operations for at least 10 days.

Airgap Networks has developed a ransomware kill switch, a one-click button in the Airgap management dashboard that blocks all lateral device-to-device communications, while also blocking network-level communications among workstations and applications.

As an organization’s incident response team begins to counter the attack, they can bring machines and critical systems that have been vetted and confirmed as uncompromised back online incrementally. Once the ransomware has been fully eliminated, one click restores normal network policies and operations.

Airgap’s zero-trust platform relies on microsegmentation

The foundation of Airgap Networks’ cloud-based cybersecurity service is its Zero Trust Firewall (ZTF), which is designed to protect the enterprise network core and mission-critical assets. The basic idea, as the startup’s name implies, is to virtually airgap critical infrastructure and devices in software through what the startup calls “agentless microsegmentation.”

The trouble with traditional LAN architectures is that enterprise endpoints are typically grouped into unrestricted enterprise VLANs, where they are free to communicate with one another. Enterprises keep ports open on various networked devices to enable free communications between endpoints and servers for business-critical traffic.

Unfortunately, permitting free and open network-level communications creates massive vulnerabilities. Every unrestricted open port increases the enterprise’s attack surface, and lateral device-to-device communications makes it easy for malware to spread quickly throughout the organization. The security gaps in the typical enterprise LAN are understood by cybercriminals, who exploit open network communications to stage successful attacks.

To address those issues, Airgap’s Zero Trust Isolation technology blocks all unauthorized lateral movement within the LAN. Airgap microsegmentation wraps a policy-based security perimeter around each workload that defines which other workloads it can communicate with and how.

Airgap also prevents any lateral scanning attempts. If an intruder breaches the perimeter security, exploits a misconfiguration, or tricks an insider via social engineering, the attacker will gain only limited, restricted access.

Airgap ZTF extends SSO/MFA authentication to a range of critical assets that are often poorly protected, including SCADA, ICS, OT, IoT, and legacy devices. It fully segments every endpoint, authenticates machine-to-machine communications, and provides AI- and ML-driven threat detection.

To improve its ability to discover and manage connected devices, Airgap acquired NetSpyGlass, a network and asset intelligence solution provider, in June 2023. Because today’s enterprise networks are highly dynamic, discovering and visibility tools often miss many connected assets. Every acquisition, addition of a new campus or branch, or even just the moving of equipment between facilities creates changes that escape notice. Thus, many enterprises have no idea what is connected to and where everything is on their networks.

NetSpyGlass capabilities are integrated into the Airgap ZTF, giving it better visibility into core networks with diverse topologies. “The greater the accuracy of asset discovery in these systems, the shorter the response time,” said Agrawal. The integration also adds the ability to deliver detailed insights into device status, attributes, and interactions, helping administrators pinpoint risky devices.

To provide advanced warning of threats to critical infrastructure, Airgap has also developed an AI-powered threat detection and response tool, ThreatGPT. This tool uses a combination of graph databases and GPT-3 models to deliver cybersecurity insights to IT teams. ThreatGPT integrates contextual information, such as user identity and device type, for accurate detection and fewer false positives. It also includes a natural-language interface, so administrators can ask questions and gain recommendations through plain English queries.

A networking company disguised as a security company

Argawal contends that the reason enterprises continue to struggle with security gaps in enterprise networks, year after year, is because LANs rely on outdated technologies. “The LAN environment for enterprises is 30 or 40 years out of date,” Argawal said. “VLANs were invented in 1984.”

While zero trust and microsegmentation are their value propositions today, these are only two steps on Airgap’s long-term roadmap. As the company grows, Airgap’s roadmap puts it on a path to grow beyond security and add networking capabilities, as well. “We’re a networking company disguised as a security company,” Argawal said. “Our goal is to own and innovate the enterprise LAN, which represents a multi-billion-dollar market opportunity.”

This roadmap will eventually put Airgap Networks on a collision course with a few large incumbents. Today, Airgap competes with a range of cybersecurity companies, from traditional firewall vendors to zero-trust providers to access control companies. However, if the company achieves its goal of rearchitecting the enterprise LAN, it will eventually go head-to-head with the likes of Cisco and Juniper.

Airgap Networks at a glance

Year founded: 2019 Funding: $23 million from Storm Ventures, Cervin, Engineering Capital, Sorenson Ventures, and individual investors Headquarters: Santa Clara, Calif. CEO: Ritesh Agrawal What they do: Provide a Zero Trust Firewall (ZTF) for critical infrastructure Competitors include: Authentic8, BetterCloud, Duo Security, Elisity, Okta, Mesh Security, Xage Security Named customers: Dropbox, KCAS, Tillys, and Skyline Enterprises