Two veteran security experts are launching a startup that aims to help other cybersecurity product makers improve their level of protection for Apple devices.
Their startup is called DoubleYou, name taken from the initials of its co-founder, Patrick Wardle, who worked at the United States National Security Agency between 2006 and 2008. Wardle then worked as an offensive security researcher for years before moving into research independent on the defensive security of Apple macOS. Since 2015, Wardle has developed free and open source macOS security tools under the umbrella of its Objectif-Voir Foundationwho also organizes the Apple-centric Objectif By The Sea Conference.
Its co-founder is Mikhail Sosonkin, who was also an offensive cybersecurity researcher for years before working at Apple between 2019 and 2021. Wardle, who described himself as “the mad scientist in the lab,” said Sosonkin was the “right partner” for him. necessary to realize his ideas.
“Mike may not brag, but he’s an incredible software engineer,” Wardle said.
The idea behind DoubleYou is that compared to Windows, there are still only a few good security products for macOS and iPhone. And that’s a problem because Macs are becoming an increasingly popular choice for businesses around the world, which means malicious hackers are increasingly targeting Apple computers as well. Wardle and Sosonkin said there aren’t as many talented macOS and iOS security researchers, which means companies are struggling to develop their products.
Wardle and Sosonkin’s idea is to take the hackers’ playbook for systems attack and apply it to defense. Several offensive cybersecurity companies offer modular products, capable of delivering a complete exploit chain, or just a component of it. The DoubleYou team wants to do just that, but with defensive tools.
“Instead of building, like, a complete product from scratch, we really took a step back and asked ourselves, ‘Hey, how do offensive adversaries do this?’” Wardle said in an interview with TechCrunch. “Can we basically adopt the same model of democratizing security, but from a defensive perspective, where we develop individual capabilities that we can then license and integrate to other companies into their security products ? »
Wardle and Sosonkin think they can.
And while the co-founders haven’t decided on the full list of modules they want to offer, they said their product will definitely include a base offering, which includes scanning any new processes to detect and block untrusted code (meaning in MacOS they are not “notarized” by Apple), and monitor and block anomalous DNS network traffic, which can uncover malware when connecting to domains known to be associated with hacking groups. Wardle said these, at least for now, will be primarily for macOS.
Also, the founders want to develop tools to monitor software that wants to become…
