Invisv, a Marina del Rey-based cybersecurity company, has a goal to introduce security products to technology companies that add an additional layer of protection for its users.
Cyber security researchers Paul Schmitt and Barath Raghavan founded the company in 2021, and have worked together for nearly a decade investigating and analyzing how the internet is protected and ways that it can be made more secure. Their research led them to create solutions for individuals and enterprises to be more protected while using the internet.
Prior to founding Invisv, Raghavan worked at Google on software. Schmitt worked on mobile connectivity and counter-surveillance in refugee camps and created network security systems that are now used by Apple, Fastly, and Cloudflare.
The two discovered a big problem with privacy and the internet in relation to metadata, the sets of data about data that can be used to identify forms of information. Raghavan said he and Schmitt talked to others within the industry about their findings but could not locate anyone who understood their ideas.
“It made us realize that the only way that this stuff is actually going to have an impact in the real world is for us to go into a startup and do it ourselves,” Raghavan continued. “We can have things that work … but that is also metadata-secure.”
Raghavan said Covid has altered typical company practices in ways that can expose more users to cyber dangers. Conversations that used to happen in conference rooms have now moved to online spaces.
“(This) means all these cloud companies now know private communication details that were private previously,” Raghavan said. “Nobody’s really figured out (to) make that secure.”
Resilient sector
James Shecter, senior associate at Westwood-based Fika Ventures, said companies such as Zoom have built a suite of in-house and outsourced security tools to manage encryption and storage data based on compliance needs.
“The question with Invisv is whether this fully de-identifiable way to communicate via video is a ‘nice to have’ or a ‘need to have’ for the user base that they’re going after,” Shecter added. “I think it’s a matter of whether the enterprises that they’re targeting are concerned with that level of data encryption. I think that’s what it will ultimately come down to, whether they can target the right niche that is hyper privacy-concerned or whether they can sort of ride the wave and help educate the broader enterprise landscape about the importance of this one-cut deeper layer of encryption.”
Shecter added that cybersecurity is a recession-resilient category within the technology industry.
“It falls in that unsexy, mandatory-spend category and there’s always going to be a budget for it,” he said. “You can’t cut spending because you’ll get fined, or you’ll lose customer trust. And there’s all sorts of downstream consequences for not being super robust in a cybersecurity and I.T. security perspective.”
Building privacy
Invisv makes revenue from its monthly subscription streams; however, it plans to step away from that model and instead partner with — and integrate its technology into — other mobile- and video-conferencing companies.
“We sort of built these things as tech demos to show this is possible and it works, and people can use it. We’ll get some revenue along the way, (but) the bigger revenue really comes through partnerships, and we have a bunch of those partnerships in the works, and so we’re working on integrations with a bunch of companies,” Raghavan said.
Since its inception, Invisv has released three cybersecurity products; the first one, which debuted in August, is called “Pretty Good Phone Privacy.” It’s a mobile service that prevents users from being tracked by their international mobile subscriber number, or IMSI, a unique identifier that is stored in users’ SIM cards and sent to mobile towers. According to Invisv, because one’s IMSI never changes, mobile networks can track users and their locations at all times. “For your phone to work, your phone talks to the mobile tower and the tower talks to your phone, and a consequence of that is that the tower and the phone company know where every single person on the planet is,” Raghavan said.
The mobile product periodically changes the number to a new random one without requiring Invisv to know the user’s identity.
Users pay a monthly subscription of $40 for Mobile Core, which provides up to eight monthly IMSI changes, or Mobile Pro ($90 per month), which provides 30 monthly changes.
Another of the company’s products, called “Relay,” is similar to a virtual private network, but adds an extra layer of protection. In partnership with cloud platform Fastly, Relay separates users’ IP addresses from their data traffic without any point of monitoring.
“Our Relay users connect to us, then we connect them to Fastly, and then Fastly connects them to the internet,” Raghavan explained.
Video conferencing has become a normal work activity. When using other video-conferencing services, Raghavan said that users’ streams are uploaded to a server that keeps track of participants. Users of their most recent product, “Booth,” don’t connect directly to a server, but instead connect through the multi-party relay that masks the users’ network identities so that the server sees only Fastly IP addresses.
“Now (organizations) are relying on cloud services for communications rather than being able to go to a conference room and have a conversation with colleagues,” Schmitt said. “It’s a matter of looking for solutions that provide better data security and metadata privacy for things like cloud services.”
