Security company specializes in thwarting attacks on phone lines.
Within the past two weeks, San Antonio-based Secure Logix has gotten calls from four universities about a scam targeting Chinese students.
When someone answers the robocall, the recording in Mandarin informs the listener that there’s an issue with their visa. If they don’t send a certain amount of money for legal protection, they’ll be removed from the U.S.
There are millions of other scams like it, and the number is growing. Sometimes the caller poses as an IRS representative or a payday loan collector. Sometimes they spoof the calls, meaning a call appears to be from a different number. In other cases, they flood 911 call centers with fake calls, an attack known as “telephony denial of service,” or TDoS.
The means are different, but the goal is usually the same: defraud someone or get data and private information that can be used later to defraud them.
“We are seeing more attacks all the time,” said Lee Sutterfield, president and CEO of Secure Logix.
Founded in the late 1990s, Secure Logix specializes in call authentication and security, measures intended to thwart these kinds of attacks. Calls are a complicated mix of information, and the goal is to dissect the different pieces in a matter of milliseconds to ensure there’s not a threat. The slightest delay can completely disrupt a call.
“We, very simply, do not allow calls to come in without taking a look at them,” chief marketing officer David Heard said.
The growth of the internet in the 1990s and 2000s sparked a conversation about security and the need for protection, but the focus was more on the internet than phones, Heard said. The increase in spoofed calls, robocalls and attacks has raised awareness and led to more investment, though it’s still lacking.
“Phones are networked devices that can be a medium for hackers, schemers, fraudsters, just like your email and internet connection,” Heard said. “These people don’t care what alley they access.”
Clients include the Defense Department, other federal agencies, large banks, hospitals, insurance companies, retailers and education institutions — groups that are often at the greatest risk because of the data and information they have access to. In recent years Secure Logix has been working with the Homeland Security Department on contracts focused on TDoS, 911 contact center security, spoofing and robocalls. The collection of contracts totals more than $2 million.
Secure Logix has also expanded into verifying and authenticating calls, which is similar to but not the same as securing them, Heard said. When someone calls a contact center for a bank or an insurance company, they are often asked to verify personal information and answer security questions. But those questions are becoming less and less effective, in part because cybercriminals see an opportunity to extract pieces of information from a person.
“It’s a lot easier to hack a person than hack a system,” said Kelly Minyard, senior vice president of global sales. “Most agents want to be helpful.”
The company’s technology allows it to filter a call, examining its attributes to see if there are red flags.
Verizon and AT&T resell Secure Logix’s technology, and Secure Logix can use their network data to help determine whether calls are valid.
“We strongly believe the only way you’re going to solve this problem is interaction with the major carriers,” Minyard said.
There’s a need for more call security and authentication, said Kim-Kwang Raymond Choo, an associate professor at the University of Texas at San Antonio.
“Call authentication is increasingly important due to the potential for VoIP (voice over internet protocol) calls to be attacked ... particularly by state-sponsored or affiliated actors who are generally more resourceful and technical,” he wrote in an email.
The sector has attracted more investment within the past few years, Sutterfield said. The company declined to disclose annual revenue and sales figures but said 74 percent of commercial sales orders between January and September were from Fortune 500 companies, compared with 61 percent within the same time period in 2013. Sales orders within that period are up 40 percent this year over the same stretch in 2017.
“The market is still pretty small but growing fast, and there are more players,” Sutterfield said.
Sutterfield got his cybersecurity start in the Air Force in the 1980s. In his role with the Foreign Technology Division at Wright-Patterson AFB, he had access to reams of intelligence information and spent hours poring over reports and files.
When an officer who worked in a nearby cubicle left, he turned a bunch of documents over to Sutterfield, who immediately started reading. What he discovered was highly classified information about foreign nations attempting to access and exploit U.S. computer networks — in essence, “data network espionage,” Sutterfield said.
“Every computer in the government was going to be easily accessible by people outside the government,” he said. “I proposed that this was going to become a major issue.”
Sutterfield wrote just that in a paper in 1984, which got the attention of the Air Force Cryptologic Support Center in San Antonio. The center brought Sutterfield down for a briefing, and five minutes afterward, he was offered a job to help build a computer security program, he said.
Reassigned to San Antonio, Sutterfield focused on intrusion detection work, vulnerability testing and developing a new operational model for cybersecurity.
Sutterfield later wanted to try his hand at starting a business. He convinced a group of Air Force colleagues and other associates to join him, and in 1995 they formed Wheel Group Corp. The company developed what they claim was the world’s first commercial-grade intrusion prevention system, a product known as Net Ranger.
But raising funding in San Antonio was hard, and Wheel Group struggled, Sutterfield said. A turning point came when Wheel Group was featured in a Fortune magazine article on how hackers could get into a company’s computer system.
In 1998, Cisco Systems bought Wheel Group for $124 million and moved it to Austin.
Soon afterward, Sutterfield and Rick Jordan, another Wheel Group founder, met Secure Logix’s founding members, Craig Heilmann and Todd Beebe. The pair were working on a telecommunications security company and had a product prototype, and Sutterfield was intrigued.
Secure Logix sold its first product to the Air Force in the early 2000s. The company was on a run of larger sales when the market shifted to new VoIP products instead, Sutterfield said.
People didn’t want the “old hat” technology at Secure Logix. The bottom dropped out of the market, and Secure Logix went from more than 90 employees to 44 in a year, Sutterfield said. It had little cash to spare and little investor interest.
But the company hung on and gradually rebuilt over time as the market for its products and similar solutions, as well as awareness, grew. More organizations were facing fraud attacks, Sutterfield said. Today, Secure Logix has between 60 and 70 employees and a growing list of clients.
“There’s a market need,” Sutterfield said. “We’re moving out of the niche world.”