The Founders
Two seasoned security professionals, Patrick Wardle and Mikhail Sosonkin, are embarking on a new venture. Their startup, DoubleYou, aims to enhance the cybersecurity landscape for Apple devices.
Patrick Wardle, a former U.S. National Security Agency employee (2006-2008), transitioned from an offensive security researcher to an independent Apple macOS defensive security researcher. Since 2015, he has been developing free and open-source macOS security tools under his Objective-See Foundation.
Mikhail Sosonkin, who also has a background in offensive cybersecurity, worked at Apple from 2019 to 2021. Wardle, the self-proclaimed “mad scientist in the lab,” regards Sosonkin as the perfect collaborator to bring his ideas to life.
The Problem
Despite the growing popularity of macOS and iPhones in the corporate world, robust security products are scarce for these platforms. This gap presents a challenge as malicious hackers increasingly target Apple computers. The lack of skilled macOS and iOS security researchers further complicates the development of such products.
The Solution
DoubleYou aims to borrow strategies from hackers specializing in system attacks and apply them to defense. Many offensive cybersecurity companies offer modular products that can deliver a full chain of exploits or just one component. DoubleYou intends to replicate this model but with defensive tools.
Instead of creating an entire product from scratch, DoubleYou plans to develop individual capabilities that other companies can integrate into their security products. This approach is akin to supplying car parts rather than manufacturing the whole car.
The Offerings
While the co-founders are yet to finalize the full list of modules, they plan to include a core offering. This includes analyzing all new processes to detect and block untrusted code (not “notarized” by Apple) and monitoring for and blocking anomalous DNS network traffic. These features will primarily cater to macOS.
Additional tools under development include software persistence monitoring, behavior-based detection of cryptocurrency miners and ransomware, and permission requests for webcam and microphone use.
The Business Model
Described as an “off-the-shelf catalog approach,” customers can select the components they need for their product. This strategy mirrors Wardle’s approach in developing various Objective-See tools.
The Future
For now, Wardle and Sosonkin plan to remain independent and avoid outside investment. This decision allows them to focus on technology development without the pressure to scale rapidly. As Sosonkin puts it, they are “foolish idealists” who simply want to catch some malware and hopefully make some money in the process.
