Protecting digital data means avoiding security system vulnerabilities and playing in advance to prevent possible attacks. This is the approach shared by Ermes – Intelligent Web Protection, an Italian company born in 2018 from the skills and intuitions of a group of university researchers to offer businesses an effective remedy against web threats. In 2021, Ermes recorded a turnover of EUR 850,000 and were preparing to close 2022 with a turnover of around EUR 3 million. To understand the origin, path, and prospects, we spoke with Hassan Metwalley, co-founder and CEO of Ermes.

You have developed a proactive solution using AI and ten algorithms: how did this technology come about, and how long did it take you to develop it?

Ermes – intelligent web protection was born out of a study group on web tracking and privacy led by Marco Mellia, Professor at the Department of Electronics and Telecommunications at the Politecnico di Torino, now advisor to the company. It was founded by myself and Stefano Traverso (research lead), former researchers at the Telecommunication Networks Group of the Politecnico.

Born as a spin-off and then incubated at I3P (the innovative enterprise incubator of the same university institute), Ermes is now a company with 36 employees, with engineers specialised in cybersecurity, data science, big data, machine learning, and AI. The technological solution developed is covered by a European patent and another international one. At the moment, the solution is mainly marketed in Italy, but we have planned investments for its internationalisation.

Ermes – Intelligent Web Protection

You say that “Ermes protects in real time” and “analyses connections based on their behaviour, overcoming the limitations of classic solutions based only on a reputational analysis.” Can you explain these two points to us to understand how it differs from other solutions?

Ermes’ technology, by having visibility of the browser and leveraging Artificial Intelligence and Machine Learning, analyses the goodness of connections and data exchange, not based on the reputation of the recipient, but by analysing in real-time the content of connections and dynamically blocking everything that presents a risk profile, regardless of the reputation of the recipient.

In this way, even connections with resources that are not yet classified or that are usually trustworthy but have been infiltrated by malicious or dangerous content are blocked, overcoming the limitations of traditional IT security solutions.

What are they characterised by, and how can one defend oneself against ‘short-lived attacks’?

Many studies show that at least 60 percent of data breaches come from zero-day attacks that occur while surfing. Of these, as many as 84 percent have a life cycle of less than 24 hours. Ninety-five percent of successful attacks take place via the Web, via phishing sites, thus exploiting human interaction.

To protect oneself against these attacks, one must act in two ways: Prevention, avoiding providing information during browsing that is useful for constructing a spear phishing attack with a high probability of success (web trackers collect interests, habits, installed software and extensions with related vulnerabilities), and Detection, identifying malicious sites from the moment they are born until the malicious campaign begins.

Artificial Intelligence Algorithms

AI is a popular feature among cybersecurity companies: why should companies prefer Ermes over other competitors?

In addition to having ten patented artificial intelligence algorithms, Ermes also stands out for its lightweight architecture. The solution, which fits in as a browser plug-in, is extremely easy to implement and solves a very specific need: it protects the user when he is most exposed, i.e., while surfing and wherever he is, with or without a VPN.

How many companies have chosen Ermes so far?

To date, we have more than 50 customers in Italy, with leading partners such as Carrefour, SOL Group, and KPMG, while at the European level, we have customers such as IBSA and the School of Monaco.

How much does it cost a company to rely on Ermes solutions?

Ermes for Enterprise costs per device (PC or smartphone), ranging from EUR 15 per year for the basic module to EUR 60 per year for the entire service. These figures are largely affordable for companies of all sizes.

Cybercriminal Threats

How much funding have you obtained so far?

We have currently obtained around €1.4 million in several pre-seed and seed rounds. By the end of 2022, we will close another round with new institutional and private investors.

Can you tell us three things non-expert users should do to protect their data?

The best defence tool is attention. Which also means asking yourself questions: for example, if a service is free, how does the company get revenue and maintain itself in the market? Then it is good practice to configure your browser by activating the Do-Not-Track configuration to prevent tracking by third-party services. Finally, you can also use web protection services such as our Ermes Web-Care solution that makes the user invisible to the network.

Trying to make a comparison between areas of major cyber influence, which is furthest ahead in remedies against cybercriminal threats between Europe, North America, and Asia?

The US and Israel are among the most advanced countries in terms of cyber security. Europe and Asia have the greatest growth potential, not forgetting the Arabian Peninsula, particularly the United Arab Emirates, which invests so much in AI, innovation, and security.

Cybercriminals are often one step ahead of security systems: will it ever be possible to arrive at a solution that keeps data 100 percent safe?

There are plenty of opportunities for cybercriminals to find new ways to attack companies, people, and institutions, but never before have IT and cybersecurity solutions been able to anticipate moves. In many cases, the success of criminals does not depend on a lack of effective defence tools but on a lack of prevention and investment, which individuals and companies often tend to neglect.