Cybersecurity firm Resonance Security has rolled out ‘Harmony’, a new asset monitoring tool to guard Web2 and Web3 apps from major threats.
The launch comes as cybersecurity threats are getting tougher and more complex. Traditional security measures often can’t keep up with evolving risks, causing serious financial and reputational harm.
With $1.5 million in pre-seed funding, Resonance launched Harmony to tackle the growing threats of CDN hijacking, BGP hijacking, and DNS manipulation in Web2 systems.
The launch comes amid increasing attacks targeting traditional Web2 infrastructure, which are critical to the functionality of Web3 projects and non-Web3 institutions. Even with big investments in security, both companies and individuals find it hard to defend against these attacks.
In 2022, over 46% of all Web3 financial hacks targeted infrastructure that connects Web2 and Web3 technologies. The growing complexity of these threats calls for fresh solutions that offer real-time threat intelligence.
Harmony captures continuous snapshots of the web state, including DNS records and scripts, and detects unauthorized modifications in real-time. It alerts team members instantly when a problem arises.
Additionally, Harmony uses AI to assess results, minimizing false positives and reducing research time for both customers and Resonance’s incident response team.
Resonance founder and CEO Charles Dray said, “Releasing this new tool demonstrates Resonance’s dedication to a research-driven cybersecurity approach. The goal is to keep any organization’s cybersecurity strategies in tune with continuously evolving cyberattacks. This highly effective monitoring and prevention tool is a game changer for projects trying to avoid DNS takeovers and keep their sensitive assets from being exposed to black-hat hacking groups.”
Resonance steps in with all-in-one solution
Harmony is designed for app developers in both Web2 and Web3 spaces, as well as IT security teams, entrepreneurs, startups, and enterprise organizations. This approach is making professional detection and preventive measures accessible to users of any technical level.
Specifically, the product guards against CDN hijacking, where attackers mess with content delivery networks to insert malicious scripts; DNS manipulation and takeovers, creating fake sites that look like the genuine provider; and BGP hijacking, which reroutes web traffic to wrong addresses.
More technically inclined users can go beyond the Resonance dashboard to explore findings in depth across various attack vectors. They can see how issues arose, learn how to fix them, and understand their impact on the overall architecture and its dependencies. Non-techie users can identify these issues and, if they can’t address everything themselves, easily share them with external technical resources or get help from Resonance’s support team of expert security engineers.
Founded by Charles Dray in March 2023, Resonance claims to offer “full-spectrum” cybersecurity by combining traditional security tools with the expertise of its professional code auditors and penetration testers. Now, it has some strong credentials to support those claims, with backing from leading VCs like Arca, Fabric VC, and Blockchain Founders Fund in today’s funding round.
The company has developed six bespoke applications tackling the most impactful Web2 and Web3 security threats and integrated over 30 established tools into a single platform.
Cyberattacks grow more frequent and sophisticated
Unfortunately, many web3 companies today rely mostly on a few isolated offensive security services. The reality is that web3 projects are at higher risk due to their unique composable and open practices.
Settling for a basic offensive audit and neglecting other security measures leaves them vulnerable. DNS attacks exploit these vulnerabilities, often causing website and system disruptions.
According to G2, from a numbers standpoint, organizations face an average of 7.5 DNS attacks yearly, leading to application outages and data theft, costing businesses around $1.1 million each on average to recover. 80% of organizations consider DNS security essential.
Modern technologies like DNS over HTTPS (DoH) and DNS over TLS (DoT) upgrade security by providing privacy and authenticity for DNS queries. Despite stable DNS attack targets in 2022, December saw a 52% increase. Recovery from attacks varies though, with many companies suffering over an hour of business disruption.
That said, automated solutions are used by 57% of companies, but 25% don’t analyze their DNS traffic, and 35% don’t use it for internal filtering. About one-third of companies have faced DNS tunneling and cache poisoning attacks.