As cyberattacks increasingly target data inside trusted environments, traditional detection methods are struggling to keep pace. A new entrant to the market is aiming to redefine endpoint security by shifting protection from reactive detection to real time prevention at the device level.
1stProtect, a Silicon Valley based cybersecurity startup, has emerged from stealth with a new endpoint security platform designed to stop data theft before it occurs. Founded by veterans from major cybersecurity firms, the company will officially debut its technology at RSAC 2026, positioning itself as a next generation solution for modern attack scenarios.
The platform addresses a growing challenge in cybersecurity. Many attacks today operate within legitimate systems using stolen credentials or trusted processes, making them difficult for conventional tools to detect. Traditional endpoint detection and response solutions typically rely on collecting telemetry and analyzing it in the cloud, which can introduce delays and leave gaps when systems are offline.
Kervin Pillay, Chief Executive Officer of 1stProtect, highlighted the limitations of existing approaches. “We built this company around a simple idea: by the time most existing security tools detect an attack, the data is already gone,” said Kervin Pillay. “Instead of trying to identify malware after the fact, we verify every critical data access in real time and stop unauthorized activity before it becomes a breach.”
Unlike conventional tools, 1stProtect embeds its decision engine directly on the endpoint. This inline architecture allows the system to monitor system behavior and enforce security policies within the operating system itself. By analyzing user intent and system activity in real time, the platform can terminate malicious processes in as little as 400 microseconds.
Early deployments suggest the platform can detect threats earlier than traditional solutions. In one case, it identified a memory injection attack significantly before another endpoint security tool. In another scenario, it detected and blocked a session theft attack that went unnoticed by existing defenses. Rather than focusing on signatures or code analysis, the system evaluates the destination and intent of actions, enabling faster and more context aware responses.
The platform also operates independently of network connectivity. Once policies are synchronized, endpoints can continue to enforce security controls even in disconnected or restricted environments. This capability addresses risks associated with network outages, DNS manipulation, or cloud service disruptions.
1stProtect consolidates multiple security functions into a single engine, replacing the fragmented approach often seen in modern security stacks. Its architecture supports protection across areas such as credential theft, ransomware, data exfiltration, and identity based attacks, allowing organizations to enforce policies across different threat vectors without deploying multiple tools.
In addition, the platform includes an on device AI investigator that performs forensic analysis locally. By using an on device MCP server, the system can conduct threat investigations and remediation without sending sensitive data to external environments, enhancing privacy and reducing response time.
Rafel Ivgi, Chief Technology Officer of 1stProtect, emphasized the company’s design philosophy. “What makes 1stProtect different is not just the architecture, but the team behind it,” said Rafel Ivgi. “We’ve seen firsthand where traditional approaches break down—whether that’s cloud latency, tool sprawl, or blind spots around credentials and data access. That collective expertise has allowed us to rethink endpoint protection from the ground up and build a system based around where existing tools fail and what organizations actually need when every second counts.”
The launch of 1stProtect reflects a broader shift in endpoint security toward real time, on device enforcement. As attackers continue to exploit trusted systems and move faster than traditional defenses, solutions that prioritize immediate response and contextual analysis are becoming essential for protecting sensitive data in modern enterprise environments.
Recommended Cyber Technology News:
- Cloud Security Alliance Expands Enterprise Tiers for Cloud and AI Security
- ScreenConnect Vulnerability Enables Session Hijacking
- Lookout Uncovers DarkSword iOS Exploit Chain, Exposing a New Era of Mobile Threats
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
