Back to News
Press Release
March 19, 2026

1stProtect Emerges from Stealth with New Approach to Endpoint Security

Veterans of CrowdStrike, Symantec, and Cisco unveil platform that verifies user intent and blocks unauthorized data access and exfiltration in microseconds — even without internet connectivity.

SAN FRANCISCO, March 19, 2026 — 1stProtect, a Silicon Valley-based cybersecurity startup founded by veterans of CrowdStrike, Symantec, and Cisco, today emerged from stealth with an industry-changing new endpoint security platform designed to stop modern cyberattacks before sensitive data can be stolen by monitoring system behavior and verifying user intent in real time.

The company will formally launch the platform during the RSAC 2026 Conference.

Why Existing Cybersecurity Tools Fail

For decades, enterprise security has relied on perimeter defenses and cloud-based analytics to detect threats after they occur. But as attackers increasingly use AI to generate novel attacks at an unprecedented pace and evade traditional detection methods, many security tools fail to identify breaches until long after sensitive data has already been accessed.

Modern attacks increasingly operate inside trusted systems — using legitimate processes or stolen credentials — making them difficult for traditional detection systems to identify until long after sensitive data is accessed.

"We built this company around a simple idea: by the time most existing security tools detect an attack, the data is already gone," said Kervin Pillay, Chief Executive Officer of 1stProtect. "Instead of trying to identify malware after the fact, we verify every critical data access in real time and stop unauthorized activity before it becomes a breach."

A New Model for Endpoint Protection

Rather than sending threat data to the cloud for analysis before taking action, 1stProtect pushes the decision engine down to the endpoint. 1stProtect is an inline solution, enabling it to provide preemptive, rather than reactive, protection and stop threats before they occur. The platform operates as a runtime enforcement layer that monitors system activity and blocks malicious behavior directly inside the operating system, allowing it to terminate malicious processes in as little as 400 microseconds.

During early deployments, the platform has demonstrated the ability to detect and block threats significantly earlier and more comprehensively than traditional security tools. In one case, the system identified a memory injection attack 40 seconds before an established endpoint security product detected the activity. In another test, the platform identified and blocked a session-theft attack that existing security tools failed to detect entirely.

One Engine Instead of Many

Most modern security stacks rely on multiple independent engines — separate systems for endpoint protection, identity security, data loss prevention, and threat detection.

1stProtect replaces that fragmented model with a single user-space SIGMA engine capable of enforcing security policies across multiple attack categories in real time. The platform's modular architecture currently includes 22 protection modules covering:

  • Credential and Session Theft
  • Ransomware and Destructive Attacks
  • Data and Exfiltration
  • Application and Browser Security
  • Runtime Behavioral Attacks
  • Identity and Active Directory Attacks

On-Device AI Investigation

The platform includes an AI-driven investigator that runs directly on the endpoint. The system performs forensic analysis locally using an on-device MCP server, allowing threat investigations and remediation to occur without sending sensitive data to the cloud.

Built by Security Industry Veterans

The company is led by Kervin Pillay, former Chief Technology Officer of Automation at Cisco, and Chief Technology Officer Rafel Ivgi, a highly decorated cybersecurity veteran with nearly three decades of experience, including senior positions at SentinelOne, CrowdStrike, Symantec and Forcepoint.

"What makes 1stProtect different is not just the architecture, but the team behind it," said Mr. Ivgi. "We've seen firsthand where traditional approaches break down — whether that's cloud latency, tool sprawl, or blind spots around credentials and data access. That collective expertise has allowed us to rethink endpoint protection from the ground up."

Contact

Investor and Customer Contact: info@1stProtect.ai

Media Contacts: Scott Deveau / Nate Johnson, August Strategic Communications — 1stProtect@augustco.com

Source: RSAC Media Center