Until now, signature-based detection has proved insufficient to protect against Zero Day and polymorphic attacks. As cyber-attacks evolve and become more sophisticated, so too must the security controls. Through AI and machine learning technologies, the ‘Cyber Threat Profiler’ detects and prioritises attacks based on the risk they pose to a company’s IP and data. It can therefore detect attacks that may have been overlooked by other systems, and learns over time how attacks evolve and mutate.
Using machine learning in itself is not a new concept, but it’s a concept that only a small number of security players are implementing. The majority of these companies are only using AI to perform anomaly detection. However, the ‘Cyber Threat Profiler’ implements both anomaly detection and a patented classification approach to detect and effectively triage cyber-attacks.
Stuart Laidlaw, co-founder and CEO of Cyberlytic, adds: “We created this solution to help security teams identify and evaluate the risks posed by advanced cyber-attacks. Based on research we completed for the UK MoD, we’ve developed an effective way of using AI to detect and prioritise web attacks. Our data science approach evaluates risk posed by an attack by looking at the sophistication and the capability of the attacker. Importantly, our software also assesses the effectiveness of each attack, combining these characteristics to create a risk score. This is achieved through real-time deep packet inspection of all HTTP traffic – something that no-one else out there is doing.”
As a cyber security supplier to HM Government, Cyberlytic works with a number of departments to understand how the use of AI can perform human functions when it comes to cyber security. Laidlaw’s background includes experience working for Fujitsu, BAE Systems and government agencies. Cyberlytic’s co-founder and CTO, St John Harold, has also worked with several FTSE 100 companies as a security consultant and more recently, has provided expert security advice to UK government departments and agencies.
The company’s exploration of advanced analytical technologies has also attracted the attention of Amadeus Capital Partners, a renowned IT security VC investor, VASCO™, a global leader in identity and security, and the likes of Cisco where the company is engaged in a programme to exploit opportunities for growth.
“We are excited to have Cyberlytic join our IDEA London programme, they are complementary to our current security portfolio and we are excited about adding them to our Solution Partner programme,” adds Tom Kneen, head of business development at Cisco.
More information on the ‘Cyber Threat Profiler’:
- It uses patented technology and can be used as a standalone web application security solution, or integrated with existing solutions to enhance their security performance.
- Its core technology learns from the sophistication, capability and effectiveness of attacks as they evolve. This proactive approach to threat detection eliminates the need for static rules, reduces false positives and detects malicious HTTP web traffic.
- Customisable alerts provide security teams with the insight and situational awareness they need to respond effectively.
- Companies can no longer rely on human intervention alone to quickly and efficiently detect threats. The average security team now takes around 220 days to identify and respond to a successful attack due to the sheer volume of attacks every day. The ‘Cyber Threat Profiler’ takes response time down to a matter of seconds.
- Companies need to employ large teams of security analysts as the first line of defence. There is huge demand for skilled analysts, but a shortage of experience. Cyberlytic can help reduce the demand for skilled and experienced security analysts, by automated the business-critical triage process, by immediately identifying the most dangerous web attacks.
There are more than 20,000 compromised websites identified a week, which demonstrates a need to rethink how companies, both large and small, navigate today’s cyber security threat landscape. Web application security is particularly important for those that have a customer or supplier portal, that allow staff to access systems via an extranet or those that rely heavily on online business transactions or hold sensitive information about customers. Time and time again, failing to protect customer data has shown to have had a direct impact on the share price of a company and can lead to irreversible damage to company reputation and trust in a brand.