Type: Product
Category: Security
Sub-categories: Cyber Threat Intelligence, Risk Management, Governance

Cyber Threat Profiler: Real- time risk assessment of cyber-attacks

The Problem
It has been widely publicized that a global shortage of cyber security professionals has caused businesses and governments to struggle to protect their systems and information against a rapidly increasing cyber threat (an HMG report released following announcement of the UK CERT stated there is currently a gap of 500,000 cyber-­‐security professionals and the Cisco 2014 Annual Security Report stated there is a global shortage of more than one million skilled cyber professionals). Highly sought after security experts are required to keep on top of the attacks, using their judgment and experience to prioritise the organisation’s response. It is their job to avert potentially catastrophic attacks. At the same time, cyberattacks are becoming more sophisticated with conventional perimeter defences proving to be insufficient. The result is that security teams are becoming increasingly overwhelmed with the volume of attacks and that security breaches are becoming more frequent. Therefore, security teams need a way of prioritizing their response in order to minimize the risk of compromise and the associated cost and reputation damage as a consequence.

Solution (Value Proposition)
Cyberlytic provides security intelligence software that prioritises the workload of security teams and reduces response times from the most dangerous cyberattacks to seconds. Cyberlytic has developed the Cyber Threat Profiler (CTP). The CTP is an expert learning decision support tool that uses the latest in Artificial Intelligence techniques to provide real‐time risk Assessment of cyber-attacks. The CTP connects to existing security systems, such as Security Information and Event Management (SIEM), Firewall or Network Security Monitors to Analyse detected alerts. The CTP analyses threats derived from the command line injection family Of attacks, where the human interacts with a web site, such as SQL injection and cross site scripting attack. Through a machine learning classification process, the CTP analyses detected alerts in real‐time to assess the sophistication of each attack, the capability of the attacker and also the effectiveness of The attack. This real‐time analysis is used to determine the relative information security risk that each attack poses. Our automated approach to attack classification reduces the dependency on the Human operator to manually triage threats and ultimately reduces the time to respond to the Most dangerous attacks. The CTP uniquely automates the cyber attack triage process in a consistent and repeatable way, supporting the security analyst in making business critical decisions and reducing the risk of Security breach. Cyberlytic is different to other security intelligence companies in that we implement A classification approach that prioritises information detected by other systems. We uniquely automate the business critical process immediately from the point of detection, to the point of response, enabling businesses to focus their attention on responding to high‐risk cyber attacks in an increasingly complex threat landscape.

Key Differentiators
The majority of cyber companies operating in the fast growing Security Intelligence space are focusing their efforts on providing anomaly detection systems or threat intelligence solutions. Effectively adding to the problem of ever increasing volume of security alerts. Cyberlytic is different because we use an innovative machine learning classification approach to prioritise information provided by these and other more conventional security systems. Cyberlytic uniquely automates the business critical process that falls immediately from the point of detection of a cyberattack, through to the point of responding to the threat. The Cyber Threat Profiler analyses underlying attack data to determine the sophistication and effectiveness of a cyberattack, as well as the likely capability of the attacker. Our unique approach is patent pending in the UK, US and Europe and is used to classify attack data to determine the relative risk of each attack in real‐time. We differentiate from other systems in that we address the risk of a live cyberattack that has been detected by another system. This gives us the ability to prioritise the alerts based on the seriousness of each attack. Finally, the Cyber Threat Profiler acts a triage tool; it does not replace existing systems, but uses the information they provide to provide an additional layer of security intelligence, making integration relatively simple and ultimately reducing response times of the most dangerous attacks from potentially days to seconds

Supporting Technology (the 'magic')
The Cyber Threat Profiler (CTP) is a software solution that complements existing security systems to provide real‐time risk assessment of cyberattacks. The CTP uses artificial intelligence, including supervised machine learning, to accurately classify attacks detected by Security Information and Event Management systems or Network Security Monitors. The CTP’s classification process accurately determines the type of attack and how advanced it is. For example, it may be a reconnaissance attack or it may be exploiting a database. By using advanced statistical analysis and linguistic probability, the CTP efficiently and consistently determines the relative risk of command line injection attacks. The accuracy of the CTP ensures serious attacks are immediately highlighted to the security team. Our automated approach to attack classification reduces the dependency on the human operator to manually triage threats, allowing them to respond immediately to the most dangerous attacks

Cyberlytic Team Experience & Contact:

Cyberlytic Stuart Laidlaw

Stuart Laidlaw,Co-­‐Founder and CEO
Stuart is responsible for leadership and direction, sales & marketing strategy, sales execution and financial oversight.

Cyberlytic St. John Harold 2

St. John Harold, CTO
St. John is responsible for product and technology roadmap, overall technical oversight and R&D.

Cyberlytic Stuart Churchill 2


Stuart Churchill, COO at Cyberlytic
Stuart is responsible for day-­‐to-­‐day operational management of the company, marketing, project management and sales support.

Contact for clients, partners and press:

4th Floor, 27 Hammersmith Grove
Hammermith, London, W6 0NE
United Kingdom

Type: Product - Service
Category: Security
Sub-categories: Security Monitoring, User Behaviour Analytics

Blindspotter: A real-time, user behaviour analytics tool that analyses user activities and identifies suspicious events occurring throughout IT systems.

The Problem
Many companies’ worst nightmare is already lurking inside what was previously thought to be its perimeter, a sophisticated external attacker or malicious insider. Nowadays, attackers are intelligent, wellfunded and their attacks are increasingly complex and well targeted. The common theme of recent, high-profile breaches is that they were carefully planned and went undetected for some time with the attackers moving freely inside the victim’s IT environment. Malicious insiders hold an advantage over a company’s primary security tools in that they are designed to protect against external threats, not against trusted employees. Targeted attacks by humans use a combination of IT vulnerabilities, social engineering and ordinary crime to gain unauthorized access. It means that the new perimeter, where you have to focus, is your users. They are the new focus of your security measures instead of the infrastructure

Solution (Value Proposition)
Blindspotter is a real-time, user behaviour analytics tool that analyses user activities and identifies suspicious events occurring throughout IT systems. It helps organisations mitigate the impact of advanced persistent threats or identify malicious internal activity and speed up the investigation process of any suspicious activities. Blindspotter tracks and visualises user activity in real-time to provide organisations with a better understanding of what is really happening on the network. The solution works by collecting and analysing user-related events and user session activities - digital footprints - in real-time or near real-time. It builds a baseline of user profiles from the gathered digital footprints then compares every action to these corresponding baseline of users and their peers to spot anomalies in their behaviour - such as an administrator logging in outside of their normal hours. Blindspotter is even capable of detecting abnormality on the level of issued commands as well, which means that in case a system administrator uses a command that is different from the generally used command set, Blindspotter would alert the security team. Once this has been detected, Blindspotter can automatically react to minimise the impact of any threat. It is designed to meet today’s key security challenges and alert organizations to key threats, for example: • Detection of hijacked user accounts • Detection of misuse of privileges • Detection of automated system account misuse • Screen Content Analysis (Used in conjunction with Shell Control Box – BalaBit’s privileged activity monitoring appliance – Blindspotter can also analyze screen content, including issued commands and applied software or any textual data that appears on the screen. This enables the detection of any anomalies, which are the obvious signs of an APT-attack or a serious misuse of privilege)

Key Differentiators
Firstly, any analytics solution is only as good as the data that feeds it. Blindspotter leverages BalaBit’s syslog-ng technology, which is proven and trusted by one million+ installations around the world. It also leverages BalaBit’s Identity Access Management technology to analyze high-fidelity recordings of user activities such as screen recordings or command line interaction.
Secondly, Blindspotter’s uniquely pluggable architecture enables analysis of other user data in addition to logs and IAM recordings. Custom connectors to proprietary APIs can be written within hours, and out-of-the box integration with many commonly-used data sources is standard. And lastly, Blindspotter combines the results of several unsupervised machine learning algorithms to ensure that attackers cannot fly under the radar, while ensuring that security teams are not overwhelmed by thousands of false alarms. It takes risk exposure levels of individual users into account and prioritizes potential incidents, allowing security teams to effectively optimize their efforts.

Supporting Technology (the 'magic')
Blindspotter integrates a variety of contextual information in addition to standard log data, processes them using unique sets of algorithms, and generates user behavior profiles that are continually adjusting using machine learning. It tracks and visualizes user activity in real-time for a better understanding of what is really happening on the network and offers a wide range of outputs from warnings to automatic interventions. It doesn’t require pre-defined correlation rules; it simply works with your existing data. The built-in algorithms have standard and unique parameters that allow you to fine-tune the output without being a skilled data scientist. Data is analyzed in multiple ways to adjust the risk and deviation level of each activity. Blindspotter reveals all new deviations from normal operation in a well-prioritized dashboard. With advanced monitoring across every aspect of an IT system, Blindspotter prevents sensitive and critical data from potential security breaches, from both internal and external attackers.

The solution works by collecting and analyzing user-related events and user session activity in real-time or near real-time. It then compares every action to the corresponding baseline of users and their peers to spot anomalies in their behavior – such as an administrator logging in outside of their normal hours. Blindspotter is even capable of detecting abnormality on the level of issued commands. This means that, if a system administrator uses a command that is different from the generally used command set, Blindspotter will alert the security team. Once this has been detected, Blindspotter can automatically react to minimize the impact of any threat.

Team Experience & Contact:

Balabit Zoltán Györkő

Zoltán Györkő, Co- founder and Chief Executive Officer
Zoltán Györkő (1976), co-founder of the company was named CEO of BalaBit on 1 September 2012. Györkő has been a member of the board since the company was founded twelve years ago, and has held the position of Business Development Director for the past six years. Györkő has extensive leadership experience and a deep knowledge of IT security market as he was responsible for developing BalaBit’s global partner network as well as the sales and marketing organization. Today BalaBit is active in 30 countries through its 80 partners. In 2006, the company opened its first international subsidiary in Germany, since then it has established local offices in France, Italy, Russia and in the USA. In 2009, BalaBit was included in the Deloitte Technology Fast 500 EMEA list of companies growing most rapidly in Europe, Middle-East and Africa, and in the Deloitte Technology Fast 50 Central Europe list in 2013, 2012, 2010 and 2009. Zoltán Györkő studied computer engineering at Pannonia University, Veszprém. He started his career as a system engineer, and was soon appointed project manager at BalaBit. Additionally, he had been the leader of the Hungarian Linux User Group for 3 years.

BalaBit Balázs Scheidler

Balázs Scheidler, Co- founder and CTO:
Balázs Scheidler (1977), co-founder and Development Director of the company and the inventor of BalaBit's leading technology products. Due to his development approach, the company’s whole product line is known as best-of-breed technology products world-wide. Scheidler playes an active role in the development of industry standards as a member of the IETF (Internet Engineering Task Force) logging working group. Balázs Scheilder held the position of CEO and Development Leader since he co-founded the company in 2000, and has been named Development Director to a newly created position on 1 September 2012 to increase his and the company’s focus on development and preserve BalaBit’s technology leadership in its core technologies. Balázs Scheidler earned a degree in computer engineering from Pannonia University, Veszprém. As the initiator of numerous Linux related projects, he is regarded by members of the open source community as subject matter expert. He is often invited to present at international events and conferences

Balabit – headquartered in Luxembourg – is a European IT security innovator, specialized in advanced monitoring technologies. It is a global player of the development of privileged activity monitoring, trusted logging, proxy-based gateway and user behavior analytics technologies. BalaBit is a fast-growing IT security vendor that was founded in 2000. The company is widely-known for syslog-ng™, its open source log management solution, used by more than a million installations worldwide. This significant user base provides a solid ground for the business expansion which is fueled by Shell Control Box™, a pioneering development for the rapidly-growing niche of privileged activity monitoring market. BalaBit has customers all over the world including 23 Fortune 100 companies. Today, the company employs more than 200 people – 60% of them are developers and system engineers – but it is growing fast both in terms of employees and revenue. In 2014, we had around $15 million in total revenue. We have sales offices in France, Germany, Hungary, Russia, in the UK and the United States and partners in 40+ countries.The number of commercial customers is between 800-900 companies. Approximately half of them are SCB customers.

Contact for clients, partners and press:

Balabit Tongerloo

Yves van Tongerloo

Balabit Headquarters
5, Rue Heienhaff 2nd Floor (wing E)
L-1736 Senningerberg
•Tel: +352 284878 2047
•Fax: +352 284878 2000
•URL: www.balabit.com

Original Source: https://www.balabit.com/network-security/blindspotter

ipacso awards logo

Brussels, October 22, 2015: IPACSO announces the 2015 Winners of the EU Cyber Security & Privacy Innovation Awards

Each year in October, Europe’s most innovative and forward-thinking researchers and entrepreneurs gather in Brussels, recognising those who are bolstering Europe’s cyber security landscape. With the awards, the IPACSO consortium, supported by the European Commission under FP7, support Privacy and Cyber Security Innovations 'Made in Europe'. The IPACSO Consortium today announced the 2015 Champions of the European Cyber Security & Privacy Innovation Awards.







IPACSO (Innovation Framework for Privacy and Cyber Security Market Opportunities) is a private consortium aimed at supporting Privacy and Cyber Security innovations in Europe. Its aim is to support ICT Security innovators with State of the Art methodologies and best practices in their innovation process, that will help them to find their road to market faster, more effective and more efficient. IPACSO is supported by the European Commission, and aims to improve the competitiveness of the European Cyber Security & Privacy market. Alongside LSEC, VASCO Data Security, the Waterford Institute of Technology and Espion, both from Ireland, and the German Institute for Economic Research make up the rest of IPACSO. With the Cyber Security & Privacy Innovation Awards, the IPACSO consortium, supported by the European Commission, awards Privacy and Cyber Security Innovators in Europe.

The awards attract CISO's looking for the latest technology innnovations, policy makers that are interested in cyber security and privacy as a domain for European expertise and innovation, investors looking for business opportunities, and government,  defense and law enforcement charged with protecting critical infrastructures, secure communications and (the privacy and security of their) citizens.

The presentation pack including the : 

- introduction by Ulrich Seldeslachts, CEO of LSEC and IPACSO partner

- keynote presentation by Jason Kravitz, IBM

- panel debate with entrepreneurs and innovators

- presentation by Seamus Galvin, Espion and IPACSO partner on the use case of the IPACSO Framework for innovation management by Espion, 

- presentation by Bart Renard, Vasco Data Security and IPACSO partner on the use case of the IPACSO Framework for innovation management by Vasco Data Security and the Vasco Digipass Bluetooth Dongle

- panel debate by the IPACSO partners

- presentation of the IPACSO 2015 Awards finalists and winners, by Ulrich Seldeslachts and Jakub Boratynski, Head of Unit, DG Connect, European Commission



Type: Service
Category: Privacy
Sub-categories: Secure Communication, Secure Collaboration

Crypho: A (Software-as-a-Service) messaging and collaboration tool for organizations with high security requirements

Solution (Value Proposition)
Crypho is a messaging and collaboration tool for organizations with high security requirements. Typical users are law enforcement, government and the financial industry. It is also used by human rights groups and journalists around the world.

Crypho is a Software-as-a-Service. It runs on desktop and laptop computers as well as mobile devices such as smartphones and tablets.

It provides customers with an easy-to-use way of communicating confidentially through messaging, chat and file sharing. It facilitates faster and more secure communications with end-to-end encryption. In addition to keeping information confidential and secure, end-to-end encryption also ensures compliance with laws and regulations and avoids the complexities and legal headaches that usually come with cloud services.

Since all data is encrypted on the client, and only the customers have the encryption keys, no-one can intercept and access the data. Not even Crypho’s own staff. Rather than offering “stronger security” this changes the security paradigm completely. We call it a Zero-knowledge system.

With a zero-knowledge system, organizations can use a centrally hosted system through the Internet, rather than having to host it in their own internal infrastructure.

Since Crypho can be used securely over the Internet, this makes it easier to collaborate and share between organizations, for example in international law enforcement collaboration. Organizations and companies can use it without taking special security precautions or preparations. Both from smartphones and computers. With a Zero-knowledge system, there is no risk of data leakage in cases of the vendor being hacked, unfaithful employees or government interventions.

Crypho combines high security and strong cryptographic requirements with the approachability and ease of use that is common in consumer applications. This makes it possible to establish a secure and trusted communications channel between companies in a matter of minutes.

Key Differentiators
Existing high-security communications software has traditionally focused on the military and government markets, and secret communications. This has placed strong requirements on specialized hardware, software and processes, and subsequently carried with it a high cost (in terms of money or in terms of overhead) to communicate. With a modern realization that there is a large area of communications where data should be protected from the public, but adversaries are not foreign intelligence organizations, governments are opening up to the idea of communication tools that are faster and easier to use, and can run on off-the-shelf hardware.

Crypho can run on the user’s normal smartphone or PC New people can be enrolled and create strong cryptographic keys in a matter of minutes. Without training. Secure and verified communications channels can be established between companies, networks and countries in a matter of minutes. There is no need for pre-installed software.

Supporting Technology (the 'magic')
Crypho is an end-user-facing product for providing people in companies or organizations with an easy way of communicating confidentially. It unites Real time messaging and sharing, Exemplary ease of use and Super-high-security. Crypho is a web-application for confidential sharing and communication between businesses. The application is a hosted web service, and runs in a normal web browser. All messages are asynchronous and persistent, so that even if they are real time, they stay around so team people can see what their team-members said while they themselves were offline. Members can share files seamlessly in groups.

Traditionally, web applications are architected around a fat server application that serves content to thin clients (browsers). Crypho departs from this model and is designed to work with a thin server which remains as agnostic as possible to the content and merely stores and distributes it to rich client applications (running in the browser) that do most of the work.

The server stores messages and files to ensure users can access them at will. The server is blind to the contents of data, however. There is no way to inspect what is stored. The client, on the other hand, is an advanced application, written as a single page web application, a desktop app and a mobile app. The client deals with cryptographic key management, messaging, encryption and the user interface for interacting with other users of the system. Crypho manages encryption keys transparently to the users. Crypho is built on top of a stack of well-proven, scalable and robust Open Source software and cryptographic research from Stanford University.

Crypho Team Experience & Contact:

Geir Baekholt

Geir Bækholt, Founder

15 years Internet industry experience - as designer, developer, consultant, leader and 10 years as CEO. Leader of the Plone CMS project, one of the 2% largest Open Source projects worldwide. Broad board experience from both companies and nonprofits. Has built intranets and collaboration systems for clients such as Continental Airlines, Nokia,United Nations, UK National Health Service, the UK military, Oxford university and the US
Library of Congress.

Crypho Yiorgis Gozadinos

Yiorgis Gozadinos, PhD, FOUNDER

Strong academic background combined with 15+ years of experience in building solutions to big problems as developer, researcher, project manager and CTO. Highly
qualified in areas spanning software architecture, security, real-time communications on the web. Has worked for both small companies as well as organisations such as the European Network and Information Security Agency or the European Space Agency, and founded three companies.

Getting Started

Which type of company are you? Choose one of the options below and get a head-start.

Framework Overview

Navigate through the different parts of the Framework


Joomla! Debug Console


Profile Information

Memory Usage

Database Queries