Type: Product
Category: Security
Sub-categories: Cyber Threat Intelligence, Risk Management, Governance

Cyber Threat Profiler: Real- time risk assessment of cyber-attacks

The Problem
It has been widely publicized that a global shortage of cyber security professionals has caused businesses and governments to struggle to protect their systems and information against a rapidly increasing cyber threat (an HMG report released following announcement of the UK CERT stated there is currently a gap of 500,000 cyber-­‐security professionals and the Cisco 2014 Annual Security Report stated there is a global shortage of more than one million skilled cyber professionals). Highly sought after security experts are required to keep on top of the attacks, using their judgment and experience to prioritise the organisation’s response. It is their job to avert potentially catastrophic attacks. At the same time, cyberattacks are becoming more sophisticated with conventional perimeter defences proving to be insufficient. The result is that security teams are becoming increasingly overwhelmed with the volume of attacks and that security breaches are becoming more frequent. Therefore, security teams need a way of prioritizing their response in order to minimize the risk of compromise and the associated cost and reputation damage as a consequence.

Solution (Value Proposition)
Cyberlytic provides security intelligence software that prioritises the workload of security teams and reduces response times from the most dangerous cyberattacks to seconds. Cyberlytic has developed the Cyber Threat Profiler (CTP). The CTP is an expert learning decision support tool that uses the latest in Artificial Intelligence techniques to provide real‐time risk Assessment of cyber-attacks. The CTP connects to existing security systems, such as Security Information and Event Management (SIEM), Firewall or Network Security Monitors to Analyse detected alerts. The CTP analyses threats derived from the command line injection family Of attacks, where the human interacts with a web site, such as SQL injection and cross site scripting attack. Through a machine learning classification process, the CTP analyses detected alerts in real‐time to assess the sophistication of each attack, the capability of the attacker and also the effectiveness of The attack. This real‐time analysis is used to determine the relative information security risk that each attack poses. Our automated approach to attack classification reduces the dependency on the Human operator to manually triage threats and ultimately reduces the time to respond to the Most dangerous attacks. The CTP uniquely automates the cyber attack triage process in a consistent and repeatable way, supporting the security analyst in making business critical decisions and reducing the risk of Security breach. Cyberlytic is different to other security intelligence companies in that we implement A classification approach that prioritises information detected by other systems. We uniquely automate the business critical process immediately from the point of detection, to the point of response, enabling businesses to focus their attention on responding to high‐risk cyber attacks in an increasingly complex threat landscape.

Key Differentiators
The majority of cyber companies operating in the fast growing Security Intelligence space are focusing their efforts on providing anomaly detection systems or threat intelligence solutions. Effectively adding to the problem of ever increasing volume of security alerts. Cyberlytic is different because we use an innovative machine learning classification approach to prioritise information provided by these and other more conventional security systems. Cyberlytic uniquely automates the business critical process that falls immediately from the point of detection of a cyberattack, through to the point of responding to the threat. The Cyber Threat Profiler analyses underlying attack data to determine the sophistication and effectiveness of a cyberattack, as well as the likely capability of the attacker. Our unique approach is patent pending in the UK, US and Europe and is used to classify attack data to determine the relative risk of each attack in real‐time. We differentiate from other systems in that we address the risk of a live cyberattack that has been detected by another system. This gives us the ability to prioritise the alerts based on the seriousness of each attack. Finally, the Cyber Threat Profiler acts a triage tool; it does not replace existing systems, but uses the information they provide to provide an additional layer of security intelligence, making integration relatively simple and ultimately reducing response times of the most dangerous attacks from potentially days to seconds

Supporting Technology (the 'magic')
The Cyber Threat Profiler (CTP) is a software solution that complements existing security systems to provide real‐time risk assessment of cyberattacks. The CTP uses artificial intelligence, including supervised machine learning, to accurately classify attacks detected by Security Information and Event Management systems or Network Security Monitors. The CTP’s classification process accurately determines the type of attack and how advanced it is. For example, it may be a reconnaissance attack or it may be exploiting a database. By using advanced statistical analysis and linguistic probability, the CTP efficiently and consistently determines the relative risk of command line injection attacks. The accuracy of the CTP ensures serious attacks are immediately highlighted to the security team. Our automated approach to attack classification reduces the dependency on the human operator to manually triage threats, allowing them to respond immediately to the most dangerous attacks

Cyberlytic Team Experience & Contact:



Stuart Laidlaw,Co-­‐Founder and CEO
Stuart is responsible for leadership and direction, sales & marketing strategy, sales execution and financial oversight.

St. John Harold, CTO
St. John is responsible for product and technology roadmap, overall technical oversight and R&D.

 

Stuart Churchill, COO at Cyberlytic
Stuart is responsible for day-­‐to-­‐day operational management of the company, marketing, project management and sales support.

Contact for clients, partners and press:

Cyberlytic
4th Floor, 27 Hammersmith Grove
Hammermith, London, W6 0NE
United Kingdom
www.cyberlytic.com