Cyberlytic is launching an AI-based counterattack on hackers

31 Jul 201720 Shares

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Image: Dima Sobko/Shutterstock

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Web security start-up Cyberlytic is focused on identifying cyber risk using artificial intelligence. TechWatch editor Emily McDaid decided to find out a little more.

Cyberlytic’s AI-driven web-application security solution uses a traffic light-style system for categorising threat levels and risk from cyberattacks.

The start-up is taking advantage of the deep pool of cybersecurity and AI experts in Belfast, spearheaded by co-founders Stuart Laidlaw, CEO, and St John Harold, CTO. The company – based at CSIT – was founded in 2013 and initially developed its techniques for the Ministry of Defence.

So, what sort of attacks does Cyberlytic prevent? Harold said: “One recent example was TalkTalk, who were compromised by an SQL injection attack, costing the company a reported £60m, including a fine from the government of £400,000. An estimated 100,000 customers had their personal information hacked in this instance.”

He continued: “Our system wades through the volumes of threats, and flags the most dangerous ones. In the case of TalkTalk, as in most hacking cases, the attackers tested the system days or weeks before launching the attack, so there were warning signs. Cyberlytic is about identifying these warnings.”

(Notably, a Northern Irish teenager was among those arrested for hacking TalkTalk.)

Harold described how Cyberlytic determines risk from three perspectives:

  • Sophistication – the length of attack, the type of attack and what keywords it may employ
  • Capability – whether the attacker has been seen before, and what potential damage they may have caused
  • Effectiveness – whether the attack worked
st-john-harold

St John Harold, CTO, Cyberlytic. Image: TechWatch

“The product reduces false positives using several different techniques, and then ranks threats without the need for any static rules. The sheer volume of attacks means that companies can no longer rely on human intervention alone. We automate the triage process, so it’s easy for network and system engineers to respond appropriately,” Harold said.

Cyberlytic has raised just under £1m from angel and private investors, proving its approach has been recognised amongst cyber experts.

But why has web application security been less of a focus until now? Harold said: “Because it’s hard. 10 years ago, the focus was on network layer security because it was seriously lacking in security, and was the easiest way for attackers to compromise organisations, but now, the network layer is more secure. The majority of web applications are bespoke and this makes it harder to use standardised security techniques to protect them.

“Still, attacks are happening, and we know how they’re launched and how they’re delivered. What’s difficult is knowing what good controls are needed to protect an organisation.”

Harold continued: “Each web application is bespoke, so we created a solution that was agnostic of the web application and instead focuses on the traffic and its characteristics. This is where the machine learning aspect becomes critical.

“If there’s a field on a website, where a user enters data, that’s a potential security hole.”

So, pretty much every website or app that we use? “Exactly.”

Harold explained how Cyberlytic is taking AI one step further in the cybersecurity game: “We are one of the few cyber companies using AI beyond just anomaly detection – that is, learning what normal is, and learning when something is abnormal. We use it [to] classify the nature of the web attack and identify the risk associated with the triage process.”

The system makes use of real-time deep packet inspection of all HTTP traffic, making it unique among security providers.

“We help businesses of all sizes that rely on their website to trade or interact with their customers or suppliers. We’re focusing on industries such as finance, retail, healthcare – mainly FTSEs in the UK, the Republic of Ireland and North America,” said Harold.

By Emily McDaid, editor, TechWatch

A version of this article originally appeared on TechWatch

TechWatch: The most significant tech developments in Northern Ireland brought to you by Connect at Catalyst Inc. See www.connect.catalyst-inc.org/techwatch for more information.

editorial@siliconrepublic.com