03 January 2018
Engaging the cyber problem
Traditional cyber security relies on static protection methods. In practice, this means that companies make a best guess of their risks and vulnerabilities, and then try to put in defences based on that best guess. In reality, as soon as they’ve finished building defences against those initial threats, attackers have already moved on and are finding different ways of getting into their businesses.
Static approaches are incredibly archaic: not only do you end up in a situation where your defences don’t match your threat profile, but you’re also either entirely unprotected against those threats, or have totally overspent or both. Budgeting for cyber security is an interesting question for any Chief Information Security Officer: “how much budget should I request for cyber security?” If you have no idea what threats you’re facing, that number is actually pretty arbitrary.
Building a dynamic response system
What if, as an alternative, you could have up- to-date awareness of what your threat level is? With this knowledge, you could tune your defences up and down dynamically - based on real-time information.
The idea is to match your resources spend to the threats that you face. What CyberOwl aims to do is fulfil that paradigm: giving people access to a dynamic, proactive defence.
Broadly, contemporary approaches to cyber security focus on three areas:
Our work has started with threat visibility.
- threat visibility;
- the deployment (or ‘orchestration’) of measures; and
- strategy, or how results feed back into visibility and orchestration.
Most organisations already collect data from their network – but they do not necessarily actively engage with it to draw insights on threats that may be present. CyberOwl offers an early warning system for cyber-attacks through real-time monitoring of high value targets for malicious behaviour. Smart software and algorithms conduct large-scale, real-time analysis of this data and pinpoint potential threats. The system then raises an alarm on the network where possible undesirable activity is identified.
The path to the accelarator
CyberOwl began as a research project at Coventry University, which was spun out to become a start-up. Although this is a recognised path, the reality is that we’re not yet particularly good at that in the UK, especially when compared to the US. The original research was shortlisted for the Lloyds Science of Risk prize in 2015; we spun the business out in 2016, and began work on a prototype where we could test our research and algorithms.
As part of this development, we applied and were accepted onto the GCHQ programme. The requirements were that the technology solved a real cyber security problem, was technologically complex and that it could be of interest to both the UK in general and GCHQ in particular.
The three-month programme was intense. We gained access to their experts to help validate and shape the product, and then Wayra (Telefónica’s start-up accelerator) helped us develop the more commercial side of the business and interact with investors. It was a highly intensive acceleration programme to get us product fit, customer fit, market fit – a big and necessary step in our journey.