Startup Cynamics seeks to detect cyber threats for local jurisdictions
Startup Cynamics soon plans to make generally available its cloud-based network-monitoring solution that uses artificial intelligence (AI) technology to detect malware and potential cyberattacks quickly, so quarantine and/or mitigation efforts can be executed before the attacks spreads broadly through a network.
Cynamics CEO Eyal Elyashiv said that many enterprises have a variety of cybersecurity tools, but they often are limited to a specific piece of hardware or a specific area of a network, and the detection capabilities are not strong enough to address cyberattacks before they spread broadly. Cynamics is able to monitor all devices on a network and uses its cloud-based solution to detect anomalies in traffic patterns that are symptomatic of malware or a cyberattack quickly, so the cybersecurity tools can take action before significant damage is done, he said.
“Based on our conversations with customers, we realized that the majority of them already have some sort of mitigation capabilities, but their big issue was detecting the problem,” Elyashiv said during an interview with IWCE’s Urgent Communications. “When they were detecting [previously], the problem was already taking place.
“What we do—because we connect to all of the customer’s network devices—we can pull policies from specific devices in order to perform the mitigation.”
Elyashiv cited a denial-of-service attack as an example.
“Most of our customers use scrubbing centers as a service,” Elyashiv said. “What we can do is detect the hidden patterns that precede the attack seconds before any other solution would and [route] the bad traffic to the scrubbing center in order to mitigate the attack and keep the network of the customer clean and safe.”
Such early detection is critical in the implementation of an effective cybersecurity strategy for a government network, according to Phil Frieder, the CIO for Fayette County, Ga., an early Cynamics customer that is located south of Atlanta.
“Time to detection and confining a virus—whether it’s a man-made or natural virus—is important,” Frieder said during an interview with IWCE’s Urgent Communications. “With Cynamics, what got my interest was the fact that, when they first demonstrated it to me, was the ability for it lessen the time to detection, which is critical in confinement.
“I guess everybody has probably realized that it’s not whether I get infected with a virus. Everyone has gotten a virus; confining the virus is what it’s all about. Especially in the enterprise and smart cities, it’s the pervasiveness of the virus that makes it so lethal or catastrophic.”
Indeed, many cases of ransomware and other cyberattacks are traced to malware that has been on the network for months, contaminating files in preparation for an attack. Without early detection, even strong cybersecurity efforts may not be effective, Frieder said.
“It’s like having somebody in your house,” Frieder said. “The worst attack in your house would be if somebody eats dinner with you, sleeps in your bedroom with you and your wife, gets in your car, and you don’t even know that he’s there.”
Elyashiv echoed this sentiment.
“We are capable of looking into file-access patterns that are usually have certain characteristics, when we perform our normal job daily,” Elyashiv said. “Then, over time, we are capable of creating those specifications that really help us isolate this malicious behavior—the encryption of those files—at the very early stage, before the actual big crisis happens.
“They sit in your network for a while, and that’s the time you need to find them. Once the attack happens, it’s already too late—and this is where they usually find out that they have an issue.”
Cynamics plans to make its network-monitoring solution generally available in April, according to Elyashiv.
In Fayette County’s early use of Cynamics, Frieder said he is pleased with the speed and accuracy of the network-monitoring solution.
“So far, the false positives have been low, but it has recognized the anomalies extremely fast,” he said. “It’s definitely not behind anything else that’s doing something similar from a different approach.
“It’s also a traffic-analysis [tool] that tells us how fast the packets or electrons are moving through the network. If we see a spike or traffic jam on the network—the packets aren’t moving as they should—we would call it an anomaly that would create an alert. We would investigate the alert , ”
Frieder’s background includes providing cybersecurity services within the banking industry, so he has worked with appliance-based security solutions in that industry that are effective, but also very expensive and complicated. The Cynamics offering is effective, affordable and does not require extensive training for personnel, he said.
“Cynamics is easily and quickly deployed,” Frieder said. “A person who works with the county can learn it quickly, so you can deploy it quickly. That means that, if you lose that person, you can put another person in that seat.
“I don’t know how they do it, but with their algorithm using NetFlow, they have been able to take an enormous amount of information and reports that you would have to pour over and look at to come up with a conclusion; it does that in a matter of seconds.
“That’s key. To get the same information from the other products I’ve seen, you may to read five different reports and get a person with a lot more time on the job. [But] I could put someone in front of Cynamics within three or days. The technology is doing the analytical work that the person previously would have done; you don’t have to sit and pull all of this together. That is a real benefit of Cynamics. It is able to evaluate this information quickly and accurately.”
From a budgeting perspective, Elyashiv said that the Cynamics solutions would be available to municipalities for $30,000 per year—without limitation to the number of networks or devices monitored—although there may be some additional costs to larger Tier 1 cities.
Such price certainty is important to local-government jurisdictions, which have to be budget-conscious and cannot afford extra costs, particularly during difficult economic times, according to Frieder. That becomes even more important as jurisdictions seek to leverage smart-cities and smart-buildings technologies utilizing a host of Internet of Things (IoT) sensors that often were manufactured with a focus on functionality and performance, not security.
“Our whole lifestyle—the vitality of the community—really is tied to the sea of technology that all of these counties run on,” Frieder said. “That’s how I look at it, especially with 911. So, a 911 center riding on a sea of technology that’s managed by a technology-deficient person is just set up for disaster.
“Cynamics ties in, because it’s a tool … [and] it’s scalable. So, as government grows, they can budget for it, and they don’t have to keep trying to think, ‘What is it going to cost next year?’ Cynamics is scalable. So, as your infrastructure grows, you don’t have to keep pouring more money into the vendor’s pocket, which comes from taxpayers’ dollars.”
Of course, the most high-profile cyber threats recently have been ransomware attacks, in which a hacker is able to encrypt an enterprise’s data and requires payment from the enterprise in return to a decryption key that enables access to the data.
Such a circumstance is what caused Elyashiv to start Cynamics. While he was serving as the chief operating officer (COO) in the U.S. for Carbyne—a provider of a cloud-based 911 call-taking solution—his visit to one city was undermined by a ransomware attack.
“I had a meeting in one of the Tier 1 cities in the southern part of the U.S., and 20 minutes before my scheduled meeting, I got a phone call from the city chief security officer, telling me that they have to cancel the meeting, because they had been attacked for the past 24 hours, and they don’t really know how to assess the scale of the attack,” Elyashiv said.
“Since I was already in the building and obviously had worked with the IT department for a few months prior to that meeting, I was asking questions about the security measures they were using and the vendors they were using to keep the city’s systems and networks safe. Then, I realized that there is a need for a solution that is built for the unique operations flow of municipalities, local governments, public safety and critical infrastructure.”