At CyberPoint, we've worked on some amazing projects, developed innovative products and services, and have been granted a few US Patents along the way. Click on the items below to read more about each one.
Secure the Internet-of-Your-Things with AKUA
AKUA Secure Logistics brings together a strong heritage in cyber-security, supply chain logistics, and big data analytics. Our principals and founders are recognized as leaders in creating smart supply chain technology and solutions, and bringing security to the Internet-of-Things for supply chain logistics. By combing our legacy in cyber security and supply chain logistics, AKUA has created the industry's first global, end-to-end physical and cyber secure logistics solution. Visit website.
Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for assessing cyber threats. In some implementations, data indicating a time window is received. Data indicating at least one dynamic Bayesian network (DBN) is accessed. A plurality of simulations are performed using the DBN, and outcomes of the plurality of simulations are sampled according to the state of the DBN representing the end of the time window. Based on the sampled outcomes of the simulations, a measure of impact of the computer-based threats to the organization over the time window is determined. The determined measure is provided for output to a user.
(un)compromising red team service
CATO is a cyber security operations platform. Instead of providing a commodity assessment, CATO provides novel red team services that closely match the operational cadence of real-world attacks. CATO enables customers to have much better insight into their security posture by witnessing well-trained and tool-rich operators attempt to gain access to their network. CATO is the next evolution in offensive services.
CyberPoint SRT built the CATO model from its combined decades of penetration testing and red team experience. While SRT has had great success helping customers secure their networks by proactively identifying methods of entry, SRT believed there was an opportunity to substantially improve this process to provide more effective results. Learn more.
Your Cyber Security News Connection
The CyberWire is a free, community-driven cyber security news service based in Baltimore. Their mission is to provide concise and relevant briefings on the critical news happening across the global cyber security domain. In an industry overloaded with information, they also help individuals and organizations rapidly find the news and information that's important to them. Visit the CyberWire website.
Quantifying Cyber Risk in Terms of Dollars and Cents
In a world where conventional wisdom says you will get hacked, you bought one of everything to try to thwart the attack and protect your crown jewels. And as the threat — and your business — evolves, so does your cyber risk. With CyberPoint's CyVaR technology, our customers know that on any given day, they can prove they have lowered the company's cyber risk to secure the value of their business. We believe the biggest security threat facing companies today is the fuzzy picture of cyber risk and expensive complacency that have led to misguided security investments. Learn more.
Malicious Digital Artifact Identification & Analysis
Any digital artifact—any file, program, document, image, link, script, or email—is potentially malicious. DarkPoint makes it easy to identify which ones actually are, and what you can do about it.
DarkPoint puts a powerful set of automated analytical tools at the fingertips of your help desk, security operations center, forensic investigators, and even ordinary users. Novice users can get quick answers about suspicious artifacts just by uploading them and reviewing a report, and experts can dive deep into the technical details and behaviors of advanced threats. Learn more.
Test Drive your future with LifeJourney™
LifeJourney is an online experience for schools that empowers students to test-drive future STEM careers and learn directly from top industry professionals. Our mission is to provide students in schools across the nation the opportunity to learn about STEM careers, develop new skills, and understand industry challenges with the goal of helping them find their own passion. Visit website.
United States Patent granted on May 24, 2016 to CyberPoint for Methods and System for Malware Detection. Invented by Mark McLarnon, Mark V. Raugas, Ryan Fisher, Nate Rogers and Michael Kolodny.
Methods, system, and media for analyzing a potential malware sample are disclosed. A sample for malware analysis may be received. The sample may be received through a web interface. The sample may be analyzed using a plurality of analyzers implemented on one or more computing devices. The analyzers may perform a sequence of configurable analytic steps to extract information about the sample. The extracted information may be displayed to a user through the web interface.
United States Patent granted on March 15, 2016 to CyberPoint for Methods and System for Malware Detection. Invented by Mark V. Raugas, Rebecca A. Borbely, Michael W. West and James L. Ulrich.
Methods, system, and media for detecting malware are disclosed. A network may be monitored to collect samples of the network traffic. Feature vectors may be extracted from the sampled network traffic. One or more machine learning models may be applied to the feature vectors to produce a score indicative of the presence of a particular type of malware. One or more scores obtained by applying the machine learning models may be fused by another machine learning model into a resulting score. A threshold value may be calculated to accompany a score indicating the likelihood that the traffic sample indicates the presence of malware and the likely effectiveness of planned remediation effort. An alert may be generated from the score and the threshold when the threshold is acceded.
United States Patent granted on November 24, 2015 to CyberPoint for Similarity Search and Malware Prioritization. Invented by Charles Cabot, Rebecca A. Borbely, Michael W. West and Mark V. Raugas.
Methods, system, and media for determining similar malware samples are disclosed. Two or more malware samples are received and analyzed to extract information from the two or more malware samples. The extracted information is converted to a plurality of sets of strings. A similarity between the two or more malware samples is determined based on the plurality of the sets of strings.
DARPA’s Space/Time Analysis for Cybersecurity (STAC) Program
As new defensive technologies make old classes of vulnerability difficult to exploit successfully, adversaries move to new classes of vulnerability. Vulnerabilities based on flawed implementations of algorithms have been popular targets for many years. However, once new defensive technologies make vulnerabilities based on flawed implementations less common and more difficult to exploit, adversaries will turn their attention to vulnerabilities inherent in the algorithms themselves.
The Space/Time Analysis for Cybersecurity (STAC) program aims to develop new program analysis techniques and tools for identifying vulnerabilities related to the space and time resource usage behavior of algorithms, specifically, vulnerabilities to algorithmic complexity and side channel attacks. STAC seeks to enable analysts to identify algorithmic resource usage vulnerabilities in software at levels of scale and speed great enough to support a methodical search for them in the software upon which the U.S. government, military, and economy depend.
Software systems can be vulnerable to algorithmic complexity attacks in situations where an adversary can efficiently construct an input that causes one part of that system to consume super-linear space or time processing the input. The adversary's goal is to deny service to the system's benign users, or to otherwise disable the system by choosing a worst-case input that causes the system to attempt a computation requiring an impractically-large amount of space or time.
Side-channels are unintended indirect information flows that cause a software system to reveal secrets to an adversary. While the software may prevent the adversary from directly observing the secret, it permits the adversary to observe outputs whose varying space and time characteristics are controlled by computations involving that secret. Given sufficient knowledge of how these computations work, the adversary can deduce the secret by observing some number of outputs.
Because algorithmic resource usage vulnerabilities are the consequence of problems inherent in algorithms themselves rather than the consequence of traditional implementation flaws, traditional defensive technologies such as Address Space Layout Randomization, Data Execution Prevention, Reference Count Hardening, Safe Unlinking, and even Type-Safe programming languages do nothing to mitigate them.
The STAC program seeks advances along two main performance axes: scale and speed. Scale refers to the need for analyses that are capable of considering larger pieces of software, from those that implement network services typically in the range of hundreds of thousands of lines of source code to even larger systems comprising millions or tens of millions of lines of code. Speed refers to the need to increase the rate at which human analysts can analyze software with the help of automated tools, from thousands of lines of code per hour to tens of thousands, hundreds of thousands or millions of lines of code per hour.
The STAC program includes four Technical Areas (TAs). Technical Area One (TA1) performers are the Research and Development (R&D) teams charged with the development of new program analysis techniques and tools to identify algorithmic resource usage vulnerabilities in software. TA2 performers are the Adversarial Challenge (AC) teams charged with producing challenge programs with known algorithmic resource usage vulnerabilities for use in testing within the STAC program. In order to measure technical progress, there will be a series of competitive engagements throughout the STAC program in which R&D teams will attempt to use their techniques and tools to find the algorithmic resource usage vulnerabilities in the challenge programs produced by the Adversarial Challenge performers. TA3 is the Control Team performer charged with applying present-day analysis techniques to the same problems as the R&D teams during engagements in order to provide a baseline for comparison. TA4 is the Experimentation Lead (EL) performer who will plan each engagement, manage the event and collect measurements of the results.
Collaborate with confidence
Collaborative cybersecurity initiatives have consistently been held back by the simple fact that sharing useful incident data could not be done without some level of legal, market, privacy or reputational risk to companies. This risk either prevents or greatly delays organizations from participating in the exchange of actionable cyber incident data, as companies understandably must first work to understand the potential liability. In order to improve our cybersecurity defenses, it is critical that we remove, or at least materially reduce, the risks of sharing cyber incident data. TruSTAR directly meets this challenge. Visit website.
DARPA’s Vetting Commodity IT Software and Firmware (VET) Program
Government agencies and the military rely upon many kinds of Commercial Off-the-Shelf (COTS) commodity Information Technology (IT) devices, including mobile phones, printers, computer workstations and many other everyday items. Each of these devices is the final product of long supply chains involving many vendors from many nations providing various components and subcomponents, including considerable amounts of software and firmware. Long supply chains provide adversaries with opportunities to insert hidden malicious functionality into this software and firmware that adversaries can exploit to accomplish harmful objectives, including exfiltration of sensitive data and sabotage of critical operations.
Organizations often attempt to manage supply chain risk indirectly by investigating manufacturers and their business relationships, currently no accurate and cost-effective technical means exist for large enterprises to directly examine the software and firmware commodity IT vendors provide with every individual new device and update. In fact, a common perception among government and industry alike is that the problem of enterprise-scale vetting of the software and firmware on COTS IT devices is so difficult that it is unapproachable.
DARPA created the Vetting Commodity IT Software and Firmware (VET) program to address the threat of hidden malicious functionality in COTS IT devices. VET's goal is to demonstrate that it is technically feasible to determine that the software and firmware shipped on commodity IT devices is free of broad classes of hidden malicious functionality. The program supports the White House's 2009 Comprehensive National Cybersecurity Initiative, which specifically named developing a "multi-pronged approach for global supply chain risk management" as a key national security goal.
Specific VET program objectives include:
These three advances in combination would give government agencies a new capability: the ability to gain confidence in the software and firmware on their commodity IT devices by directly examining the devices themselves, rather than reasoning about their provenance.