Uses artificial intelligence and machine learning techniques to dynamically react to new network and endpoint system conditions in order to detect and thwart threats
About
Wouldn’t it be great if your computer could recover from infections and viruses like we can? Our product is based on the biological immune system present in nature, and seeks to emulate the immune system’s ability to detect and respond to previously unknown threats. This is a highly innovative approach to cyber security that will eliminate the need for static signatures – which quickly become outdated – to detect malicious software and behaviour, both on a user’s device, and within computer networks. By developing an approximate model of a biological immune system for endpoints and network devices, we will allow an endpoint or network component to detect new and novel threats without the need for signatures. Enabling endpoints and network components to communicate threat data on an exception basis, we ensure that the network can dynamically react to threats using SDN techniques to isolate infected hosts, disrupt C&C channels, and enforce additional security mechanisms, such as honeypots, IPS and DNS security on a dynamic basis. Through our use of SDN techniques, the system can integrate with any traditional network, using an overlay structure to allow dynamic communication between system components, and ensures that the deployment to production networks can be phased to ensure sufficient training data for a given network has been consumed, before going into production. Figure 1 Shows the overall system architecture from the network point of view. Sonnach’s Network AIS integrates on an SDN controller – OpenDaylight, for example – and uses the SDN controller to push changes to the network, based on threat data produced by the NAIS and EAIS components. EAIS can interact with the network, as shown in Figure 2, allowing the network to dynamically re-configure itself based on endpoint threat data. This combination of data from the network and the endpoint is what allows the Sonnach AIS to drastically reduce the efficacy of new and custom threats deployed to a target network. Threats can be contained faster, at a closer point to the source, ensuring that successful penetration of a network has reduced impact and is easier to remediate. Figure 1 - Sonnach AIS Network Architecture Figure 2 - Sonnach AIS Endpoint Communication with NAIS With the emphasis on software and offloading of decision making to a network controller, Sonnach is ideally placed for integration into embedded computing environments, industrial control systesm, and IoT solutions, especially since such environments will have a much more easily learned “normal” operational state.