FRAMEWORK


Many times technology looked for inspiration among various marvels created by the nature as part of the evolution process. Any sophisticated living organism relies on a layered defense system for protection against external threats. The same can be applied to cybersecurity solutions - modern tools implement similar methods that can be observed in immune systems operation, and, just as natural immune systems, can be divided into several classes in accordance with their purpose and operation principles.

SURFACE BARRIER

The first line of defence against any pathogens is the surface barrier. This barrier functions as a means to destroy any pathogen before it infiltrates the system. However the surface barrier is a very crude tool - anything that comes from the outside is considered hostile and must therefore be destroyed. This perfectly reflects the idea behind the first security measures, that utilize the general strategy of "Deny all that has not been allowed explicitly". This class of solutions includes all access control tools, perimeter defense tools (i.e. firewalls), connected devices control solutions and so forth.

INNATE IMMUNE SYSTEM

Innate immune system operates on the inside and is purposed to counter the pathogens that succeded in penetrating the surface barrier. This immune system operates several signature databases: it has a general idea of what a pathogen 'looks' like (a blacklist that contains certain properties) and it also knows how to detect cells that belong to the body (a whiltelist). In the security world this role is taken by various signature-based detection and malicious activity response tools, such as: SIEM, IDS/IPS and antivirus solutions. CL DATAPK belongs to this class as well.

ADAPTIVE IMMUNE SYSTEM

The final line of defense is the adaptive immune system - the most complex and the least explored, however the most powerful immune system, that is developed by the body throughout its life course. It is able to detect a previously unknown pathogen that has succeded in breaking in and has not been recognized as hostile and neutralized by the innate immune system. Two special cell types are required to detect such pathogen: M-cells - rapid response antibodies, that deliver a fast though somewhat innacurate and therefore inefficient immune response; and T-cells - specialized antibodies that act with a superior precision, as compared to M-cells, however their genesis requires a time period, that is used by the body to 'study' the pathogen. This approach is actively used in contemporary security solutions. A typical 'Security M-cells' are tools designed to detect non-specific changes in the protected system (anomaly detectors) - NTA, NAD, EDR and others. 'Security T-cell' solutions are far more advanced and capable of studying the protected system in order to create a model of the system operation that can be used to detect inconsistencies between the modeled and observed system operation. This solution class includes various behaviour analysis tools: UEBA, Industrial Behaviour Analytics and others. CyberLympha's innovative CL Thymus is a great example of this kind, providing the most accurate and precise malicious activity detection for industrial control applications.

Our products are based on a robust composition of well-established IT security technologies and pioneering developments in data science, AI and ML. 

CyberLympha team takes active participation in security approach and methodology research projects together with leading educational and scientific organizations.

We take lifecycle approach to every project that we participate in. Starting with consulting services and initial assessments and working through proof-of-concept and pilot projects all the way to overall system design, implementation and commissioning. And of course, all of our installations are covered by vendor support.