One of the biggest problems with identifying cybersecurity breaches is knowing that they happened at all. Too often, attackers breach companies’ defences and remain undetected — until it’s too late.
A new South African start-up, Snode, incubated by fast-growing South African fintech company Hello Group but now spun off as its own business, has developed a solution that it believes will help IT departments identify suspicious behaviour as it’s happening, even when traditional security measures like firewalls fail to stop intruders.
Snode, which was founded by cybersecurity expert Nithen Naidoo, has developed technology that alerts companies to the tell-tale signs that a cyberattack might be about to take place.
“If you are looking for fraud only at the point where it occurred, you will always be reactive,” Naidoo said. “But if you can predict the fraud by looking at precursor patterns, you can prevent it and become proactive in your response.”
Hello Group CEO Nadir Khamissa said Naidoo became involved with the company about 10 years ago to help it root out cybersecurity breaches and shore up its cyber defences. He became even more involved as the company moved into mobile money transfer with Hello Paisa.
Hello Group, which has provided venture capital funding to Snode, needed something beyond basic firewall and signature (username and password) security mechanisms. “We needed something to understand patterns of behaviour, which is something we could not buy.”
Naidoo built technologies that passively “sniff” all of a company’s network data, differentiating between different types of traffic going through the network in real time using “deep-packet inspection”.
The technology is “aware” of the start and end point of every packet of data, both internal and external, Khamissa said. “This is imperative to be able to understand patterns of behaviour. This enormous volume of data gets put into machine-learning algorithms that understand the patterns and is then overlaid with the expected or traditional behaviour of a user to identify anomalies.”
The problem with most security solutions is the analyst interface “turns into a Christmas tree” of alerts — most of them false alarms — defeating the purpose, he said. “We have invested in pattern-recognition technologies to avoid these false positives. Snode understands patterns of behaviour and eliminates those.”
Snode, Khamissa said, doesn’t replace firewalls and username-and-password-based security mechanisms. Rather, it is a layer on top of those solutions to help companies understand and identify behaviour and vulnerabilities.
“Snode at its core uses mathematics to detect anomalies and patterns in any type of data from any source and understand the behavioural patterns of normal behaviour from abnormal behaviour,” explained Naidoo.
“Just your presence on the network leaves a trace and affects the network in a certain way. Snode understands your systems environment and it has a signature for it. It identifies any stray from what it deems normal behaviour.
“At some point in the early stage of a cyberattack, there would have to be some form of reconnaissance. Snode actively looks for this, whether it’s a hacker doing a port scan, or an employee accessing a system they don’t normally access,” he said. “It does this in real time, with in-flight analytics.”
Although Snode can’t analyse encrypted network traffic, it can still pick up anomalies. “If my encrypted channel suddenly does 2GB of traffic at 2am, that’s an anomaly. Sure, you can mask your identity in various ways, but no matter you do, you are going to influence the system.”
Khamissa said Snode uses machine-learning algorithms to augment human efforts to defend digital networks. “The good guys are completely outgunned in the cyberwar. Attackers are highly motivated and mechanised. In the defence, you typically have a junior guy in IT patching servers, looking at endless alerts. To notch up your defence capabilities, you need something like Snode to augment the defenders of your networks.”
After developing the solution inside Hello Group for many years, it has now been “productised” to be sold to other companies.
Snode has run the solution in various iterations with PricewaterhouseCoopers over the past three years. PwC will now take the product to market as the company’s first reseller partner. It also has customers in South Africa, Nigeria, the UK and Australia.
“Our focus is really on South Africa for now, but we have been getting a lot of requests from abroad,” said Khamissa.
The key industry it intends focusing on is financial services, he said. — © 2016 NewsCentral Media