Connect with us

Hi, what are you looking for?


Network Security

Security Start-up Pushes Threat Detection, Correlation With New Platform

A security startup is pushing a mix of threat correlation, sandboxing and traffic inspection to address the challenges posed by sophisticated malware and zero-day attacks.

A security startup is pushing a mix of threat correlation, sandboxing and traffic inspection to address the challenges posed by sophisticated malware and zero-day attacks.

Emerging from stealth mode, security vendor Cyphort announced the general availability today of its Advanced Threat Defense Platform a month after being named a finalist in the RSA conference’s 2014 Innovation Sandbox competition. The platform combines a number of detection methods together with machine learning and a threat correlation engine.

“Cyphort consists of software-based collectors that are placed at various locations on the networks, including ingress and egress points,” said Anthony James, vice president of products and marketing at Cyphort. “[The] collectors can be deployed as software running on commodity hardware or as VM running on Hypervisor and collecting traffic from virtual TAP ports in a virtual environment and cloud. They are much easier and cost effective to deploy then installing dedicated appliances. Customers can scale collection across their distributed organization cost effectively as the software is provided free of charge.”

According to the company, the product’s architecture separates the collection of traffic from threat detection and analytics without having to deploy appliances everywhere. It also combines multi-sandbox inspection of content with a machine-learning system.

“Sandboxes are part of the inspection phase,” James said. “Suspicious objects are executed in three separate sandbox environments including a VM sandbox, emulation sandbox and a custom image sandbox. Several thousand data points are collected as part of this inspection and used by our machine learning analysis engine to detect malware.”

To block zero-day attacks, the technology relies on dynamic inspection in the sandbox along with the machine learning analysis engine. The platform correlates information and prioritizes threat based on threat intelligence, the particular users and devices targeted and infected and command and control traffic. The product also can dynamically generate policies for firewalls, Web gateways and IPS signatures that can be implemented through the management consoles of those respective products.

“The release we will be demonstrating at RSA (2.5) will include the ability to dynamically update firewalls with the ability to block sources of advanced threats and Internet destinations known to be used for data theft,” James said. “As part of our threat identification process, we extract IP addresses and URLs that are known to be involved in the actual threat. This information can then be dynamically pushed to customers existing firewalls so that immediate protection can be implemented not only for the initially intended victim, but for all other users across the enterprise.”

Advertisement. Scroll to continue reading.

“Many organizations are either insufficiently tooled to sift through the haystack of presented threats, unequipped to identify which events present real risk to their organization, or both,” said David Monahan, an analyst with Enterprise Management Associates, in a statement. “Cyphort’s ability to identify and prioritize events using a context-based risk ranking helps organizations to respond with significantly higher agility, precision and effectiveness.”

Currently, the Cyphort Platform is able to analyze content across both Windows and OS X environments. Support for Linux is slated to come later this year. 

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Network Security

Our networks have become atomized which, for starters, means they’re highly dispersed. Not just in terms of the infrastructure – legacy, on-premises, hybrid, multi-cloud,...