Behavior Computation to Tackle Cyber Threats

It was one of the worst financial crises in American history and a very difficult time for myself and family,” Joseph Carter reminisces the story behind inception of R&K Cyber Solutions. Like many others, Carter found himself unemployed for almost a year, left with nothing but a VA disability check provided from his prior service with the US Navy. Being a hard soul to defeat, Carter, who holds more than 15 years of engineering experience in the security systems architecture design, software development, IT security, and vulnerability management, dedicated himself to create a company after asking the question “Lord what should I do”, which, today, has grown to become an award winning provider of Application development and Cyber Solution, specialized Information Assurance (IA) services, and Certified Security processes to all the U.S. Federal Government (Civilian, DoD, and IC), and to customers in selected commercial markets. As Carter puts it, placing Christ at the head and in the middle and placing people above things served as a foundation for the company, keeping it afloat in some of the worst financial difficulties the U.S. has seen over the recent years.

R&K’s culture draws inspiration from Carter’s nine years of experience as an operations professional in the U.S. Navy that exhibits integrity, quality and honesty as core values to building and managing the company. This has earned R&K the opportunity to offer Cyber Solutions to multiple DoD and Federal customers. Headquartered in Nothern, VA, R&K is a trusted name in providing agency-specific or national level risk, and vulnerability assessments. The company has also developed comprehensive security control assessments for desktops, servers (Windows and Unix, Linux), Web servers, Database Servers, and mainframes.

Hyperion¬Another Name for Security Keeping cost benefit and workforce development at the fore-front of its innovative practices, R&K mitigates cyber breaches that have reached highest cost point in the last 10 years. Cyber-crime is a recession-proof growth industry, and curving cyberrisk is a top priority in the international agenda, as high-profile breaches and other security failures could endanger the global economy. With sophisticated cyber crimes gaining momentum, the lack of a scalable, proactive and adaptive approach to mitigating the risk at the right time, may lead to the recurrence of the 2008 economic downturn. Having realized this, and with an understanding that Cybersecurity approaches are quickly reaching the limits of their potential, R&K has created a new technology to compute the behaviour of software— Hyperion developed on previously licensed technology from Oak Ridge National Laboratory . It defines a new cybersecurity category called Behavior Computation for Application Security (BCAS), and is the only commercially available BCAS system. While there are many static and dynamic analysis products developed and fielded by capable organizations, they have limitations arising from fundamental properties of the underlying technologies that are difficult to surmount, despite best efforts. This is where Hyperion stands apart as it does not use or seek to improve static or dynamic analysis, which means it neither looks for malware in code like in static analysis, nor in execution as in the case of dynamic analysis. Instead, Hyperion applies the mathematical foundations of denotation semantics to compute the behavior of software. It reveals the deep meaning of software, and expresses it as individual cases of behavior that the software can produce. As a result, the effects of both legitimate functionality and malicious operations are computed and revealed in a human understandable format we call a Behavior Specification Unit or BSU R&K doesn’t stop there, and it

capitalizes on the fact that computed behavior makes malicious content easier to find with the help of Hyperion. “The system incorporates our malware expertise and applies it to computed behavior to reveal the presence of malware, if any,” explains Carter. This method will have a compelling impact in the long run, as Gartner predicts that by 2020, 60 percent of enterprise information security budgets will be allocated for rapid detection and response approaches, up from less than 30 percent in 2016. Gartner believes that organizations need to detect and respond to malicious behaviors and incidents, because even the best preventative controls will not prevent all incidents. R&K’s malware expertise is captured through Hyperion’s BSUs which are simple definitions of malicious operations. A client can add to the set of BSUs already present and apply it over and over to new malware, even by junior analysts. BSUs are very general and broadly applicable. One of the great advantages that Hyperion offers is the reduction in usage of time and money, as one can do more with existing staff, while ensuring that throughput, quality of results, and span-of-control are improved with no additional expense. The systems ship with 300 BSUs and during a series of evaluations with a very large fortune 50 and Department of Homeland Security, only one BSU was added while evaluating the product over the past 11 months. This gives you an idea of why we say our fingerprints carry a higher fidelity over todays practice of deploying and managing signatures.

Hyperion is the ‘Fourier Transform’ of cybersecurity, moving from syntax to semantics where problems are recast in a form that enables effective solutions previously unavailable

For instance, the Department of Homeland Security wanted to have a process in place to create a workforce multiplier that would help them scale their job. On being approached, R&K offered Hyperion that has proven to be a huge workforce multiplier. Additionally, R&K automated reverse engineering process that reduced the amount of time spent on conducting analysis per sample to ensure that accurate, reliable information about how the malware functions is swiftly provided to Incident Handlers. As a result, the Department was able to handle a huge number of samples per day, ensuring a great return on investment.

Initiating a Revolution with Hyperion’s Evolution “Hyperion is the ‘Fourier Transform’ of cybersecurity, moving from syntax to semantics where problems are recast in a form that enables effective solutions previously unavailable. This new approach to security is at the beginning, not the end, of its evolution,” explains Carter. Computed behavior provides a wealth of solid information previously unavailable to software engineers and executive management. R&K’s Hyperion Product Development Plan includes applying this automated technology to reduce cost and effort in software development and testing, and extending behavior computation to additional computer architectures and languages. The system is a 2015 winner of the prestigious R&D 100 Award in software and services, selected from thousands of nominations for its advanced technology in cybersecurity. The company employs the inventors of software behavior computation along with the team of cybersecurity experts from Oak Ridge National Laboratory (ORNL), a multi-program science and technology national laboratory managed for the U.S. Department of Energy that developed the Hyperion prototype. This team is uniquely qualified to evolve and support behavior computation technology for R&K’s customers. In addition to Hyperion, R&K possesses on-hand expertise in preventing, containing, responding, eradicating, and recovering from any IT-related incident. The company has a top notch Threat Management team that provides detailed Root Cause Analysis of how and why a particular incident took place and helps ensure that the same incident

does not happen twice. It can further develop customer and Agency Incident Response Plans and Policies for its federal and private sector customers.

Cyber will always move very dynamically and so does R&K’s technology and innovations

Future Endeavours As a Cyber Security Services Provider (CSSP), R&K understands the cyber landscape in full detail. Cyber is so dynamic and fast pace that keeping a watchful eye for improvements and seizing the moment of stepping ahead of our adversaries is the only way to stay relevant in this game. The company is, therefore, always looking for innovative approaches to improve services such as cutting the response time for malware breaches or bring innovations such as Hyperion to pinpoint malware and vulnerabilities in software. In line with this thought are its future endeavours. R&K is planning to launch its products such as host-based, network-based, intrusive prevention systems, along with Hyperion in the near future using a new fingerprint of malware created by Hyperion to enhance these traditional techniques. Dwelling further on innovations, Carter says, “we have noticed that fingerprints created from computed behaviours have high fidelity rate over traditional signatures today and so we have already begun to develop host and network based IDP/IPS and an email security servers that will use new indicators/ fingerprints developed from computed behaviours.” The detection accuracy rate testing we have been conducting is mind blowing. Carter believes that there will always be learning curves in anything associated with Cyber. Cyber will always move very dynamically and so does R&K’s technology and innovations. The longer one stay focused and embraces change, the greater the chances of finding a niche which will help one develop a strong capability and open doors to other areas in cyber.