We use 25 different methods to identify threats and categorize websites.
During this month, we will continue to highlight our most significant developments and happenings. In this post, we focus on our threat detection methods, which we are constantly improving.
Threat detection is the process of identifying actors or technology that has the potential to cause harm to a machine or a network. At cyan, our team of data scientists protects our partners digital life by constantly analyzing a large amount of data traffic, around 1000 billion queries per month, from various sources of the internet.
The data traffic goes through different stages of our security analysis process, where it is grouped and verified at specific levels. We use 25 different methods to identify threats and categorize web sites. Our methods range from simple text analysis as keyword matching or static script analysis, going through image recognition techniques, machine learning and multi-domain correlation. Suspicious domains are included into our research environment as an additional source of information. This environment is operated by over 200 virtual data centers worldwide.
Constantly updated database
Machine learning, ML, is one of our main methods to perform effective threat detection. ML empowers automatic reasoning and decision-making and makes it possible for us to recognize patterns in data traffic and thereby create accurate predictions for malicious content and malware.
Our data scientists focus their research on stopping distribution of ransomware or malware before it hits our partners devices. We are running content analysis 24/7 and provide the results to our threat database of malicious content. This database is updated every second hour and targeted at including new threat findings directly into the engines of our partners.
To define content on the internet we have more than 40 different categories within our database. For example, amazon.com is categorized as a shopping site, meanwhile smirnoff.com is categorized as a site about alcohol. Furthermore, we offer our partners a customized solution, where we create content categories suitable to their profiles. Partners can provide us with their local top domains and through our solution, internally verify the categorization. This makes it possible to perform constant quality checks and rapid interventions if we discover suspicious activity.
Our methods to detect cyber threats are constantly improving. Lately we gained new insights into our quality by performing tests with potential partners. These new insights have helped us to improve our threat detection services for our customers. We have managed to significantly increase the number of recognized malicious domains for one of our active partners. And for the account of another one, we achieved a correct classification of 99.998 % of their web traffic during a period of a few weeks after their onboarding.
In the future, we will continue to develop our threat detection methods and to perform tests with our partners to gain new insights. We will carry on offering the best possible protection to our partners and end-users.