In the following interview our CTO, Markus Cserna, will explain cyan’s filter technology, provide his perspective on the future challenges for the cyber security industry and give insights on our Seamless Security approach.
Where do you see challenges for cyber security, now and in the future?
The biggest challenge and risk is clearly the increased utilization of mobile devices both in business and in private life. People are using connected mobile devices to control industrial installations the same way they use them for streaming videos at home. With these use cases comes the need for increased bandwidth and low latency. 5G solves both problems at once but obviously brings new challenges for security systems. Security solutions in mobile networks are often based around endpoint solutions or technology such as deep packet inspection, both of which have significant disadvantages in a modern network environment.
How does cyan’s filter technology work?
cyan’s core technology is based on DNS filtering. DNS, short for Domain Name System, is like the telephone book of the network, resolving domain names such as www.facebook.com into an IP address that identifies the web server. With our DNS filter integrated into a service provider’s network, and the user being identified as a subscriber to the cyber security product of its operator, all those «telephone book» queries are checked in real time. If our filter engines find something suspicious, the end user’s DNS request is redirected to a safe landing system, where he or she is informed about the threat. To identify the threats in the DNS traffic, cyan crawls the Internet 24/7 and looks for new web sites, suspicious content and malware distribution. cyan scans this websites constantly with our 25 algorithms to detect traces of attacks, identify them and ultimately warn end-users.
How often are your filters updated globally?
At the moment, our update cycle is 2 hours which means that every 2 hours we export our research learnings into a signature database that is then pushed to the service provider’s installations.
We aim to bring this down to almost real time. Meaning that, as soon as we find a new threat, built a signature or tuned our artificial intelligence models, we stream it directly in the installations and therefore subsequently protect the end customers immediately from a new threat. We are expecting this to be live in 2021.
How do you actually identify these threats?
We employ 25 algorithms, ranging from simple keyword matches on the domain name itself, text analysis of content and image recognition to detect hidden content inside images, up to very sophisticated approaches using artificial intelligence, machine learning and patented sandboxing technology. These highly sophisticated algorithms are what makes the difference in favor of cyan. AI is heavily used to detect modern malware traffic such as ransomware. These attacks hide their traces behind daily changing domain names for their command-and-control channels. AI is used to detect the patterns and is subsequently able to predict the future in form of domain names. This may sound like from a Science Fiction movie, but that’s actually what we are doing.
What is your USP in the market?
Clearly this is our Seamless Security approach. We are the only vendor that provides network-based and device-based security out of one hand, which is a truly convergent solution. The benefit for the network provider is to be able to offer a full cyber security product range, covering all the use cases under its own brand, following our white label approach. All managed through a single portal.
Be it the private user’s internet protection, a small business solution with bundles of OnNet and endpoint security for multiple devices or a child protection offering. Everything can be combined individually and brought to the market easily. A classical anti-virus company or an external solution partner needs a 3rd party to provide their solutions to the market, we can do that without such an external partner.
What are the drivers for MNOs to offer cyber security products?
The motivation for network providers to offer cyber security products has different drivers.
First, cyber security is a topic that is widely accepted and most people are aware of the dangers, but rarely do they know how to mitigate them.
Second, over the top players generate revenues with the end-users but exclude the service providers from these revenues. That’s a problem service providers had in the past with the likes of Facebook, Twitter, Google, Apple and others, who have created a huge ecosystem of value-added services, limiting the service provider to that of a bit pipe. With security products from cyan, network providers can regain control and realize significant revenues with the OTT product.
Third, observing the success of security products in other markets, there is, without a doubt, a rising demand of network providers to launch services under their own brand into the market. Especially in the wake of our roll-out with Orange, we are seeing an increasing number of providers opening talks with us.