CyberLympha Thymus

Main articles:

• Machine learning (Machine Learning)
• Security Information and Event Management (SIEM)

CyberLympha Thymus is a software package using the intellectual algorithms providing automatic studying of the scheme of information flows and work of separate nodes of the protected system in the absence of specifications of protocols and any additional information about features of the protected system.

2021: Obtaining patent

The Sayberlimfa company announced on February 11, 2021 obtaining the patent for technology of identification of anomalies in network functioning of an automated system. Patent No. 2 738 460 is granted by Federal Service for Intellectual Property (Rospatent).

The patented technology became a basis for CyberLympha Thymus solution development – the systems of identification of computer incidents. CyberLympha Thymus uses the methods of machine learning allowing to study the protected system in completely automatic mode for the subsequent effective identification of anomalies in its work which can be a consequence of a computer incident.

Unlike the traditional sensors of the invasions using signatures of the known attacks or solutions, fixing abnormal values of general options of network interactions (like quantity of network packets, their average size or transmit frequency), in CyberLympha Thymus methods of the return engineering of network traffic and mnogoagentny modeling are applied that provides higher accuracy of identification of anomalies and also allows to analyze the reasons for which the algorithm carried the recorded status to abnormal. The linking of these methods formed the basis of patent technology of identification of anomalies.

The method of the return engineering of network traffic allows to make deep inspection of packets of protocols for which the strict specification of a format in a system is not described – this specification forms automatically during training of a method. In an analysis result of network traffic the method creates network topology to the protected system and the protocol of interaction of separate nodes of a system – this information arrives on an input of the following method.

The method of mnogoagentny modeling builds system model as sets of the agents communicating among themselves that allows model to predict a system behavior in general. When fixing deviations of signals in a real system from predicted by model a method fixes anomaly. Advantage of such method of identification of anomaly is the possibility of localization of a point and specific parameters which caused reference of an observed status to abnormal.

CyberLympha Thymus has an opportunity full integration with systems monitoring information security (cybersecurity), in particular with the software package CyberLympha DATAPK which is the main source data for CyberLympha Thymus. Such approach increases efficiency of process of identification of incidents of cybersecurity and also helps to localize most precisely the assets affected by a cybersecurity incident. Further it allows a system to transfer necessary data to the systems of the class SOAR for automatic elimination of effects of an incident of cybersecurity.

In the next years significant growth in the market of automation is expected, at the same time we observe, also the number of cyber attacks to the automated control systems (ACS) how intensively grows. For February, 2021 there are no systems which are completely protected from cracking and are not subject to risk of implementation of threats of cybersecurity. It requires development of technologies of identification of incidents of cybersecurity, including, using methods of machine learning, – the director of the company Sayberlimfa Alexey Shanin comments.