“If and when AI is weaponized for cyberattacks, the technology becomes evil-infinity,” were the words uttered by an anonymous cybersecurity veteran a few years ago. Turns out, his fears are coming to life. While IT leaders are using AI to enhance cybersecurity, the technology has fallen into the hands of “the bad guys” a.k.a. cybercriminals. In recent years, hackers are leveraging AI to lead automated phishing attacks, and to accelerate polymorphic malware which causes code to constantly change and become undetectable. Taking it a step further, hackers are also relying on AI to bypass anomaly detection engines, and facial security and spam filters, while generating fake voice commands. As hackers become more sophisticated, the optimal way to counter them is by giving them a taste of their own medicine, by fighting fire with fire. Kerubiel, a cybersecurity expert from Hungary, intends to do exactly that through a new AI-based solution that, a) swiftly detects the adverse effects of a data breach, b) chooses the appropriate mitigation action, and c) advises security analysts on requisite actions. This retaliation solution, which will essentially replace security analysts with an AI-driven network security solution, can be directly integrated into protection tools such as network intrusion, fraud detection, spam filters, and incident response. Such a need—to augment human beings with machines—is growing more prominent by the hour.
In Europe, especially, the implementation of GDPR has amplified the pressure felt by enterprises to prevent unlawful data processing, data breaches, and adverse network security events. While the conduct of data controllers has never been more scrutinised, GDPR mandates that an enterprise must report security incidents such as vulnerabilities and personal data breaches within 72 hours, and must have the capability to detect potential security breaches. Against this backdrop, European companies are scrambling to establish security operations centres (SOCs) in order to report a breach of security events per regulations. However, for security analysts to process information from a massive pool of data, check their compliance with GDPR norms, and/or detect malware elements, within a limited timeframe, is a tall order. Kerubiel will simplify the labour-intensive process courtesy its new AI-based solution slated to launch in 2020.
“You can’t compare the data-processing capabilities of a security analyst with an AI-based solution,” reasons László György Dellei, the CEO of Kerubiel. The solution will inhabit the intrinsic intelligence to differentiate between a false positive and a true positive, capitalise on natural behaviour, analyse anomalies, and detect the risk level, before advising system security analysts on the retaliation course of action. The solution isn’t the result of a strategy that was hatched overnight. “We started working on it more than 18 months ago,” informs Dellei. For years, Kerubiel has delivered a wide range of cybersecurity services which covers various aspects of IT security, IT audits, data protection, information security, and most recently, GDPR. This diverse background has helped Kerubiel design its upcoming solution—a comprehensive network security solution that “acts more than just a firewall” and includes functions driven by strategic intelligence and machine learning.
Although the solution will be delivered to enterprises as a security-as-a-service, Kerubiel will offer its clients in the government sector an appliance model specifically designed to secure more complex networks. “Government-based organisations don’t rely (or trust) on a cloud-based service model. As such, we will accordingly customise the solution for them,” adds Dellei, before highlighting Kerubiel’s expertise in building solutions for the government sector. “If a bi-national security division requires this solution, it won’t take us more than three weeks to integrate with their network and go live. No other company in Hungary can claim that,” he says. Securing Networks for Government Bodies Kerubiel’s ability to rapidly deploy customised network security solutions—for the government sector—can be attributed to its history of working with various government organisations in Hungary. For example, a few years ago, a government agency wanted a firewall with a spam-filtering option to secure its network. Kerubiel understood the exact requirements, developed a customised operating system, before adding firewall and spam-filtering functionalities to the same. Although the client was content with the firewall, Kerubiel was keen on integrating AI and machine learning modules to further enhance the network security.
A few years into the project, Kerubiel is on the verge of deploying its brand-new AI module into the client’s networking environment. “We have passed the POC stage and will be integrating their network security with an AI module at the start of 2020,” reveals Dellei. According to Dellei, “earning the trust” of government agencies is imperative, “Every beginner hacker targets a government agency first and foremost. Across the world, government networks are always the most vulnerable and require maximum protection,” he says. After launching its AI-based solution in 2020, Kerubiel has plans of working with government agencies in other countries besides Hungary. “Since we already have a POC, we can replicate our success for other European countries as well. We are also targeting countries such as Israel and the U.S.,” he says.
Vast Knowledge of Market Vendors Since its inception in 2017, Kerubiel has succeeded in pinpointing the appropriate solution for its clients—the likes of Impact Asset Management, Euzert Union Training, GRÁNIT Bank and Aegon Hungary—and guided them during their journey to protected networks. To do so, Kerubiel has forged a number of strong partnerships with technology vendors and accordingly deployed solutions that best fit a customer’s requirements. “We understand that different vendors work optimally for various customers. Our knowledge of the best vendors in the market is a huge advantage,” asserts Dellei. Before deploying its solution, Team Kerubiel does a thorough background check into how its customers collect and manage data, their existing policies and processes, and the loopholes within their networks. Dellei elaborates, “We are always looking to find the vulnerabilities in their networks and the kind of cyberattacks they are likely to face. Once we ascertain their weakest points, we ensure that all their data is transferred and secured until their network is revamped and a firewall is installed.” A key differentiator of Kerubiel is its ability to work with organisations of all sizes. Especially in the context of data privacy (GDPR), Kerubiel is able to help the smaller organisations that can’t afford SOCs and expensive security analyst teams. “Since GDPR advises the need for technology solutions, a number of SMBs struggle to comply with the requirements. This is where we are able to help them tremendously, due to our strong ties with market vendors,” says Dellei.
To that end, Kerubiel is able to implement technology implementations, endpoint security solutions, and data classification solutions to organisations that are typically budget-strapped. Kerubiel’s GDPR services include a GDPR Preparation Program in which the company persuades its clients “to leave behind negligent attitudes” and to embrace GDPR readiness. “Proper processing of personal data strengthens consumer confidence in the digital age. That’s why organisations shouldn’t shy away from GDPR and should accept it as a competitive advantage,” adds Dellei. As part of its GDPR services, Kerubiel also provides each client with a data protection officer (DPO). The DPO service, suitable for both data controllers and processors, is provided in close cooperation with a client’s management team, communication officers, lawyers, and information security officers.
To provide its GDPR services, the company has also developed a special methodology, which is based on the best practices in this realm, including ISO 27001 and NIST 800-53. Making Waves in the Health Sector In addition to its core focus on data privacy and data security, Kerubiel’s impending AI product is expected to impact the health sector, too. Starting in October, 2019, the company will undertake an R&D project, which aims to provide a virtual reality (VR) powered game to heart patients who have suffered a stroke. According to Dellei, the game would help such patients regain their normal life by curing vascular dementia—a common after-effect of stroke. “The idea is to help them rehab faster,” he adds. Besides the VR solution, Kerubiel is also developing a new IoT-based solution to aid the orthodontic market, simplifying life for both dentists and their patients.
Also worth mentioning is Kerubiel’s pursuit of joining the newly-established Hungarian AI coalition—a partnership between the country’s state agencies, leading IT businesses, and universities. Dellei says, “We are thrilled at the possibility of joining the coalition since it would open up new avenues and help us advance the implementation of AI in Hungary’s businesses. Our connections with various government agencies and our expertise of the AI technology hold us in good stead.” Steering ahead, Kerubiel aims to make its impending AI security-as-a-service a global offering that can be availed by enterprises across the world. Already a renowned cybersecurity trainer, advisor, and service provider in its country, Kerubiel believes it has the expertise and aptitude to transcend borders and reach new markets. Most importantly, Kerubiel trusts in the competency of its “multi-faceted” team and considers the same its prime asset. “We have an information security expert who also excels in privacy and physical IT security. Similarly, we have a data architect who is also a lawyer,” Dellei adds. Kerubiel has also put its faith in a well-established sales team that can help its entry to newer markets across the U.S. and Europe. Dellei wants prospective clients to note that Kerubiel’s knowledge isn’t limited to computer science, “We draw on the business experience own employees and accordingly compile our comprehensive suggestions and advice. We look within before looking out.