About Us

Aryaka collaborates with CyLab

Aryaka partnered up with CyLab, Carnegie Mellon University’s (CMU’s) Security and Privacy Institute, to research new threat mitigation techniques and innovate enterprise networking and security solutions. Founded in 2003, CyLab is Carnegie Mellon University’s public/private collaborative computer security and privacy research institute. It is one of the largest cyber security research centers in the United States, with over 100 core and affiliated faculty and 100 graduate students. Aryaka’s collaboration with CyLab will include funding and industry expertise to aid in the research and development of sophisticated security techniques to address today’s most pressing threat issues.

Matt Carter, CEO of Aryaka commented, “We were drawn to CyLab not just because of Carnegie Mellon’s reputation of academic excellence, but because of the holistic reach and breadth of the program. CyLab’s research into AI and ML benefits multiple departments within CMU: humanities, engineering, business, psychology, and  even social sciences. And CMU’s work with government leaders has shaped public policy on security for many years.”

Aryaka is also a sponsor of CyLab’s Future Enterprise Security initiative, which takes a multidisciplinary approach to make complex security solutions accessible to all. Aryaka will use the sponsorship to connect with students, academics, and other key industry partners to make security more accessible and understandable to end-users.

Vyas Sekar, co-director of the Future Enterprise Security initiative commented, “We are thrilled to partner with a company focused on next-generation network connectivity and network security, serving many enterprise customers across many key market verticals.”

Aryaka will provide support at multiple levels throughout the program as a founding sponsor of this initiative. This includes directing research topics based on the most recent challenges and threats our customers are facing, providing industry expertise, data sets for learning and building AI models, feedback on the efficacy of various techniques, and providing students with practical experience through mentorship and internships.

Renuka Nadkarni, chief product officer at Aryaka commented, “Aryaka shares the future of enterprise security vision of CyLab. Together we will develop and innovate security techniques to defend against emerging and immediate risks and democratize it via open source to small and large enterprises. With the acute skills shortage in cybersecurity, most enterprises are faced with tremendous pressure and risk—when strong tools are available to everyone, we’re all more protected.”

Read more articles:

Cyber threat intelligence!

Web application firewall in 2022!

Enterprises employ web application firewall to safeguard their web systems from zero-day exploits, malware attacks, impersonation, and other known and unknown threats and vulnerabilities. A WAF can detect and prevent several of the most critical web application security problems through specialized inspections, which regular network firewalls and other intrusion detection systems (IDSes) and intrusion prevention systems (IPSes) may not be able to perform. Companies that provide products or services through the Internet, such as e-commerce shopping, online banking, and other transactions between customers or business partners, might benefit greatly from WAFs.

A WAF is controlled by a set of rules known as policies. By filtering out harmful communications, these policies try to guard against application vulnerabilities. The usefulness of a WAF is derived in part from the speed and ease with which policy modifications may be deployed, allowing for faster reaction to various attack vectors; for example, rate limiting can be swiftly imposed by updating WAF policies during a DDoS attack.

According to the Infosecurity outlook, the percentage of people who use the internet is consecutively on the rise. It is critical for businesses to build and enhance their online presence as more customers go online and spend more time there. Many companies are already doing this, and others are following suit.

A Web Application Firewall (WAF) examines HTTP requests and applies a set of rules to determine which parts of the communication are benign and which are malicious. The GET and POST requests are the most important aspects of HTTP dialogues that a WAF examines. POST requests are used to submit data to a server to alter its state, whereas GET requests are used to get data from the server.

A WAF can analyze and filter the content contained in these HTTP requests in one of two ways, or a hybrid of the two:

Whitelisting: When using a whitelisting strategy, the WAF will block all requests by default, allowing only those that are known to be trustworthy. It gives you a list of IP addresses that are recognized to be safe. Whitelisting requires fewer resources than blacklisting. The disadvantage of using whitelisting is that it may mistakenly block good traffic. While it can be effective and cast a large net, it can also be imprecise.

Blacklisting: A blacklisting strategy allows packets to pass by default and employs preset signatures to restrict harmful online traffic and safeguard websites or web apps from vulnerabilities. It’s a set of rules for detecting malicious packets. Because public websites and web applications receive a lot of traffic from unknown IP addresses that aren’t known to be malicious or benign, blacklisting is more appropriate. The disadvantage of a blacklisting strategy is that it consumes more resources; filtering packets based on specific criteria requires more information than just using trusted IP addresses.

Hybrid: A hybrid security is a typical model that incorporates both blacklisting and whitelisting aspects.

As we are aware of what a web application firewall is for, here are some of the advantages. A WAF could be a fantastic long-term investment for your website because it can:

  • Ensure that rules such as HIPAA and PCI are followed.
  • By automating security checks and traffic monitoring, you can free up resources for your team.
  • SQL injections, cross-site scripting (XSS) assaults, and distributed denial of service (DDoS) attacks should all be avoided.
  • Prevent customer data from being compromised, protecting trust—and their business.

WAFs are based on a set of rules known as policies and can be deployed as hardware, software, or both in the cloud. These policies instruct the WAF firewall on what to look for in terms of vulnerabilities, gaps, and traffic behavior, as well as what to do if vulnerabilities are discovered. To put it another way, WAF’s policies are what allow it to protect web applications and servers from assaults.

How expensive is Insider Threat?

Proofpoint published a report on the costs and trends associated with negligent, compromised, and malicious insiders. Notably, impacted organizations spent an average of $15.4 million per year on overall insider threat remediation and took 85 days to control each incident.

According to the report, the frequency and costs associated with insider threats have increased dramatically over the last two years across all three insider threat categories, which include: careless or inattentive employees/contractors, illegal or malicious insiders, and cybercriminal credential theft.

EVP of cybersecurity strategy at Proofpoint, Ryan Kalember says, “Months of sustained remote and hybrid working leading up to “The Great Resignation” has resulted in an increased risk around insider threat incidents, as people leave organizations and take data with them.”

“In addition, organizational insiders, including employees, contractors, and third-party vendors, are an attractive attack vector for cybercriminals due to their far-reaching access to critical systems, data, and infrastructure. With people now the new perimeter, we recommend layered defenses, including a dedicated insider threat management solution and strong security awareness training, to provide the best protection against these types of risks.”

Managing Insider Threat in the era of Work From Home Policy

The COVID-19 pandemic forced organization to work remotely. By allowing employees to work remotely, they put themselves at greater risk of being exposed to insider threats. Staff could be distracted by personal online activities and mix them with work-related ones due to today’s global state of affairs. Because of this, tailored phishing campaigns and other cybercrime attacks are more effective. While working away from the office, employees are more likely to neglect cybersecurity protocols, exposing remote devices to cyber attacks. Working remotely increases the risk of being a target for cyber criminals because of the additional technical vulnerabilities it introduces, such as insecure network connections. However, security professionals must encounter threats or attacks from the insiders. Dissatisfied or angry staff members are exploiting the fact that many companies do not provide secure access to off-site networks. They are also taking advantage of their co-workers who may unknowingly cause damage.

New methods of prioritizing and reducing cyber risk are needed because of the insider threat phenomenon. A process improvement plan is needed for security teams to resolve deliberate or accidental misuse of resources. They should be equipped with better and specific solutions like insider threats to deal with threats and gain insight into attacks.

Malicious insider activity poses the following risks to firms:

Data loss or corruption — Insider activities can include making changes to or deleting confidential information. Trying to recover deleted or corrupted files can be time consuming and frustrating.

Financial loss — This includes costs for cleaning up after an attack like system upgrade and making restitution to those who were harmed like clients and vendors. The more damage an attack causes, the more money a company has to spend to fix the damage it causes.

Brand Image loss — Customers’ confidence in a firm will be disturbed if it fails to protect their data, and that trust is difficult to restore.

Employee Monitoring

As part of an insider threat risk mitigation program, companies should limit and control user access. Organisations should restrict and minimize access by only authorizing employees the level of privilege required for them to do their tasks. Likewise, businesses should reassess staff members’ access rights on a regular basis and remove access that are not required for staff to fulfil their work roles. 

Employee Access Restrictions and Control

It is important for companies to incorporate controls for restricting staff access and managing insider threat risks into their overall risk mitigation strategies. Businesses should restrict and minimize access by only authorizing staff members the access required for them to do their functions and carry out responsibilities. The implementation of the Zero-Trust model can benefit the organisation. Likewise, organisations should reassess staff members’ access rights on a frequent basis and remove any access that are not required for staff members to fulfil their work tasks.

Teleworking Policy

Businesses should begin by creating a proper teleworking policy that outlines network and data security issues. Developing a strong teleworking policy is an effective way to prevent insider threats, especially those that arise from negligence. It is essential for teleworking policies to include several key elements. Teleworking policy must tackle the problem of remote access. Employees working from home should be able to connect to business networks using company-owned systems as long as they follow remote access rules that define permitted BYOD practices like the use of multi-factor authentication (MFA) passwords.

Employee education and training

Staff members must be extensively trained and educated about using, organisational resources securely as part of their work. Staff members must also be equipped with knowledge of the latest cyberattack techniques, like phishing and social engineering. They should be taught the best practices to avoid cyberattacks.

To detect insider threats effectively, companies must have centralised security visibility and management to monitor their remote and distributed staff.  The crux of detecting an insider threat lies in the ability to clearly define “normal” in the new scenario of work from home policy. User behaviour analysis can help a company better mitigate insider threats and protect its key resources when used with zero-trust access.

Insider Threat Management – An Overview

An insider threat occurs when employees, vendors, or business associates who have access to an organization’s information, network, or premises use that access intentionally or unintentionally to compromise the security and perform malicious activities like theft, fraud and damaging systems.

Types of Insider Threats are –

  • Malicious Insider – A malicious insider is an employee who intentionally steals information for monetary or personal gain. Since they are very well acquainted with the company’s security policies and procedures, they have an advantage over other attackers.
  • Negligent Insider – Insiders do not want to put the company at risk, but they do so unintentionally by acting recklessly. An employee who does not adhere to IT security policies or make mistakes due to poor judgement. e.g., an administrator who does not install a security patch.
  • Compromised Insider – An employee whose computer is infected with malware is a typical example of a compromised insider. This usually occurs as a result of phishing scams or clicking on links that lead to malware downloads.

Some Key Features of Insider Threat Management Solutions are –

  • Privileged Access Management (PAM) – ITM solution determines who has access to systems and applications at any given time. PAM apps can do this by creating and deleting user identities. It employs password vaulting, encryption techniques and access control for mission-critical technologies and applications. For password and data sharing PAM uses encryption which is a secure way of communication and it prevents attackers from reading data. A compromised credential is at the heart of the majority of security breaches. As a result, Privileged Access Management (PAM) is an essential component of ITM (Insider Threat Management) solution.
  • User Activity Monitoring with Big Data Analysis – Security threats have increased and become more complex as work-from-home and remote-work activities have expanded. As a result of remote work, security priorities have shifted, and security protocols have been changed. Insider security management tools create models of user behaviour and assign risk scores. Creating behavioural baselines based on various factors like timing of activity, data accessed and actively learning what is acceptable behaviour is the most effective way to detect insider threats without producing a large number of false-positive warnings. To detect privilege misuse, sophisticated machine learning models and data science is used to track and analyse vast quantities of data from a variety of sources. This helps in the detection of multiple attacks spanning multiple alarms, allowing for rapid detection and response.
  • Investigation and Threat Mitigation – In case an intruder breaches the perimeter and gains access to the organization’s network, security teams can search for multiple compromised credentials or abuse indicators to confirm the threat. ITM’s machine learning is used by security teams to generate security-relevant signals. These techniques will help in visibility and detailed forensic analysis.

A successful Insider Threat Management solution requires an understanding of what organization values and what could potentially harm or threaten those assets. A complete understanding of an organization’s assets allows for proper coordination and risk management. A tried-and-true ITM solution starts with figuring out where an organization’s properties are kept and who has access to them. This allows for a more comprehensive classification of each asset’s risk and the implementation of risk-based mitigation strategies.