CyAmast, an IoT security spinout company from UNSW, has scored $1.3m funding from IP Group.
Dr Hassan Habibi and his research team from UNSW’s School of Electrical Engineering and Telecommunications founded CyAmast in May 2020 to commercialise software that is claimed to protect large networks of IoT devices from cyber-attacks in a scalable, cost-effective way.
According to UNSW, “CyAmast software continuously monitors network traffic and intelligently detects deviations from intended IoT behaviours. … Using CyAmast solutions, customers can identify, detect and classify all IoT devices on their network, profile and model their behaviour, and detect and quarantine any deviation from what’s expected.”
Habibi said CyAmast’s solution was far more flexible, scalable and cost-effective than traditional approaches to determining attacks on IoT systems, which inspect individual packets of data to determine threat signatures and then blacklist them.
“Traditional methods of detecting malicious traffic are bundled, static, and inflexible, and thus do not suffice for the growing diversity of attacks on increasing numbers of insecure IoT devices,” he said.
“These attack-signature-based solutions are increasingly being defeated as they can’t keep up with the increasing percentage of network traffic that’s encrypted and therefore can’t be opened and inspected.
Security through behaviour monitoring
“They also have poor resilience to morphed attacks that can render known signatures useless. Inspecting individual packets can also be prohibitively expensive.
“Our technology develops a model of expected behaviours for each device, based on the manufacturer’s specifications. The model is enriched with our patented, real-time artificial intelligence-based algorithms, to check data flows against expected behaviours.”
IP Group managing director in Australia, Michael Molinari said CyAmast’s approach was ground-breaking.
“The use of IoT devices and sensors is growing exponentially, and as organisations’ networks expand, it’s increasingly difficult to track these assets and secure them. Dr Habibi and his team have developed technology that enables operators of smart environments – like enterprise campuses, commercial buildings, industrial facilities and airports – to rapidly identify every IoT device connected to their network and continuously monitor each one and ensure that it’s functioning normally,” he said.
Similar approaches?
However, CyAmast is not the only company claiming to implement IoT security by identifying normal behaviour and detecting aberrations.
As IoTAustralia reported recently, Nozomi Networks, which recently partnered with Australian cyber security specialist Cyber Partners, claims a similar approach.
Nozomi Networks’ chief product officer and founder Andrea Carcano told IoTAustralia earlier this year that the company’s technology scanned customers’ networks to find connected devices, discover how they operate and then identify any abnormal behaviour, without needing any prior information on devices.
In 2017, Corey Bodzin, VP product operations, for Tenable Network Security told IoTAustralia that Tenable’s Nessus Network Monitor and Tenable.io platform relied on monitoring traffic to and from devices and used its stored information on a very wide range of devices in order to identify devices and detect abnormal behaviour.
