CyberX provides complete visibility into the OT network along with real-time detection and alerts of operational incidents, cyberthreats, and system tampering. The platform minimizes disruption to operations and downtime.The company’s flagship platform, XSense, seamlessly connects to an existing OT network. It provides instant results by collecting data from across the OT environment, utilizing big data and machine learning to optimize the detection of operational behaviors.
Section 52 has developed an automated threat extraction platform that uses machine learning to identify malware and APT campaigns targeting industrial and critical infrastructure organizations. Named Ganymede, the platform continuously ingests massive amounts of data from a range of open and closed sources to deliver the most robust, data-driven analysis possible.
Machine learning and statistical models are used to assign risk scores to specific entities such as files. The risk scores are calculated by machine learning trained on datasets consisting of hundreds of thousands of known good and bad samples. Section 52 threat analysts are used in the final phase to review and correlate the results based on their extensive field experience.
Additionally, suspicious executables are detonated in CyberX’s IoT/ICS Malware Sandbox. Unique in the industry because of its focus on IoT/ICS-focused malware, the CyberX sandbox is a virtualized IoT/ICS environment that analyzes malware activity — using machine learning combined with static and dynamic analysis capabilities — to detect malware access to IoT/ICS-specific objects (processes, libraries, DLLs, ports, etc.). The sandbox then generates a collection of IoCs and representative screenshots of the malware in operation.