Outwit to woo: how CyberOwl is winning investment and new business by staying ahead of threat actors //02.09.19
We spoke to Daniel Ng, CEO of LORCA graduate CyberOwl, about how predictive analytics can be used in a cyber-physical scenario, why industry is so desperate for innovators to collaborate – and what he’s got against being labelled an AI company.
It’s difficult to be in the business of predicting things these days, says Daniel Ng, CEO of CyberOwl – a LORCA member that’s developed a platform that draws on predictive analytics. “In the context of cybersecurity where you’ve got uncertainty, what you need is information to help you decide how you’ll act,” he says. “Imagine you’re a warship and your adversary has just launched a missile: to be accurately predictive you need information about the missile’s trajectory. But predictive analytics – combined with threat prioritisation – helps you decide what course of action is best, whether it’s taking cover or launching a counter-attack.”
The company’s technology is particularly valuable in the context of large-scale critical national infrastructure that’s becoming connected to the internet – something Ng says is creating a “tripple whammy” of security issues. “First, you’ve got to maintain important services like water and energy supplies and avoid disruption. Second, you’ve got the safety aspect of a potential attack. Thirdly, there’s the question of integrity: we’re connecting private and personal data with critical national infrastructure systems. Traditional corporate IT companies are used to dealing with integrity issues, but not availability and safety too.”
What’s more, many of the systems that are becoming connected as part of our industrial Internet of Things weren’t designed for today’s threat landscape and so need to rely on having an added security layer strapped on to stay protected. “There’s a growing understanding of the threat, but legacy is difficult,” says Ng. “I would hazard a guess that 99% of all devices that keep organisations in the critical infrastructure space running are legacy ones. We’re now connecting things like substations in the middle of nowhere that weren’t designed to be connected and haven’t been touched in 15 years – it’s a big problem.”
Making data-driven decisions
Thankfully CyberOwl’s on the case. Using predictive analytics, the company’s Medulla platform promises to help companies “know which fires to put out first”. “Our mission is to get people to move to a more proactive cyber position,” explains Ng. “We don’t think you should wait for that attack to complete and your loss to kick in before you spring into action. Be predictive, take action earlier.”
But to be able to act sooner, you have to have the right information. CyberOwl helps its clients make a call on what assets, devices and systems to pay attention to, as well as detect and prioritise threats early. Rather than alerting you to an in-progress attack or simply supplying a mammoth security snapshot of all your exploitable vulnerabilities, Medulla tells you where the biggest and most significant risk lies and where in your network a threat is escalating. Ng shared an example of where this might be useful: “For something like a large electricity utility, where there are over 50,000 cyber security events that take place in a day, you need to decide which of those to act on. That’s what we offer, and to my knowledge there’s no similar predictive cybersecurity tool on the market quite like ours.”
CyberOwl is not an AI company. Repeat: CyberOwl is not an AI company.
The company’s able to do this by drawing on machine learning, although Ng doesn’t class CyberOwl as an AI company – however much the term might catch the attention of investors. In fact, he’s a man on a mission to ensure cybersecurity solutions are described more accurately – rather than relying on the latest buzzwords. “AI and machine learning are the two most confused and misunderstood terms,” he says. They are overused to the point where they’re becoming meaningless and I don’t think it’s helping the industry to just bandy these terms around. Maybe some companies use it to be attractive to investors, but I don’t care – what’s most important is that we make it crystal clear to our customers what we do and how we can help them. I don’t want to mislead anyone.”
Thankfully, his strong stance hasn’t hurt CyberOwl’s ability to woo investors or clients. In January the company announced that it had secured a contract with the Ministry of Defence (MOD) and, just a month later, revealed that it had closed a £1m funding round.
The MOD win was borne out of CyberOwl’s participation in LORCA, where it connected with Deloitte (LORCA’s delivery partner) and drew on the team’s extensive experience in the defence sector to explore how its technology could be applied in a new context. And when a procurement opportunity with the MOD popped up, both companies teamed up to respond together. “We knew what capability we could create from our existing tech, while Deloitte had a sense for what the customer might be looking for,” Ng explains. “We were also able to bring Deloitte’s malware profiling expertise into our systems and customise our solution for the MOD’s requirements.”
Connect and collaborate
And it’s exactly this appetite for collaboration and a willingness to admit where your cyber business is lacking that Ng believes the industry needs in large doses. “In the cyber sector you often see waves of innovation themes – in 2018 it was all about cloud security, then you started to hear more about human-centric security and industrial systems security. But so many of the solutions that emerge with each wave never live on or get adopted by the market because we have a selfish way of innovating.”
“I DON’T THINK SECURITY CUSTOMERS CAN BEAR YET ANOTHER PIECE OF TECHNOLOGY”
Ng sees startups racing each other to the market and making it ever more saturated with products – and he notes that this is especially pronounced in the UK where the pool of buyers and investors is smaller than in cyber hotspots like the US. However, it’s the buyers that are crying ‘slow down’. “I don’t think security customers can bear yet another piece of technology,” he says. “You’ve got security teams of five or six people having to manage as many as 70 technology solutions – it’s mad. One executive recently told me he gets around 250 vendor emails in a day and has stopped looking at them. How can a cyber company survive and grow in this context?”
According to Ng and many of the industry representatives LORCA speaks to, collaboration is the answer. Cyber innovators need to shake off their fear of not getting their sliver of the pie and get serious about joining forces and even adapting their business model or core products to solve a customer’s need. “That’s what LORCA enables – it’s a really good platform for the sort of collaboration we need,” Ng says. “With the MOD, they wanted a joined-up capability and we were able to offer that by working with Deloitte. We’ve also worked closely with fellow cohort members on other areas like PR and marketing. Some of us meet up to talk about upcoming events or share what companies we’re targeting – there’s a spirit of working together rather than competing against each other.”