A new firm offering a cyber security solution unlike anything we’ve seen before launched in South Africa today.
The firm’s name is Snode and its claim to fame is a piece of software that monitors a network looking for malicious traffic, intrusions and other cyber threats and. On the surface, Snode – the name of the firm and its software – appears to be another firewall product but after attending a fairly length launch earlier this morning we can confirm that Snode is not a firewall, but rather something more advanced.
The software uses machine learning and mathematical algorithms to alert businesses to possible threats on its network. What sets Snode apart from a standard firewall is that it is constantly looking for patterns in behaviour. For instance: if an employee starts accessing a folder on a file server that they’ve never accessed before, and they begin to pull down large amounts of data, a regular firewall might not flag that as a potential risk.
But Snode would.
This is because software such as a firewall looks at potential risks in a vacuum, but Snode is constantly looking for patterns in the data it receives whether it be from a user or an attacker attempting to kick down the door.
As the firm points out, companies aren’t exactly plastering news of their latest hack on the front page of a newspaper. Instead, they try and keep cyber attacks secretive. This makes finding solutions particularly difficult because vital information that could prevent a similar attack on another company isn’t shared.
“Cyber criminals are constantly sharing the tools and weapons they use and defenders are hesitant to talk about hacks,” Snode chief executive officer, Nadir Khamissa says. “Defenders have to juggle so many plates and constantly make sure they’re using the right techniques to fend off attacks. Attackers only need to succeed once, defenders have to successfully defend constantly.”
Snode addresses this problem by sharing the information it gleens from other attacks and using what it has learned to warn the right people before its too late.
As Snode founder, Nithen Naidoo explains “Traditional signature based protocols look at data in isolation. Threat intelligence helps but is retroactive, signature based protocols are reactive, Snode is proactive.”
During today’s launch Naidoo showed us the difference between a firewall and their software. Naidoo started off by triggering a scan of a network using Nessus. The Nessus software, as Naidoo explains it, is designed to look for all the weak points on a network that an attacker might exploit. Snode immediately picked up that an IP address was scanning ports, the firewall sent out no alerts.
Once the scan was complete Naidoo began a brute-force attack on the network. As you may know a brute-force attack constantly tries to “guess” a username and password combination until it gets it right. Snode immediately picked up Naidoo’s attack and even provided the number of guesses the brute-force programme had made. The firewall , again, detected nothing wrong on the network.
“We are not saying you don’t need a firewall,” explains Naidoo. “A firewall is often unable to differentiate between a malicious login attempt and a real one, Snode provides that context.”
All of this information is delivered to users in a very clean and easy to use dashboard. Where reports are often comprised of jargon entwined in more jargon, Snode presents its findings in plain English so that anybody can understand where the problems are.
Snode admits that no service is hack-proof but Naidoo assures us that the data it shares within its ecosystem is encrypted.
Naidoo also tells us that this software has been developed and battle tested for the last seven years and the firm seems confident in its product. Time, however, will be the great decider on whether it will be effective. But, truth be told, its an interesting approach to cyber security that we have not yet seen. And who knows, in the coming years we might be singing the praises of a small firm from South Africa that helped hundred’s of blue-chip firms prevent intrusions on their networks.