Determinacy of threats is the most important obstacle to growth for the cybersecurity industry. The proportion of false positives and false negatives has raised to unprecedented levels. This state of the art is principally grounded in the normative nature of anomaly detection that most software runs. Normative approaches tend to lead to false negatives because they cannot detect threats that have not been previously identified, and the rate of new threats is dangerously outpacing the speed of updating global knowledge of threats. Most intrusion detection systems are based on normative knowledge of “bad behavior” (signatures). But for each discovered “bad behavior”, dozens of variants are created within a day: the industry is entangled in an updating spiral, which cannot match the rate of malware generation.
Most systems would eventually display unexpected behaviors. Some incongruities are healthy, and some incongruities are unhealthy. A system that requires a high level of agility (disaster zone, battlefield, emergency responses) is likely to trigger a high level of alerts. In practice, commanders quickly come to the conclusion that they need to discard these early alerts, as most of them are false positives. This is one of the main reasons why command & control platforms (C4I2) are hard sellers. Initial knowledge is hard to build, and by the time it is appropriately built and operational, the crisis is often over. Emergency response commanders have learned the trick, and prefer to rely on voice, which is less prone to false positives than computer-based coordination when faced with a high variance of environmental conditions.
Akheros measures the relative value of incongruities. In other words, within a very turbulent environment (or unexpected), Akheros will measure the velocity and relative intensity of change on each node. This relative intensity of incongruity can be measured against a population of end-points that display incongruous behaviors. It means that the “most incongruous” behavior will always be detected, even in the midst of chaos and disorganization. This is a core advantage compared to other technologies. Akheros can neutralize the backdrop of a high mobility context. Akheros algorithms respect singularity for its own value. A singular environment would not trigger this excessive amount of false positives, which tend to lower the awareness of network administrators or incident command officers. This core algorithm is patented since 2003. Its applications include M2M communications, and C4I2 applications.