As the founder of RazorSecure, I want to share something a little different with you today. I am often told that we should keep our technology and techniques secret, but I firmly believe that we are made better by sharing openly. I was fortunate enough to spend the formative part of my career working in the Nordics, where people are encouraged to share openly and directly in business. Transparency is a key value in our company, so today I will share with you some of the secret sauce behind RazorSecure, our technology principles.
From the biggest Fortune 500 companies to the small businesses you interact with everyday, no industry is 100% safe from cybersecurity risk. Many organisations feel overwhelmed by the potential threats, despite knowing the risks, and become concerned that there isn't anything they can do to stay in control. Much like technology, the threats are constantly evolving, and becoming harder to detect amongst copious false positive alerts.
At its core when I first developed our technology principles, I was setting out to solve two key challenges in cyber security. These challenges were the amount of time it takes to detect a breach and the number of false positives that cybersecurity software generates. These same challenges exist in cyber security today, particularly in the rail industry where our customers operate within unique network environments and conditions.
From the day I founded RazorSecure, these principles have guided our technology strategy and remain at the heart of our behavioural anomaly detection approach which helps us detect the ‘needle in the haystack’ threats quickly before they become critical.
Our principles are the guiding light behind our technology. We are proud to share them openly because they are part of our identity as a company, we own them and embrace them daily. They drive the strategy behind the products we deliver to our partners and customers.
#1 - We use machine learning and treat each system as an individual
Every system we protect is unique in its own way, so in order to protect them we have to acknowledge that and treat them as unique systems. They are similar, but with small differences.
#2 - We focus on “what is normal” for the system we are protecting
By embracing the uniqueness of systems, we can focus on detecting the key differences. This is the “delta” between systems, and in this “delta” we can detect attacks without any prior knowledge.
“What is normal” is the best information we have available about a system. When we look across the sectors that RazorSecure works in (including rail, aviation and critical infrastructure), we see the same patterns again and again, consistent behaviour that can be monitored over a long period of time.
This approach remains effective for the life of the asset, and is a key strength in our product.
#3 - We automatically configure where possible
Many cybersecurity products rely on detailed configuration, the maintenance of that configuration can be as difficult as deploying the systems that are being protected. So where possible our software will automatically detect, identify and configure the monitors for a system.
#4 - Machine learning must give meaningful outputs
Why did your machine learning model say that the system had been hacked? Because this output is 0.8 instead of 0.81.
That isn’t helpful in the real world, so we focus on giving meaningful outputs to any of our machine learning models. If the system’s health is low, then we will tell you why. If something has changed, we will tell you what.
#5 - We develop software that must be light touch for low powered systems
We want to ensure that our software is deployable in a wide range of scenarios through our flexible, hybrid approach to security. Our Delta software is able to be integrated into customer hardware (large and small).
To date we have integrated into custom linux distributions, archaic hardware platforms and very low powered processors. We are always looking to reduce our footprint and improve our performance for these systems.
#6 - We strive to reduce false positives to zero
False positives were a key goal when I started the company, and they remain a principle that we aim for constantly. We always try to ensure that every alert is based on a real change or a real incident that has happened to the system that is not ordinary behaviour.
False positives lead to unexpected cost and significantly increases the TCO of any cyber security solution. I built the first version of RazorSecure because off-the-shelf software I deployed generated hundreds of thousands of alerts a day, it was unmanageable.
Our technology principles becoming reality
While the rail industry’s comprehension of cybersecurity may of been astray when RazorSecure started writing our first lines of code in 2014, the increased introduction of regulations such as the NIS directive into law has helped shine an increasing spotlight on the technology principles we have been championing and providing our customers.
We continue to be enthusiastic about maintaining an open conversation about cybersecurity that is helping support the rail industry, and we hope to continue providing the tools and support so our customers can secure their rail systems in a digital age of new risks. Most recently we announced that in a collaboration project with Icomera to provide secure Wi-Fi to Northern Trains, we applied our technology principles to provide protection to more than 10 million passenger journeys.