05 January 2018

New powerful microarchitectural attacks threaten all modern CPUs


Georg T. Becker, Senior Researcher at ESMT

Two new attacks Meltdown and Spectre have been announced that can be seen as a new class of attacks that make use of so called microarchitectural features in modern CPUs. What makes these attacks special is that they do not exploit a bug in software, but exploit how modern CPUs operate and have been operating for many years.

The complexity of modern processor has been ever increasing to a degree that it is extremely hard for a developer to understand how and in what order instructions are executed on the CPU. Techniques such as out-of-order execution, branch predictions and multiple levels of caches have been integrated in modern CPUs for many years and have been constantly refined.  This resulted to great improvements in computation speeds. That this speed optimization can also cause security issues has also been known. For example, implementing cryptographic algorithms on modern CPUs that do not leak sensitive data over so-called timing side-channels has been a major challenge for years. Several academic papers also showed that microarchitectural features such as shared caches can lead to significant data leakages between different processes running on the same CPU or even on multiple CPUs (see e.g. CSAW07, usenix14, or SP15).

Read more

19 December 2017

The year in cyber security


Alexander Goller, Operations Director at _cyel

We are nearing the end of 2017 and a lot has happened in cyber security. One fact is that people have accepted cyber security and the connected risks as something that will naturally happen. We will see if this will lead to more consolidated efforts in strengthening your security posture or if people will get overwhelmed by the shear amount of attacks and risks they are being exposed to.

Quick facts about 2017

  • More than 530 publicly disclosed data breaches (source) with Equifax being one of the biggest breaches (143 000 000 records)
  • Ransomware strikes back, including WannaCry, Petya, Bad Rabbit. The damage is up 15x in two years as global damages are expected to exceed $5 billion in 2017
  • New botnets and IoT botnets on the rise, for example Reaper
  • Breach data shows the new way of influencing votes and elections with two massive breaches exposing US voter data collected during campaigns

Read more

14 December 2017

Analogy between biology and IT Security: remaining hidden thanks to surface mutations


Leonore Lovis, Executive Assistant at _cyel

Biology and IT security share many mechanisms. One of them is the way and benefit to remain hidden from the outside world by modifying the entity’s external surface (“surface mutation”): a parasite will try not to be recognised by the immune system of the host it is invading, while in IT security an approach is to ensure that the network, devices and data to be protected remains invisible to an external observer. In the first case, hiding allows the parasite to spread in its host, while in the latter case, hiding protects from attacks, decreasing the attack surface. Of course, attackers use mutations as well to stay undiscovered by antivirus or malware protection and to evade firewalls and IDS systems.

Following infection by a parasite, the immune system of the infected organism (the “host”) develops antibodies specific to some molecules of the parasite to which the host is exposed. Thanks to these antibodies, the host can identify the presence of the parasite in its body, and fight against it. In the case of parasites living inside the body of organisms, the antibodies often target proteins of the external membrane of the parasite.

Read more

07 December 2017

IBM builds a 50 qubit quantum computer - is this the end of RSA?


Georg T. Becker, Senior Researcher at ESMT

IBM announced in November that it has successfully build a 50 qubit quantum computer. IBM also announced a 20 qubit quantum computer that will be available for clients to use and experiment on. This is quite a leap forward from the 17 qubits systems currently available and highlights the big improvements currently happening in this area.

Quantum computers work completely different than traditional computers. Instead of working on bits that can be either 0 or 1, quantum computer work on qubits that can have a so called superposition which contains significantly more information than a simple bit. With the “strange workings of quantum mechanics” a quantum computer can use this significant amount of information within a qubit to run specific algorithms such as Shor’s algorithm that can solve some problems exponentially faster than a conventional computer.

Read more

04 December 2017

Next generation fighter for the Swiss air force


Gerd Broszeit, Sales Director at _cyel

The current capabilities of the Swiss Air Force will come to the end of their useful life, according to the head of the Federal Department of Defence, Guy Parmelin. When it comes to fighter jets, the 30 F/A-18s can still be used until 2030, while the 53 F-5 Tiger fighter aircraft are already no longer suitable for operations.

In consequence, the Swiss Federal Council wants to buy new fighter jets and ground-based air defence systems for the Swiss Air Force with total costs of 8 billion Swiss Francs. The Swiss Federal Council has not discussed the number or model of the aircraft, but one of the possible candidates will be a fifth-generation multirole combat aircraft from the United States.

Read more

23 November 2017

Impressions on RSA Conference in Abu Dhabi 2017


Toni Ala-Mutka, Product Director at _cyel

_cyel made it to the RSA Conference Abu Dhabi 2017 as a Silver Sponsor. The atmosphere in Abu Dhabi was amazing, and we had a great, very central booth at the conference. After a successful start last year we were able to showcase our progress with _equilibrium in the UAE.

We engaged in many enriching conversations, and gathered opinions from local companies and customers about how they see today's threats and how they try to counterbalance newly evolving and emerging threats.

Read more

20 November 2017

A database of state sponsored attacks



Alexander Goller, Operations Director at _cyel

Before Stuxnet,  the release of Edward Snowdens NSA files and the publication of the NSA toolset released by the Shadow Brokers the security scene was rumoring and suspecting states to sponsor cyber attacks and doing tailored operations against states and enterprises.

After the release of the NSA files everyone was shocked by the amount of work put into cyber attacks and surveillance and the evidence that our wildest imaginations actually have been exceeded by the reality.

Read more

16 November 2017

cyel awarded Best Swiss Network Security Solution 2017 by GDS

GDS has announced the Winners !

_cyel is a Swiss company delivering provable network security through software-defined networks that are fully compatible with legacy infrastructure. CEO Jaume Ayerbe tells us more about the firm and its recent success.

Cybersecurity today is essentially a game of cat and mouse: the attackers are always a step ahead of the defenders. _cyel was formed to rebalance this asymmetric competition. The firm’s awarded network security solution, _equilibrium, delivers on that promise. Despite being pretty young as a company, _cyel comes with an experienced team in all critical functions; plus, its extended team reaches out to all the key geographies. Jaume explains what is affecting the industry at the moment and how the company works hard to solve these difficulties.

Read more

13 November 2017

Analogy between biology and IT Security: life cycle of viruses



Leonore Lovis, Executive Assistant at _cyel

Viruses, whether considered from a biological or an IT perspective, play an important role in our daily lives. They share many characteristics, and among them, their life cycle.

In a biological context, viruses are entities composed of a genome in a protein shell (capsid) surrounded, in some types of viruses, by a membrane. They need to penetrate a living cell (hosting cell) to be able to replicate. Computer viruses, as other types of malware, need to insert their own code in other computer program in order to replicate and execute themselves.

As we already see here, both types of viruses cannot replicate in an autonomous manner. Therefore, the first challenge of viruses is to reach their hosting organism, or hosting IT system. Hence, a successful infection mechanism is key to their success.

Read more

25 October 2017

How #badrabbit reminds us to stay alert on ransomware


Alexander Goller, Operations Director at _cyel

Another month, another ransomware attack it seems. Reports go out that a new variant of a well known Ransomware is out and spreads via drive-by downloads. The ransomware is labeled BadRabbit and asks to install an update to Adobe Flash Player that then drops a file (seemingly this is a Win32/Filecoder variant).

After that your computer is locked and the usual bitcoin ransom is being asked for.

Read more

07-08 November 2017

up-coming RSA Conference in Abu Dhabi

_cyel is eager to return to the RSA Conference in Abu Dhabi, the leading information security event in the Gulf region, to meet with new customers. This year, we will be joined by SBA, our local partner.

It has been almost a year since we last met at the Emirates Palace during the RSA Conference 2016. This year we will be Platinum Sponsor once again, and we would be pleased to see you again.

Read more

05 October 2017

cyel at Telefonica's Security Innovation Day 2017


Jaume Ayerbe, Chief Executive Officer at _cyel

Our CEO, Jaume Ayerbe, will be a guest speaker at the fifth edition of the Security Innovation Day 2017 organised by ElevenPaths, the cybersecurity unit of Telefonica. Keynotes will be presented by Mikko Hyppönen, Chief Research Officer at F-Secure, and Chema Alonso, Chief Data Officer at Telefonica.

Our company will have the opportunity to introduce our ground-breaking innovation, _equilibrium, a network security solution that rebalances the equation between defenders and attackers reversing the odds.

Read more

10-18 August 2017

Proof of Concept in Singapore



Jaume Ayerbe, Chief Executive Officer at _cyel

In August, _cyel was in Singapore to run a Proof of Concept for a major Telecommunication company. The PoC set-up allowed to experience how the technologies used in our product, _equilibrium, operate to secure an entire network.

Through a Software Defined Network implementation, we are able to define Smart Zones independent of network constraints, like IP addresses or VLANs, to reflect on Business Risks and to flexibly adapt on the fly to changing requirements, making our moving target security solution unique. Giving customers an edge to rebalance the game against ransomware and other threats.

Read more

23 May 2017

Executive Breakfast in Bogota



Jaume Ayerbe, Chief Executive Officer at _cyel

In partnership with Olimpia IT and our parent company Dreamlab Technologies, _cyel had the opportunity of addressing a number of executives gathered to learn about the latest trends in cybersecurity.

The breakfast was hosted by Daniel Medina Salcedo, General Manager of Olimpia IT, a company of the Colpatria group. He introduced Fabien Spychiger, Regional Director of Dreamlab Technologies for Latin America.

Read more

24-26 April 2017

_Security Insight Summit

Over the course of two days our executive team had the privilege to exchange thoughts with CISOs from top European organisations. From Governments, to Financial Institutions or Manufacturing entities all share the growing concern over cybersecurity.

Over the course of two days our executive team had the privilege to exchange thoughts with CISOs from top European organisations. From Governments, to Financial Institutions or Manufacturing entities all share the growing concern over cybersecurity.

Read more

19-23 February 2017

_IDEX Conference Abu Dhabi

_cyel had the privilege to be an exhibitor at the 2017 edition of the IDEX Conference, which unites Defence Ministers, Chiefs of Staff, senior commanders from the Armed Forces, government officials, senior decision makers and other commanding officers from international militaries. _cyel took part at the show as a guest of our parent company Rheinmetall AG of Germany.

Read more

13-17 February 2017

_RSA Conference San Francisco

In February 2017, _cyel was proud to be part of the RSA Conference held in San Francisco, the word largest cybersecurity event, which welcomed over 43,000 attendees this year!

This was a great opportunity to introduce our product, _equilibrium, to the US market. We enjoyed meeting with a wide range of US-based customers, but also with delegates from Europe and other regions all around the world.

Read more

15-16 November 2016

_RSA Conference Abu Dhabi

_cyel was a proud sponsor of the RSA Conference Abu Dhabi 2016, held at the Emirates Palace in UAE. We felt very welcomed in our very first show and would like to extend a thank you message to the organising team.

Over the course of the conference we had the opportunity to connect with many of the delegates to the event, certainly bringing a paradigm shift to the busy market of cybersecurity is not easy, but then the Gulf region is under major cybersecurity pressure; as reported by the Ponemon Institute [1], the region has the largest average number of records lost or stolen (30% above global average).

Read more