Defenders are drowning in security alerts. Cisco reports an average SOC ignores nearly 50% of the security events. These are generally uncertain and fragmented; often the signals are too early to act on. The scale of the problem will worsen with ever-expanding "internet of everything" networks and increasingly slow-moving attacks. Data is increasingly disparate and from sources beyond the control of the defender. However, amongst the noise is a rich source of information. Defenders recognising the need to take proactive strategies know they cannot afford to ignore these events. The cost of breach is too high to take late action. But human resource cannot sustainably grow at the same rate as data growth. Organisations need support with the heavy lifting of memory and reasoning, so they can reserve human cognitive capacity for strategic decision-making.CyberOwl overcomes these challenges with an early warning system. Our software uses a probabilistic framework to systematically aggregate uncertain and disparate security events to provide real-time visibility of threats to every asset, as the attack progresses. This approach is specifically designed to deal with extreme scale by reducing the processing overheads of detection. It provides a risk-based framework for cyber security teams to manage threat risk in line with their security posture and resources. Critically, this provides actionable intelligence so the defender knows exactly which fire to put out when.The technology was shortlisted for the Lloyd's Science of Risk Prize 2015. CyberOwl was selected into the first cohort of the GCHQ Cyber Accelerator Programme.CyberOwl is developing its minimum viable product and is looking for strategic industry Design Partners for validation, verification and further development. The ideal Design Partner would provide access to real-world security problems in a large network, high-volume data environment.

Solution Category
Cyber Security