Viewing posts from the Uncategorized category

Xanadata’s Typhon ATD named as a Finalist in the Computing Big Data Excellence Awards 2018

The Big Data Excellence Awards celebrate the top performers working at the forefront of data, analytics, the Internet of Things and Big Data.

Named in the Outstanding Data Analytics Solution Category for its work with the County Durham and Darlington Federation NHS Trust, Typhon has been recognised for its outstanding performance in the extraction of actionable intelligence from the Trust’s Terabytes of historic security log data.

The project, part of strategic review of CDDFT’s network security controls, policies and procedures provided a detailed base-line status report in just a few hours including evidence of previously undetected instances of compromise that required immediate, decisive action to prevent a potential data breach and operational disruptions.

CDDFT, Security Manager Tony McGivern commented

“One reason we were excited about Xanadata’s product moving forward is we use and leverage information and intelligence outside of one vendor and integrate with thousands of intelligence agents,” he said. “We are very happy with our vendors and have global threat intelligence and coupling that with a neighbouring organisation and going through the Xanadata suite gives us full confidence that we would have picked it up.”

The winners will be announced at an awards dinner in London on 15th May.

More Security Industry Recognition for Xanadata

Xanadata has added Computing’s Security Excellence Awards 2017 to its growing list of security industry recognitions. Named among the finalists for this year’s Data Security Product Award this is the third time this year that Xanadata’s Typhon Accelerated Threat Detection platform has been named as finalist for a major industry award. With inclusion in the SC and UKIT Awards listing already announced this latest short listing is adding to the growing reputation of Xanadata as a leader in the  next generation of machine learning based threat analytics technology.

Xanadata KPMG Innovation Community listing boosts global awareness

Xanadata’s big data analytics platform has been chosen as the latest technology to be added to the Leading Edge Only (LEO), KPMG Innovation Community. LEO aims to bridge the gap between innovators and major corporates via its Global Innovation Marketplace. This is a dynamic online platform that showcases the latest technologies and products to a diverse array of large enterprises and other organisations seeking innovative solutions

The KPMG Innovation Community’s role is to help raise the profile of the Xanadata’s solution and increase brand awareness, ultimately driving new business opportunities from its global client base.

NHS Trusts Invited to Learn From North East Cooperative Peer Project

UCS Seminar provides NHS Trusts with an opportunity to learn how to enhance the effectiveness of their network security controls

6th September 2017, Oxford, UK.  Unipart Cyber Security (UCS) has announced a special event for NHS IT teams at which there will be an opportunity to learn how several North East Trusts are combining resources to help to enhance the effectiveness of their network security controls. This free event on Friday 29th September is being held at The Village Hotel, 10 Silver Link North, Newcastle Upon Tyne. NE27 0BY starting at 9:00am and is open to all NHS CISOs and IT managers.

UCS, part of the Unipart Group of manufacturing and logistics companies, is a leading IT security consultancy. The company works with large enterprises and public-sector organisations providing a range of specialist services designed to protect corporate data and IT systems and to maintain compliance with the latest security regulations.

The event will focus on the work that UCS has been doing with the County Durham and Darlington Foundation Trust (CDDFT) as part of a strategic review of its security controls, policies and procedures. As well as carrying out an in-depth analysis of the effectiveness of the CDDFT’s security infrastructure, the project has resulted in closer cooperation with neighbouring Trusts and the deployment of a shared threat detection platform that monitors and analyses all security sensor log files generated from each of the consortium members’ networks.

Based on custom silicon with compute power equivalent to a 2000 Hadoop cluster the technology, developed by UK big-data analytics start up, Xanadata, analyses log data against thousands of known threat signatures in parallel, extracting actionable intelligence on the overall security status of the network at a rate of up to 8TB per hour.

 As well as identifying undetected incidences of compromise, including data breaches and ATP attacks that may have been missed by existing network sensors and controls, using advanced machine learning techniques the system can also detect evidence of previously unknown, zero-day, attacks before they are added to the global threat lists.

By extending the service to include data from neighbouring Trusts it gives the individual network managers a wider perspective on the overall threat landscape and access to actionable intelligence in virtually real time, helping to ensure security controls are fully maintained in line with the latest threat information and to prevent a repeat of a Wannacry type attack spreading across the entire NHS infrastructure.

Attendees at the event will hear from CDDFT’s IT manager, Tony McGivern and UCS’s CISO, Paul Heffernan and also have any opportunity to see a demonstration of the technology from Xanadata’s founder and CEO, Richard Benson.

Anyone wishing to attend should contact Johnty Mongan by email at johnty.mongan@unipart.com or by calling +44(0)1865 384750.

2017 UKIT Industry Awards – Security Innovation Finalists Announced

The 2017 UKIT Industry Awards’  shortlist has been announced with Xandata’s Typhon technology listed as a finalist in the Security Innovation category. The awards focus on the contribution of individuals, projects, organisations and technologies that have excelled in the use, development and deployment of IT in the past 12 months.

We are in a very busy sector and up against stiff competition from some of the established leaders in the security analytics and forensics world, so to make the shortlist is itself a huge honour. Next step is a face to face presentation with the judging panel to select the ultimate winner. Quite a task but we are quietly confident that we can win them over with our unparalleled processing speed, breadth of threat detection and our unique augmented intelligence data visualisation capability.

Following our success in the SC Awards earlier in the summer this is great validation for the Xanadata technology and a recognition of our growing reputation as an effective threat detection solution for complex network environments.

We will keep you posted –  look out for us on the winners’ podium on the 18th November

GDPR – Why Should I Care?

GDPR why should I care?

The General Data Protection Regulation (GDPR) is a regulation that intends to strengthen and unify data protection for individuals within the European Union (EU). It also addresses the export of personal data outside the EU. The primary objectives of the GDPR are to give citizens back control of their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. GDPR applies from 25 May 2018, it does not require any enabling legislation to be passed by national governments.

The bit to worry about, GDPR establishes a tiered approach to penalties for breaching the regulations. It enables fines for some infringements of up to 4% of annual worldwide turnover and EUR20 million (e.g. breach of requirements relating to international transfers or the basic principles for processing, such as conditions for consent). Other specified infringements would attract a fine of up to the higher of 2% of annual worldwide turnover and EUR10 million.

So does it impact on me?

Expanded territorial reach – The GDPR applies to those inside the EU but catches data controllers and processors outside the EU whose processing activities relate to the offering of goods or services (even if its for free) to, or monitoring the behaviour (within the EU) of, EU data subjects. Many will need to appoint a representative in the EU.

The UK’s Information Commissioners Office have produced a checklist that highlights 12 steps you can take now to prepare for GDPR (https://ico.org.uk/media/1624219/preparing-for-the-gdpr-12-steps.pdf). It makes the following points:

  1. Awareness -You should make sure that decision makers and key people in your organisation are aware that the law is changing to the GDPR. They need to appreciate the impact this is likely to have.
  2. Information you hold -You should document what personal data you hold, where it came from and who you share it with. You may need to organise an information audit.
  3. Communicating privacy information – You should review your current privacy notices and put a plan in place for making any necessary changes in time for GDPR implementation.
  4. Individuals’ rights – You should check your procedures to ensure they cover all the rights individuals have, including how you would delete personal data or provide data electronically and in a commonly used format.
  5. Subject access requests – You should update your procedures and plan how you will handle requests within the new timescales and provide any additional information.
  6. Legal basis for processing personal data – You should look at the various types of data processing you carry out, identify your legal basis for carrying it out and document it.
  7. Consent – You should review how you are seeking, obtaining and recording consent and whether you need to make any changes.
  8. Children – You should start thinking now about putting systems in place to verify individuals’ ages and to gather parental or guardian consent for the data processing activity
  9. Data breaches – You should make sure you have the right procedures in place to detect, report and investigate a personal data breach.
  10. Data Protection by Design and Data Protection Impact Assessments – You should familiarise yourself now with the guidance the ICO has produced on Privacy Impact Assessments and work out how and when to implement them in your organisation.
  11. Data Protection Officers – You should designate a Data Protection Officer, if required, or someone to take responsibility for data protection compliance and assess where this role will sit within your organisation’s structure and governance arrangements.
  12. International – If your organisation operates internationally, you should determine which data protection supervisory authority you come under.

In summary – act now don’t wait until 25 May 2018!

Xanadata is a data analytics company, specialising in building systems that analyse data at extreme throughputs addressing markets such as cyber security, e-discovery and BI analytics. It develops and builds custom hardware and software to allow organisations to rapidly identify vulnerabilities, threats and risks caused by systems connecting to the Internet. Contact us to learn how our products and services can help you to solve how you can comply with the GDPR regulations, making sure you have the right procedures in place to detect, report and investigate a personal data breach.

Verizon Dark Reading

It was interesting to hear a recent presentation on the result of Verizon’s 10 years of research in to cyber breach reporting. Chris Novak of Verizon’s RISK team recently presented on “the real costs of a security breach”. He described how they had identified how 9 out of 10 breaches fit in to 9 basic patterns.

  • Point of Sale (PoS) intrusions
  • Payment card skimmers
  • Web-App attacks
  • Crimeware
  • Cyber espionage
  • DoS attacks
  • Insider misuse Physical theft and loss
  • Miscellaneous errors

He stated that the top impacts to a business are the legal and investigations costs post a breach, due to the impact of liability determinations. Regulated investigations are the most expensive. So it still stands that the cost of prevention greatly outweighs the cost of managing a breach. He spoke about their efforts to view the costs and the fact that they had to follow the tail, the impact, for years after the breach. Consideration was given to the cost of everything from the technical investigation, the requirement for legal counsel to customer care and external communications. He interestingly spoke about when Verizon go in to a company to assist post breach to speak about the long term remediation, messaging and introduction of future controls, many of the original staff involved had left the company for one reason or another. This is an unexpected impact of the negative way in which the staff involved are tainted following the incident.

It was also interesting to hear their assessment, from real world cases, of how quickly a threat actor took to compromise a victim, “the time to compromise is almost always days or less”. Comparing that in to how quickly the victim identifies the attack, he stated only 15-20% of companies identified the intrusion in “days or less”. The norm was months and up to 7 to 8 months in a lot of cases. It proves the need for proactive capabilities and preventative activity.

Verizon’s Data Breach Investigation Report is a great source of what is happening with online criminality and associated victims.

Xanadata is a data analytics company, specialising in building systems that analyse data at extreme throughputs addressing markets such as cyber security, e-discovery and BI analytics. It develops and builds custom hardware and software to allow organisations to rapidly identify vulnerabilities, threats and risks caused by systems connecting to the Internet.



I was listening again this week to the Down the Rabbit Hole weekly podcast . There have been a couple of recurring themes of late; leaders in the technology world and skills shortages. I have no doubt they are connected subjects. IT is no longer a supporting function but a core part of any organisation, there are very few companies that could continue to operate without Internet connectivity and networked computers.

Why do we need great leaders in technology and cyber security? As a community if we don’t we will not have a voice in the boardroom and we will not develop from where we currently are. We won’t be able to influence change or deal with cyber security issues strategically through long-term objectives and planning. It also means we will not be able to ensure that continuity planning is covered for the areas that are important to us, such as spotting, developing and encouraging young talent. Getting them to consider cyber security as a great career choice.

As a leader, whether you are a CISO, manager, team lead, or aspire to be leader in the future, you also act as a figurehead, somebody others can look up to and aspire to be. A point, brought out in the podcast, is that a leader is not necessarily the most senior person or the individual with the most experience. It’s not someone who is a “technical expert with a team”. They are the kind of person that attract bright people and inspire others. The person they spoke about on the podcast was Richard Branson, a person who has been successful in a number of industries.

Here are some of the points that immediately came to mind when I thought of what a leader is, this was gained through my experience of 25 years in law enforcement:

  • Being a mentor to others (as well as ensuring being mentored yourself)
  • Making good decisions and where possible avoid bad ones, but being given and give others permission to fail, in order to encourage innovation and growth
  • Taking time to grow your knowledge, experience and capabilities, which applies to all not just a leader
  • Always accepting and seeking feedback (360 feedback works well)
  • Leading by example
  • Ensuring constant two way communication with your staff, your peers and seniors, including delivering the difficult messages directly
  • Actively listen to the other person, give them time to make their point and air their grievances
  • Be open and honest in order to build mutual trust and respect
  • Create a culture of openness where staff are encouraged to challenge, also encouraged not only to identify the problems but to help find and deliver the solutions to the problems they discover
  • Seek out those who are willing to learn, challenge and motivate them and allow them opportunities to develop outside their role to help them grow. Especially with those who have initiative, have a passion for technology, but also those who have an analytical mind set, who can ingest and distil information
  • Prioritise your tasks, do what is important and needs resolution now. Don’t necessarily start each day emptying your inbox or answering emails
  • Set milestones and constantly review tasks, activities and projects, also understand what success looks like and when you achieve it
  • Establish if you are the right person to deal with the problem and identify if there are other parts of your organisation, or beyond, that might help making informed decisions or deal with the issue, technology may not always be the answer to the problem
  • Encourage your staff to take on your functions or grow in to your role, work yourself out of a job, encourage talent, train for the future and grow the staff in your organisation, build a pipeline
  • Take time out for yourself i.e. get a hobby

What do good leaders achieve for their business:

  • Identifies what the problem is we are trying to resolve and concentrates on that issue
  • Identifies the solution to problems, understands the value of that solution to the business (ROI) and sets measurements to help understand if that product is delivering against the problem
  • Sets and codifies the mission and constantly encourages their teams to do the same, empowering individuals to act
  • Understanding risk and what it means to your organisation
  • Recognises and praises success, it increases engagement
  • Ensures lessons learnt are captured and propagated across your organisation and community
  • Understands the business and its culture in order to deliver against the objectives within that environment, “you can’t deliver cyber security in a vacuum”
  • Understands the questions the board needs answering and presents them with responses that helps them to make the right or better decisions, in a language that they understand

When considering risk the model I am most familiar with is that used by UK law enforcement officers College of Policing . The model they use is the “National Decision Model”, full details can be found if you click here.

From the model the recommended questions we need to ask when dealing with risk and develop a working strategy are:

  • Do I need to take action immediately?
  • Do I need to seek more information?
  • What could go wrong (and what could go well)?
  • What is causing the situation?
  • How probable is the risk of harm?
  • How serious would it be?
  • Is that level of risk acceptable?
  • Is this a situation for us alone to deal with?
  • Am I the appropriate person to deal with this?
  • What am I trying to achieve?
  • Will my action resolve the situation?

In the podcast they said “leadership is a craft in itself”, the principals can be taught, but it needs nurturing and practice. A CISO also needs the technical understanding to deliver against the role. Adding the two together creates a unique individual who adds great value to any organisation.

“Tell me and I forget, teach me and I remember, involve me and I learn”– Benjamin Franklin

Xanadata is a data analytics company, specialising in building systems that analyse data at extreme throughputs addressing markets such as cyber security, e-discovery and BI analytics. It develops and builds custom hardware and software to allow organisations to rapidly identify vulnerabilities, threats and risks caused by systems connecting to the Internet. Contact us to understand how Xanadata’s products and services can help you to understand the threats and vulnerabilities impacting your business today.

Original blog written by Kevin Williams for Team Cymru. Blog reproduced, in part, with thanks to Team Cymru:



One of the ways I keep up with what is new and current thinking in the cyber security world when I am on the road is by listening to the “Through the Security Rabbit Hole” podcast.

As I was listening to one of the recent presentations, I was considering what a cyber security strategy should look like. So here goes:

All/every employee must understand the organisation’s mission. Additionally all employees must understand their responsibility to help secure the company to achieve the mission. (This is particularly notable for phishing attacks.)


Have people at the board and all levels that own the cyber security problem, its implementation and response.

Understand your adversary and how they will attack you. Know your systems, all its end points, and all of its vulnerabilities. Have proactive intelligence on who is scanning you and try to identify why. Understand what normal looks like so you can spot abnormalities. Build trust groups internally and externally to understand your threat vectors and changes in attack methodologies, as well as exchanging ideas and best practice.

Identify and isolate what is important to you, such as your IPR (Intellectual Property Rights), customer data, financial data, etc.

Review current access and limit access to sensitive data to only those who actually need to access it and need to know the content. Not those who think they should have access. Identify your critical infrastructure and lock it down.

Be proactive and not reactive to the threats and vulnerabilities. Know when a wheel nut has come loose, don’t wait for the wheel to fall off before responding. Be as proactive in knowing what is leaving your network as to knowing what is trying to enter your systems.

Recognise your risks, relevant to your mission and ambitions, and have clearly defined boundaries as to what your risk appetite is.

For example:

  1. Is it OK for your website to be down for 30secs, 30mins, 30hours?
  2. Who are you going to call in a crisis, where is your documented IR plan written down and who can access it?
  3. What do your agreements say they will do to assist you in crisis, think about reviewing their contracts?
  4. What is your press statement going to look like and who is your talking head going to be?
  5. Plan for breaches, anticipate breaches, rehearse and exercise your response, don’t wait till it happens so that you have to make decisions in crisis.
  6. What will be your single public message? (lots of good examples out there deployed in recent events)
  7. How will your staff, vendors and outsourced capability respond on Christmas Eve or even Christmas Day if you need help?

Understand how you are going to communicate during a crisis, if your systems are “owned” by a miscreant, it is no use using the corporate email system to decide and share your battle plan.

  1. Patch management
  2. Good password rules
  3. Regular pen testing
  4. Sans top 20 critical security controls

In the UK, I always find it is worth reviewing what the UK Government has on the subject on their gov.uk site on best practice for cyber security advice.

When it goes wrong, know whom you are going to call.

Lastly, it’s all about the people, not the technology; your people are your asset.  But never forget they can be exploited and can be a vulnerability, so invest time in educating them and getting their buy in.

Xanadata is a data analytics company, specialising in building systems that analyse data at extreme throughputs addressing markets such as cyber security, e-discovery and BI analytics. It develops and builds custom hardware and software to allow organisations to rapidly identify vulnerabilities, threats and risks caused by systems connecting to the Internet. Contact us to help you understand your systems, all its end points and all of its vulnerabilities.

Original blog written by Kevin Williams for Team Cymru. Blog reproduced with thanks to Team Cymru: