Reshaping the cybersecurity ecosystem with CyberASAP 23/24: Meet the teams hoping to spin-out

Meet the teams

• Oxford University – Blockhawk

  Monitoring blockchains to detect attacks and misbehaviours

  BlockHawk was developed by Dr Louise Axon, Professor Sadie Creese and Professor Michael Goldsmith. The Oxford University team were exploring the security of blockchain when they realised there were very few examples in the market of being able to watch, check and detect attacks on blockchains as they are running.

  BlockHawk uses Machine-Learning and rule-based algorithms to detect indicators of external attacks or misbehaviours, in line with this year’s CyberASAP thematic strand – focussing on AI model security and software supply chain security.

  They are committed to presenting information in a way that is comprehensible and actionable, as explained by Dr Louise Axon:

  There aren’t many companies that will have a blockchain security specialist in their team. We have the deep technical knowledge of how this works, and we’re able to explain what an attacker might be trying to do, helping the user to contextualise it and take action.

  So, how has CyberASAP helped the team on their development journey? And what are their next steps?

  We’re hoping to spin-out. The programme has helped us to understand our market and make important contacts, but a key takeaway has been developing the proof of concept. Before the programme, we just had a theory: now we have something tangible to demonstrate to people.

• Edinburgh Napier University – TrueDeploy

  Mitigating open-source software risk for SMEs

  TrueDeploy offers a simplified, single view of a company’s software security status, accessible even to non-security experts, mitigating risks associated with open-source libraries.

  The team is made up of seven industry experts and advisors who are building the TrueDeploy Vulnerability Database, where AI/NLP models are being trained to provide in-depth insights and recommendations tailored to the specific requirements of each customer.

  CEO and lecturer at Edinburgh Napier, Pavlos Papadopoulos, had ideas on how his team could commercialise their research during his PHD:

  I noticed that the technology I was publishing papers on weren’t just an academic exercise – they could have a real impact on the world.”

  “Existing software provides minimal insights into potential vulnerabilities. Our insights are much more comprehensive because we are integrating with a lot of other vulnerability databases whilst creating our own, and using AI techniques to tailor the findings based on customer needs.

  So, how has CyberASAP helped TrueDeploy achieve their goals?

  This is the second time we have participated in the programme. The first experience helped us pivot on our aims and taught us to be clear with our messaging. The second time round we are more prepared. We managed to speak with customers that validated our ideas so that we were able to secure funding and create a proof of concept.

  The team are looking for further funding whilst finalising their MVP, and have big ambitions for the future:

  The AI feature is something we’ll continue to develop, but we want to give our customers more insight into many other cybersecurity concepts moving forward.

• Oxford University – Vouchsec

  Conversational cybersecurity platform for the AI era

  Vouchsec are another Oxford University team making strides in security for the AI era. Dr. Michael Piskozub and Professor Ivan Martinovic worked on a programme detecting unwanted or malicious behaviours from network traffic for years before starting Vouchsec – a new type of an extended detection and response (XDR) technology that provides a unified conversational platform to manage cyber incidents.

  Targeting security operation centres, Vouchsec aims to represent data in a more approachable way, utilising visualisation and language to find solutions. This is something Dr. Michael Piskozub is personally interested in, as he explains:

  I’m always fascinated by how you can arrange some data points to make sense and take advantage of our senses like our vision to be able to work quicker – and that’s one of the benefits of the technology, to allow security analysts to process threats quicker.”

  “I’m also interested in how we can leverage language to interact with the data. Simply being able to talk to a platform to give you an overview of your security position is really valuable.

  CyberASAP has enabled the team to bridge the gap between research and business processes. They’re looking forward to interacting with future adopters to test the technology before expanding their team.

• University of Essex – CybersecurityAId

  A dynamic, AI-powered self-assessment cybersecurity tool for small businesses

  With their unique combined expertise in business, cybersecurity and marketing, Dr. Marta Arroyabe and the team at CybersecurityAId want to empower micro-businesses facing digital threats. They found that SMEs and sole traders lack the resources and expertise to implement effective cyber hygiene practices. So as opposed to the existing one-size-fits-all approach, their tool offers tailored recommendations that aim to protect the key assets, systems, and processes within a business.

  The dynamic self-assessment tool powered by Large Language Models (LLMs) simplifies the often-complex world of cybersecurity, and has undergone extensive market validation, ensuring its alignment with the needs of small businesses.

  Now in their proof of concept phase, they’re able to showcase features such as user registration, interactive questions, LLM-generated recommendations, intuitive interfaces, and a scoring system.

  The team want to see a large proportion of UK companies utilising the tool and noticing a difference in the safety of their business, and have so far generated interest from stakeholders, including insurers and industry associations.

  We are building quite an interesting network of public organisations and of private corporations that serve small business customers – they are really interested in the products.

  – Project Lead, Dr. Marta Arroyabe

  The team hope this interest will contribute to their development plans which will see them spin-out, as Knowledge Exchange Manager, Ville Karhusaari explains:

  If our development plan works, over the next six to 12 months we’ve got the potential to spin out which would be a first from the social sciences – so this is a powerful internal case study for the University of Essex.

• De Montfort University – TwinSecure

  Securing critical national infrastructure – a digital twin-powered decision support system

  After recent cyber attacks against critical infrastructure resulted in halting the operation of over 10 companies, Dr. Ashraf Tantavy and Dr. Iryna Yevseyeva joined forces to develop TwinSecure.

  Their research found that operation shutdown was unnecessary – the attacks didn’t penetrate the target systems to impact the physical operation. The team concluded that the main reason for premature shutdown was the lack of situational awareness enabling operators to take more accurate decisions.

  The solution is autonomous decision support software powered by a digital twin model for the protected system. It performs real-time threat situational awareness, and provides the best set of actions in any given situation.

  Most existing solutions fail to combine cybersecurity and systems engineering to get the bigger picture. We are trying to look at the problem from a different angle.

  – Dr. Ashraf Tantavy

  But what sets TwinSecure apart from others?

  As a team, we have experience in different areas of the system. I have a background in system engineering and Iryna has a background in optimisation. We’re looking forward to connecting with investors and future stakeholders whilst developing the commercial side of the project.