Source: EurekaPress | ORNL Release | April 6, 2017

Virginia-based Lenvio Inc. has exclusively licensed a cyber security technology from the Department of Energy’s Oak Ridge National Laboratory that can quickly detect malicious behavior in software not previously identified as a threat.

The platform, known as Hyperion, uses sophisticated algorithms to seek out both legitimate and malicious software behavior, identify malware such as viruses or executable files undetected by standard methods, and ultimately help reduce the risk of cyberattacks.

Hyperion’s development began over a decade ago as an experiment by ORNL cybersecurity researchers to explore the emerging science of software behavior computation.

They determined that the behavior approach outperforms signature detection, which only searches for syntactic patterns that are easily hidden within a program’s code, according to ORNL’s Stacy Prowell, chief cyber security research scientist.

“These behaviors can be automatically checked for known malicious operations as well as domain-specific problems,” Prowell said. “Hyperion helps detect vulnerabilities and can uncover malicious content before it has a chance to execute.”

Hyperion introduces behavior computation as a new weapon for enterprise-level customers in the fight against large-scale cybersecurity threats.

“For us, software with unknown behavior has unknown security, which is problematic for global cybersecurity,” said B.K. Gogia, Lenvio’s chief executive officer. “Current methods are increasingly overwhelmed by the sophistication of attacks often precipitated by stealthy zero-day or sleeper code vulnerabilities. With Hyperion, we’re offering a new class of cyber protection.”

The Transition to Practice program, which is part of the Department of Homeland Security’s Science and Technology Directorate, had selected the technology for its market-transition program. TTP identifies promising technologies in national laboratories and helps transition them into product-level capabilities for commercial markets. As a result of participation in TTP, Hyperion was licensed non-exclusively by R&K Cyber Solutions in 2015.

Lenvio, which launched as a spin-off company from R&K in April 2016, has invested substantial funds and time to transform Hyperion from proof-of-concept into a capable and reliable commercial product. The previous non-exclusive license to R&K was discontinued by mutual agreement, and the exclusive license for Hyperion was awarded to Lenvio.

“Obtaining an exclusive technology license from ORNL helps us secure a more competitive position to commercialize Hyperion as we grow our company,” Gogia said.

Lenvio will continue to work with ORNL on co-authored publications and exploring opportunities for joint research and development.

The licensed intellectual property includes a copyright on the computer code and two patent-pending technologies invented by Kirk Sayre, Rima Awad, Stacy Prowell and former ORNL employee Stephen Lindberg of the Computational Sciences and Engineering Division and former ORNL employee Richard Willems of the Electrical and Electronics Systems Research Division. Others contributing to the technology were David Heise, Kelly Huffer, Mark Pleszkoch, Joel Reed and former ORNL employee Logan Lamb of the Computational Sciences and Engineering Division and Rick Linger, former ORNL Hyperion team member who is now Lenvio’s chief technology officer.

This technology was funded, in part, by DOE’s Office of Electricity Delivery and Energy Reliability’s (OE) Cybersecurity for Energy Delivery Systems Program to help reduce the risk that a cyber incident might disrupt energy delivery. Since 2010, OE has invested more than $210 million in a wide range of cybersecurity research, development and demonstration projects that are led by industry, universities and national laboratories. As a result, more than 35 new tools and technologies that OE investments have helped support are now being used to further advance the resilience of the nation’s energy delivery systems.