The idea for ARMS Cyber (Autonomous Resilient Management Solutions) was discovered on the premise that for far too long businesses and government agencies have been thinking about cybersecurity the wrong way. During the course of our founders’ PhD studies, it became increasingly apparent that instead of reactively patching systems after vulnerabilities are detected, a proactive defense in depth approach should be taken to invest in creating secure software runtime environments. Similar to the structure of an onion, security mechanims are implemented at multiple tiered levels, consequently changing a system’s DNA and mitigating the current landscape of cyber exploits from succeeding.
Hackers don’t discriminate. In 2019 over $5.2 Trillion of business value was lost due to cyber-attacks. Of this cost, $15 billion was attributed to direct company damage including business loss, information loss, revenue loss, and equipment damage. Victims have included Fortune 500 companies, small businesses, and government agencies, while adversaries include nation-states, terrorist organizations, and hacktivist groups. With IoT devices becoming more integrated into safety critical applications, the worst case scenario is no longer exfiltrating sensitive data such as patient records and credit card information. In this day and age, it is now a real possibility that our most dangerous adversaries can conduct cyber-terrorist activities remotely and at a steep discount compared to traditional military tactics. It is scary to think that one day we might wake up and see pacemakers malfunctioning, CAT scans overdosing patients, automobiles crashing, the stock market held for ransom, and even our military systems compromised.
Current cybersecurity efforts revolve around discovering vulnerabilities in software, monitoring for attack indicators, and patching systems. With this approach, attack recovery averages 51 days, creating significant downtime that negatively effects the company’s bottomline. Additionally, with over 500 Billion vulnerabilities estimated to be included in legacy and IoT devices, it is close to impossible to exhaustively find every system vulnerability. Thus, the attacker has a huge advantage since they only have to be right once, while the defender has to be correct 100% of the time. To address this problem, we shift our defense priorities by instead focusing on prevention and reconfiguration. Similarly to a primary care doctor, we fix the root problem of a system before an attack, resulting in maximum resiliency to threats. To achieve this, we utilize moving target defenses to diversify the DNA of the software identity, elimintating virus propagation and widespread zero day attack compromises. Additionally, by integrating distributed fault tolerant techniques, software self heals in real time, minimizing business downtime.
Our approach consists of three stages: prevention, identification, and recovery. To prevent we dynamically change the software identify of programs. We randomize the address space, shuffle function order, encrypt global and local variables, isolate stack segments, and distributely store data using an IPFS Blockchain architecture. To rapidly and accurately detect attack indicators, we integrate trip wires and honeypots as well as state of the art artificial intelligence algorithms. Finally, to recover we integrate a kubernetes architecture to autonomously reconfigure and self heal software when an attack is detected. By using our approach, data integrity can be maintained and critical business software can become unhackable, dynamically adjusting and self healing based on adversary behavior.