VyoPath

VyoPath Creates SaaS Revenue Stream by Leveraging Allata in Artificial Intelligence

To enable clients to detect cyber risks, VyoPath wanted to expand its packet flow collector and turn it into a robust network analysis platform—by adding artificial intelligence capabilities to detect cyber-threat scenarios such as brute force, denial-of-service, and distributed denial-of-service attacks.

Services

Technology & Cloud

Industry

High Tech

Cyber security concept. Padlock on circuit board background neon

key deliverables

System source code and documentation
Data cleansing process and fine-tuned data models
UDF inference library
ClickhouseDB schema redefinition
Machine learning model accuracy and precision results
Synthetic data generator
Docker images

tools & technologies

GoLang
Python
Amazon SageMaker
Amazon S3
Docker
GitHub
NetFlow
Kafka
ClickHouseDB
Grafana
Catboost
SQL
TShark
Nfdump

Allata has develop a product that can earn us revenue in the near future, and they have done so in just a couple of months. It would have taken us many more months with internal resources, so with Allata as our partner, we can go to market much sooner as we take care of current client needs.
VyoPath

The Challenge

Augment Cyber Threat Analysis with Machine Learning Algorithms

VyoPath, a trusted advisor to businesses seeking innovative and strategic technology solutions, helps clients navigate the challenges of the ever-changing digital landscape. Co-founders Nate McCallum and Paul Stege first launched the company with a focus on providing consultation and professional services. As cybersecurity emerged as one of their key niches, McCallum and Stege began to productize their expertise.

This strategic initiative started with a packet flow collector that receives and decodes NetFlow packets from Cisco routers as well as system log files, DNS files, and other log-source systems. The collector also enriches packets and log data with details on which devices talk to each other, how many bytes of data they exchange, which protocols they use, and other variables such as rate limiters, blacklists, and recurrences. This information helps VyoPath customers detect anomalous behaviors on their IT networks that could represent impending cyberattacks.

To expand the product offering and turn it into a more robust network analysis platform, McCallum and Stege wanted to add artificial intelligence capabilities to detect cyber-threat scenarios, such as Secure Shell (SSH) brute force attacks and Distributed Denial-of-Service (DDoS) attacks.
Nate McCallum, Co-founder, VyoPath

We already had a solid offering but wanted to make our analysis platform more helpful to our clients by including machine learning algorithms that identify attack patterns proactively. This would let our clients mitigate cyber risks before they turn into real problems.

To take on this challenge, McCallum and Stege realized they needed to find a software development partner with experience in the implementation of artificial intelligence projects. The partner would also need strong skills in GoLang, Python, and Amazon Web Services—the languages and platform used to build the network analysis tool.

Hiring resources would not have been practical given that we were building new capabilities and needed to prove they work. That approach would have been cost-prohibitive, and it would have taken us too long to go-to-market with our existing resources.
Paul Stege, Co-founder, VyoPath

The Solution

Allata Offers Proven Track Record and Required Skill Sets

The answer to the VyoPath challenge came from Allata, a company McCallum and Stege already knew for its software coding and project management expertise.

Allata consistently provides professional resources with the precise skill sets to meet the requirements of software projects. And their developers have the backing of a strong team that takes care of project management and status updates as well as additional technical resources that developers can go to when they need extra help.
Nate McCallum, Co-founder, VyoPath

Allata provided specialists to handle three project phases. Phase one included refactoring the existing data collectors according to developer best-practices and adding new capabilities to the network analysis platform. For phase two, Allata implemented DevOps methodologies for the log ingestion module along with log processing and machine learning algorithms to detect brute force attacks where hackers mimic legitimate users. During phase three, Allata programmed the VyoPath solution to detect denial-of-service attacks where threat actors hit servers with thousands of fake users.

The Allata team first conducted a proof-of-concept to validate the minimum viable product would work. Allata also used infrastructure as code (Terraform), which gives VyoPath clients the flexibility to deploy the solution in any cloud or on-premises environment.

A big challenge was the need for large sets of packets to test the system. Since the solution could not be tested in a production environment, Allata created synthetic data to load into the platform to train the machine learning models and to make sure the detection algorithms worked correctly.

A diagram of a network showcasing the implementation of Artificial Intelligence in various SaaS devices, generating an intelligent revenue stream.

The Results

Real-Time and Accurate Threat Detection for Clients

With the VyoPath network analysis platform, clients can conduct behavioral analysis of network traffic to Allata also trained the models with public Netflow data sets. As part of this effort, Allata data scientists selected variables and features relevant to the network analysis and integrated the machine learning library with ClickHouse—an open-source database used by VyoPath for which Allata also designed an identify different types of attacks.

We can also advance that analysis to see if a device is doing something nefarious at that moment.
Paul Stege, Co-founder, VyoPath

Before collaborating with Allata, VyoPath attempted to identify attack traffic by viewing Internet databases to check if IP address packet senders were known to conduct malicious activities. However, an IP address that conducts an attack can sometimes be allocated to another device, so an innocent user with such an IP address could be incorrectly flagged as an attacker. The solution Allata provided does not rely on this approach. Rather, it determines an attack by type (such as DDoS or SSH) based on whether the inherent characteristics of a traffic packet match those of known attacks.

The improved network analysis platform Allata helped VyoPath build can now process up to 142K rows per second of packet and log data—so VyoPath clients can monitor potential cyber threats in near real-time. The machine learning model demonstrated a high level of accuracy, which enables clients to detect real threats and avoid reacting to false positives. As the system goes into production and analyzes real traffic, the solution Allata created will re-train the algorithms and increase the accuracy even further.

Another key benefit for our clients is that our solution passively leverages data from NetFlow and other sources. Since most clients have already deployed NetFlow on their Cisco routers, they don’t have to bring in another device.
Nate McCallum, Co-founder, VyoPath

Although the cost savings of the project compared to hiring data scientists and coding experts proved to be a big benefit for VyoPath, the choice to partner with Allata was not primarily based on the money saved.

It’s not feasible for a start-up launching a product to take that approach when testing a new concept. We needed Allata to test the concept and promptly bring it to market, and now that they have proven the machine learning model works, it makes sense for us to keep working with Allata.
Nate McCallum, Co-founder, VyoPath

Partnership Continues to Deliver Value

VyoPath and Allata continue to work together to further enhance the network analysis platform. The two teams will test the use of batch inputs where the system analyzes thousands of packets per minute. This will streamline the process of creating a continuous delivery pipeline of trained data models.

We will also need assistance from Allata for standing up the product to be consumed as a service by our clients. And now that we can identify potential cyber threats, we want to enhance the way we present the information to our clients so they can react efficiently.
Nate McCallum, Co-founder, VyoPath

McCallum emphasizes that tapping into Allata skills and resources to execute a project like this is vital for a company like VyoPath.

We need to focus on the core aspects of the business and generate revenue in the short term with our other services. Allata has developed a product that can earn us revenue in the near future, and they have done so in just a couple of months. It would have taken us many more months with internal resources, so with Allata as our partner, we can go to market much sooner as we take care of current client needs.
Nate McCallum, Co-founder, VyoPath