I don't usually write about acquisitions and all that financial stuff, but news that PayPal has acquired CyActive caught my eye as apparently this brings the promise of 'bio-inspired predictive security' into the online payments provider threat protection mix. Which made me think, just what the heck is bio-inspired predictive security when it's at home, and why has PayPal bought into it?
My first port of call in trying to get a line on this was the official PayPal blog posting on the thing. "While we have industry-leading fraud models and verification techniques, and a world-class security team" James Barrese, Chief Technology Officer and Senior Vice President, Payment Services, PayPal says "we’re always looking for ways to make our systems even more secure." Which is where the CyActive acquisition comes in, along with the establishment of a security center in Israel that will "tap into the country’s cutting-edge technology and top cybersecurity talent." CyActive being part of that tapping into process, being an outfit which specializes in predictive technology that focuses on how malware will develop and by so doing adds an element of future-proofing (or at least that's the idea) to PayPal security measures.
OK, so what does CyActive actually do then? Good question, and according to the company itself the answer is "forecasts how hackers will evolve today’s malware into tomorrow’s advanced threats, by applying bio-inspired algorithms and a deep understanding of hackers’ behavior, considerations and constraints." Which is about as clear as mud when it comes to explaining what these bio-inspired algorithms actually are. I mean, I get the predictive stuff which looks at malware behaviors and what the cyber-criminals behind it expect to achieve. I'm less clear on how this is turned into accurate predictions of the variants that will emerge from any given malware sample. I guess that by bio-inspired what is actually meant is 'evolutionary best guess based on past experience' to be honest. That doesn't sound quite as impressive, of course.
Not that I'm knocking what CyActive claims to do, the company was founded by a couple of clever bods who apparently were part of the Israeli Defense Force (IDF) which, or at least the 8200 intelligence unit bit of it, appears to have quite a long history of spinning off hi-tech and highly clever start-ups. If, as CyActive claim, it can (accurately) predict hundreds of thousands of future malware derivatives in a matter of hours and then use these to program detectors that proactively anticipate and prevent attacks on network and endpoint devices, that has to be a good thing for PayPal users. I'm certainly all in favor of taking a proactive rather than purely reactive approach to security, and applaud PayPal for seeing the value in that.