New York City-based Red Balloon Security, Inc. was awarded a $746,756 Small Business Innovation Program (SBIR) contract from the Department of Homeland Security (DHS) Science and Technology Directorate (S&T) to develop an upgrade to its existing hybrid prediction system for embedded malware detection.
Under the two-year, SBIR Phase II contract, Red Balloon Security, which specializes in embedded device security, will develop new capabilities for and enhance the current functionality of its Symbiote Defense intrusion-detection system. The research and development project is being managed by the Cyber Security Division’s (CSD) Internet Measurement and Attack Modeling (IMAM) project. CSD is part of the Homeland Security Advanced Research Projects Agency.
“Malicious code, more commonly known as malware, is a growing cybersecurity concern mainly because it can run undetected on systems and devices without the user’s knowledge, especially in embedded systems” said Cyber Security Division Director Douglas Maughan. “This project will strengthen defenses against malware by identifying and countering an intrusion early, before it compromises a device’s sensitive and private information.”
As part of a project titled “Hybrid Prediction for Embedded Malware,” Red Balloon will design, develop and implement the following four new capabilities into its Symbiote Defense system:
- Create attack graphs that will catalogue system defenses along various embedded device attack paths
- Develop a live-hardening feature to capture detailed information about malware attacks
- Create an advanced, continuous, real-time monitoring capability that will exfiltrate forensic details of malware actions as the malicious program runs
- Expand the system’s functionality to display malware forensic details and perform post-processing to analyze the details sufficiently so system or network operators can take short-term action without having to wait for expert human analysis.
Red Balloon also will test and pilot the upgrades and solicit feedback from users so the updated platform can be further refined.
“We are looking to Red Balloon Security to greatly enhance capabilities to identify cyber-intrusions and speed the reaction time of network and system operators to eliminate a threat,” said S&T IMAM Program Manager Ann Cox.