Lab Licenses New Malware Detection Tool

The Johns Hopkins University Applied Physics Laboratory (APL), in Laurel, Maryland, has licensed a real-time malware analysis program to Deterministic Security, LLC, an Oregon-based spin-off created to introduce the APL-developed software to the commercial market.

REnigma enables cyber analysts to review malware quickly with different types of powerful analytics. REnigma’s Virtual Machine Record and Replay capability records detected malware and allows an analyst to evaluate it in greater detail than previously possible. The technology provides an isolated environment where code can be executed without interfering with a network, and where malware samples can be detonated in a safe place. The typically time-consuming and often expensive recovery process after a malware attack can now be done more efficiently and cost-effectively with REnigma. The technology will be commercially available to medium and large organizations that generally need malware analysis, such as banks and government agencies.

The concept of “record and replay” is based on an old academic research technique that allowed software testers to step backward from the point of a system crash to figure out the root cause. APL engineers began work on REnigma in 2010; the research and development of the technology was initially sponsored by APL and later, the government.

APL has long focused on the challenge of developing cyber solutions that stay ahead of ever-evolving technology and threats, despite the obvious difficulties associated with such a pace. APL’s Office of Technology Transfer (OTT) developed new strategies to quickly identify, evaluate and transition promising new cybersecurity solutions that need to reach the user community faster than typical APL technologies.

“We recognize that quickly transitioning cyber solutions like REnigma fills a critical need,” said Norma Lee Todd, who runs APL’s OTT. “REnigma provides a more efficient and economical way for organizations to deal with malware attacks that are increasingly wreaking havoc today. We enlisted a team of industry experts and together are working to move innovative solutions like this to market fast.”

The REnigma team participated in the Department of Homeland Security’s Transition to Practice (TTP) program, a tech-to-market program focused on commercializing federally funded technologies. In 2016, TTP selected REnigma as one of eight technologies in the program’s fourth cohort. The program aims to increase technology maturity and market readiness, and introduces participants to investors, integrators and IT companies. REnigma is the 10th TTP technology to successfully transition to the marketplace.

“It’s difficult to rapidly get technologies into the public in order to make them applicable in time to make a difference,” said John Forte, Deputy Mission Area Executive of the Homeland Protection Mission Area. “That’s why the commercialization of REnigma is such an exciting effort in the game of cybersecurity.”

Deterministic Security, LLC, joins four other new cybersecurity companies with ties to APL, including Terbium Labs, Blackpoint, Cognoscenti Systems and TeamWorx Security, LLC.

OTT seeks to leverage APL intellectual property for the broadest possible benefit, identifying, marketing and licensing commercially viable APL-developed technologies to business and industry. For more information, visit www.jhuapl.edu/ott. To learn more about APL’s Cyber Operations Mission area, visit http://www.jhuapl.edu/ourwork/cyberop.