Companies active in the Defence sector often create services and products for the civil world as well, expanding their range of activities. In recent years, this ‘contamination’ has increasingly been evident in the cybersecurity market, for obvious reasons. This same evolution led to Gyala, a new Italian cybersecurity company created in 2016 but whose fouders already have many years of experience in Defence, cybersecurity and IT markets.

In 2017, Gyala was funded by the Defence Ministry to develop a new cyberdefence automated system. The resulting platform - Agger - is now offered also to private companies, after Gyala extended its business proposition thanks to a new financing round led by CDP Venture Capital, Azimut Libera impresa and Italian Angels for Growth.

However, the three pillars of Gyala's approach to cybersecurity still stay the same of its Defence original history: integration of IT and OT security, digital sovereignty in cyber security technologies development, attention to data privacy against cybercriminals and state-sponsored actors.

The issue of digital sovereignty is, in particular, prominent for a company that was born in the defence world. But it's also becoming important for private organizations, which by now are well aware that cybersecurity and geopolitics intersect more and more often, and that company data are certainly 'appealing' to criminals, but also to foreign states. So the idea of having cybersecurity companies and technologies that are entirely ‘Made in Italy’ is becoming more and more attractive.

The Agger architecture

Agger presents itself as a transversal IT/OT security platform, based on a multi-layered architecture. At its base is a network of distributed agents, installed in all devices that have enough computing power to support them. Agents not only detect attacks or vulnerabilities, but above all ‘delocalise’ automation and machine learning components as far as possible, to define the baseline behaviour of individual systems and to increase reaction capabilities closer to the attack surface.

Upstream of the agents are Network Security Appliances that monitor and analyse IT and OT traffic. Here, too, machine learning algorithms outline the basic behavioural patterns of the infrastructure, to detect anomalies - signs of a probable attack - and to react as quickly as possible.

Network Security Appliances also monitor and protect those devices that cannot accommodate Agger's agents directly on board. In this sense, Agger also has a specific OT Defence module that remotely control ‘not smart’ objects such as PLCs, to constantly check their availability and integrity and, when necessary, to restore their original firmware and configurations.

Analyses and data collected at the edge of the infrastructure then converge in the actual Agger platform: a console where a correlation engine analyses all events generated by the Agger modules - to trigger specific alarms and remediation procedures - and a Risk Management component maintains a model of the IT/OT infrastructure, linking the likelihood and extent of each potential threat with the impact it would have on services and systems availability.

Behind all this there is obviously a relevant part of threat intelligence, which is more and more important as the number and variety of possible threats and attacks increases. Gyala tries to gather as much information as possible from very diverse sources, in order to have - and thus transfer to customers - a cross-sectional view of the cybersecurity scenario.

From Defence to Enterprise

The mixed IT/OT DNA of Gyala defines the first markets to address approaching the private secyor: Manufacturing, Hospitals, Utilities, Naval industry. All areas where OT is rapidly integrating with IT and where cybersecurity management must increasingly include ‘objects’ of a non-strictly IT nature.

These are also markets where cybersecurity is critical, but managing it is certainly not the core business of user companies. Where, therefore, Agger's automation functions can add more value, by reducing the need for specific people and skills to protect infrastructure.