Agamotto
Problem Definition
The cybersecurity ecosphere thrives on information sharing, but often the information itself is too secure to share, like passwords or Security Operations Center data. Users affected by a security breach at a company may not know for years, when the stolen credentials appear on the dark web, and this is a major issue as stolen credentials account for 40% of attack entry points in 2022 (the highest method by far).
Security Operations Centers are run by individual companies or as a service and operate all the detection and correlation engines to spot incoming attacks. Each SOC is unique and configured specifically for their operational environment, and other than customizing generic Indicators of Compromise, they are completely separated from each other. The SOC is unique, but the industries they support are not, and they could benefit from intra-industry security information sharing.
Vision and Opportunity
The vision of Agamotto started with the idea of a privacy-preserving data sharing framework and query API for Personally Identifiable Information (PII). The potential of this API is to drastically speed up the detection of breached passwords to allow users to change their passwords before they can be used in an attack.
As we studied this problem, we realized another application of our API could be to link actionable security platform data across entire industries, like critical infrastructure, to bolster and improve the overall security posture of any SOC.
Our Solution
Agamotto is a secure, private, information sharing platform that is revolutionizing the security secrets space. Agamotto leverages cutting edge Privacy Set Intersect and fully homomorphic encryption technologies to privately compare security information. Our strengths are plain text and password hash comparisons, as well as plugins to Security Incident and Event Management (SIEM) platforms.
FAQ
Q: Who are the users of Agamotto?
A: Agamotto is securely designed to assist the security staff of Enterprise, Industrial and Government entities.
Q: What problem does Agamotto solve?
A: Speedy and secure dissemination of security data such as PII and correlated SIEM alerts.
Q: What are some use cases for Agamotto?
A: Assist incident response staff in user breach data notifications. Provide a security data network for SIEM platforms to privately and securely share correlated security data.
Acknowledgement
The Agamotto team would like to thank W295 capstone advisors Dr. Sehkar Sarukai and Ryan Liu, who's leadership and expertise was invaluable in helping the Agamotto team along our journey from idea to product.