Ventures

Technology

Many companies are unaware of the attack surface they present to cybercriminals. The St. Ingbert-based company AIS wants to change that and helps companies uncover digital vulnerabilities and take appropriate security measures. The CISPA spin-off has developed the Findalyze platform, which enables companies to continuously monitor their Internet-exposed IT infrastructure and thus proactively secure it. Through the "attacker's goggles," the software examines publicly available information from companies for potentially security-relevant aspects, evaluates them, and provides actionable insights to improve and maintain IT security posture

Scientific Background

To determine and reduce the potential attack surface, Findalyze applies various security-related checks and testing procedures to enterprise IT assets, such as domains, email addresses, or externally visible technologies. Under the technical and conceptual leadership of Dr. Oliver Schranz and Dr. Milivoj Simeonovski, both of whom earned their doctorates at CISPA, a scanning and evaluation mechanism was developed that processes the results for companies and makes them available on a dashboard. Through permanent knowledge transfer, AIS ensures that the latest findings and attack vectors are also incorporated into the platform.

Technology
The problem of vulnerable Internet-of-Things (IoT) devices grew into a serious menace, culminating in massive DDoS attacks and an even more significant threat to the privacy of personal data. Bitahoy addresses this problem by developing a device that is connected to the home network and analyzes any network traffic. The goal is to provide an automatic solution to detect attacks on IoT devices and thus improve the security and privacy of the users.

Scientific Background
The Bitahoy Watchdog is a distributed system that can protect non-industrial IoT devices from malicious commands and data-exfiltration. After the deployment of the client-part of this system in the user’s network, it is capable of intercepting, analyzing, and filtering network traffic of all the connected IoT devices without any configuration. The system classifies devices and judges their real-time behaviors through machine learning based on previously observed benign activity. The founders of Bitahoy are graduates of the master's course ‘Entrepreneurial Cybersecurity’ at Saarland University.

Technology
Codeshield has developed a security tool for integrated development environments, which allows to analyze the whole software supply chain in almost real time and with high precision. With the help of static code analysis, data flow analysis and fingerprinting vulnerabilities in your own code as well as in integrated third party libraries can be detected and fixed.

Scientific Background
Dr. Johannes Späth has developed new and efficient algorithms for static code analysis in the context of his excellent dissertation and has published on this topic at international congresses. Manuel Benz has a master's degree in both computer science and IT security and has been working on the combination of static and dynamic analysis at the University of Paderborn since 2016. Andreas Dann has a master's degree in computer science with a minor in economics and has been researching static code analysis in the field of IT security at the University of Paderborn since 2016.

Technology

Two-factor authentication has become the standard for logging in to most web services. To ensure that logging in is not only fast, but also secure, Deepsign has developed a technology for companies and their employees that turns the individual behavior of users into a second factor. Using artificial intelligence techniques, DeepSign creates a model of how users interact with their mouse and keyboard. This unique interaction pattern can then replace cumbersome authentication via other devices or repeated password entries when logging into a computer. Unlike other biometric features such as a face or fingerprint, interaction patterns cannot be easily copied undetected or accidentally passed on like a password. In addition, the login process remains fast.

Scientific Background

DeepSign puts behavior-based security at the forefront. The founders Jannis Froese and Nils Vossebein studied at Saarland University and combine knowledge about IT security from academia and industry. While Jannis Froese is particularly knowledgeable in the field of machine learning, Nils Vossebein's specialty is the acquisition, processing and storage of data. He is also in charge of sales at DeepSign.

Technology
Children are surrounded by digital systems and are using them more than ever before. However, many of them are not aware of what is actually going on inside of all these tablets and computers and which risks arise when using digital devices. And how to prevent these risks by following a series of guidelines, from choosing the right password to dealing with cyberbullying and preventing the disclosure of sensitive information to others. Therefore, Foldio aims to prepare children for the digital world at an early age by teaching them the basics of computer science and cyber security in a playful way. To reach this goal Foldio develops educational paper-based toys accompanying mobile video games.

Scientific Background
After launching a first product version, the Foldio Starterset, a programmable paper robot that children can program to know the basics of how computers work, Foldio is currently developing a hybrid point and click adventure game that will teach children the basics of cyber security. CISPA Incubator supports Foldio professionally from the development of a learning concept to the first game prototype.

Technology
Complex AI systems are inherently black-boxes with minimal insight into their internal functionality. This bears the danger of decisions that are not justifiable, legitimate, robust against external manipulations or that simply cannot be understood by stakeholders with different backgrounds. To help organizations meet this challenge, QuantPi developed an innovative framework which systematically matches questions about the functionality of AI systems with appropriate algorithms to produce relevant explanations. Furthermore, it allows users to understand how the latter algorithms work and to evaluate risks when interpreting their output.
 

Scientific Background
QuantPi is a spin-off of the prestigious Helmholtz Center for Information Security (CISPA), located in Germany. We develop automated and scalable solutions for explainability and robustness auditing of AI models. The QuantPi team is made up of leading researchers, engineers and business minds from premier universities around the world. Our customers include well-established companies of various industries and fastly-growing AI startups.