Clark School Home UMD

ISR News Story

FICO purchases alums' cyber risk startup

L-R: QuadMetrics Chief Science Officer Mingyan Liu, CEO Wes Huffstutter, and Chief Technology Officer Manish Karir. Images courtesy of QuadMetrics.
L-R: QuadMetrics Chief Science Officer Mingyan Liu, CEO Wes Huffstutter, and Chief Technology Officer Manish Karir. Images courtesy of QuadMetrics.

A cyber risk startup company led by Mingyan Liu (MSSE 1997; EE PhD 2000), Manish Karir (EE BS 1996; EE MS 1999) and Wesley Huffstutter has been purchased for an undisclosed amount by FICO, the company known for its credit rating scores.

QuadMetrics, licensed from the University of Michigan in 2015, leverages predictive analytics to monitor signals from both open source and proprietary data sources to provide an overall security score for an enterprise. The score helps security professionals address gaps and enables partners and insurers to understand a firm's security risk.

"We have built a system using state-of-the-art Internet measurement and predictive analytics techniques to enable quantitative security risk assessment as well as proactive measures. Ours is the only predictive solution currently on the market," said Liu, QuadMetrics’ chief science officer and professor of electrical engineering and computer science at the University of Michigan.

As a student at Maryland, Liu was advised by Professors John Baras (ECE/ISR) and André Tits (ECE/ISR). Early in her career, Liu's research focused on optimizing resource allocation over wireless networks. This work relied heavily on game theory and problems involving several self-interested parties sharing resources. Liu found many analogies for these sorts of problems in cybersecurity, and shifted her focus to designing incentive mechanisms for companies to enhance security measures. QuadMetrics’ system stems from Liu's research in cybersecurity and insurance markets at Michigan.

Karir was also advised by Baras for his MS degree and worked on security of Internet over satellite protocols. He showed in his MS Thesis that Layered IPSEC (using different keys to encrypt the IP packet header and the IP packet body), can be done very efficiently (meaning the additional delay and energy are negligible). This advance was critical in making the protocols invented by Baras’ research group for Internet over satellite secure and thus competitive to terrestrial alternatives. Layered IPSEC became a standard adopted by ETSI and IETF.

There are a pair of services to help companies both assess the effectiveness of their security and decide the best way to allocate or increase their security budget.

“Signet Scope” determines how secure an organization is and its vulnerability to certain types of attacks. Internet data measurements are collected from the organization and applies data analytics and machine learning techniques are applied to find cybersecurity holes that might be exploited by criminals.

“We can easily achieve a true-positive rate exceeding 90 percent and a false-positive rate below 10 percent,” says Liu.

“Signet Profile” provides one of the first means to determine premiums for cyber insurance, which operates on the same principles as home or auto insurance. An underwriter takes on the risk that a company may face a data breach, and covers the cost of repairing the damage should it be victimized. Determining what a premium should be for a given company previously relied on interviews and surveys of IT staff, which have proven to be unreliable metrics.

“Rarely do cyber insurance companies get ahold of information that’s really important and indicative of the risk that the company is facing,” says Liu.

Signet Profile offers insurers a summary of the company’s security strengths and weaknesses. It quantifies the risks a company is facing, allowing an insurance company to produce a more reliable cost estimate.

Liu hopes this will accomplish a shift in how companies view cyber insurance. Right now organizations buy these policies to transfer risk on to an underwriter, but a QuadMetrics profile could create incentives for them to work to reduce their risk. Better security could mean lower insurance premiums – and more secure customer information.

Doug Clare, vice president of cyber security solutions at FICO, said, "We're excited to have the QuadMetrics team—and their deep expertise—joining us in our efforts to fight cyber crime and help all organizations improve their visibility and insights into cyber risk. Just as the FICO Score gave credit markets a single metric for understanding credit risk, this product will give the industry a common view of enterprise cyber security risk."

--Thanks to Greta Guest of the University of Michigan for this story

| Read coverage of the story at the Wall Street Journal | Read the original stories published by the University of Michigan | here | and here |

Related Articles:
Alum Domenic Forte receives $1M ECASE-Army cybersecurity award
Yuntao Liu receives Wylie Dissertation Fellowship
Alumna Mingyan Liu named ECE chair at University of Michigan
Alum Mingyan Liu is PI for Multiscale Network Games of Collusion and Competition MURI
Alumnus Radha Poovendran is PI for cybersecurity MURI grant
Qu Wins NIST Grant
Qu organizes ARO workshop on information technologies
Alum Mingyan Liu named IEEE Fellow
Carl Landwehr named IEEE Fellow
Srivastava is PI for NSF hardware security grant

June 24, 2016

Prev   Next



Current Headlines

University of Maryland Launches Quantum Technology Center

Min Wu named Associate Dean for Graduate Programs

Mapping Nucleation Kinetics with Nanometer Resolution

MEI² Receives Two New Innovative Vehicle Technology Awards

New EventAction interface improves recommender systems

BIOE, UMB to Host October Symposium

Khaligh elevated to Fellow of Institution of Engineering and Technology

Alumnus Amir Ali Ahmadi receives PECASE Award

Alum Samuel Gollob is NSF Graduate Research Fellow

Espy-Wilson, Sivaraman research aims to improve speech inversion

News Resources

Return to Newsroom

Search News

Archived News

Events Resources

Events Calendar