CYDEF’s SMART-Monitor technology earns the first of several patents filed in the US.

Ottawa, Canada, November 10, 2022 — CYDEF is pleased to announce that US Patent no. 11489851 for our managed detection and response (MDR) technology, SMART-Monitor, was approved by the US Patent Office on November 1, 2022.

This is the first of several patents filed in the US by the Canadian cybersecurity company. The patent is related to the meshed network of sensors used in the monitoring process.

The approval of this patent validates the innovation that CYDEF has brought to the market, which not only vastly improves upon traditional MDR outcomes, but also provides a defense in depth cybersecurity solution that is attainable for organizations of all sizes – from small- and medium-sized businesses to enterprises and critical infrastructure.

CYDEF’s founders were frustrated with the inability of existing solutions to prevent cyber attacks from succeeding. They felt too much trust had been put on artificial intelligence (AI) and automation.

“We didn’t want to create something only to be marginally better,” said Tiago de Jesus, PhD, co-founder and Chief Innovation Officer at CYDEF. “We genuinely wanted to find a better way to keep businesses safe.”

Traditional cybersecurity solutions use threat intelligence (what we already know about current and past threats) and threat modelling (a process to identify vulnerabilities by considering every possible scenario). They rely upon AI to score threats and determine which of the highest scoring threats should be investigated by analysts. Unfortunately, this results in gaps and missed vulnerabilities, especially when analysts are busy.

Our founders recognized the industry was lacking in the area of threat hunting.

Threat hunting is a human-led, proactive approach to identifying unknown threats (new attacks that no one has ever seen before). IBM estimates that automated cybersecurity solutions can only stop approximately 80% of threats. For more sophisticated attacks, they say, threat hunting is required.

“One of the main problems we needed to solve was how to make threat hunting faster and more efficient – and therefore, more affordable – without sacrificing quality,” said de Jesus. “The solution was beautiful in its simplicity.”

“We realized we needed to look at the data differently. Instead of searching for what might be malicious, we decided to focus on classifying acceptable behaviors. Once you eliminate what is acceptable, or ‘good’, everything left over is a potential threat and must be investigated.”

Essentially, CYDEF reversed the approach to detection and response. Our machine learning technology maintains an ever-growing allow list of behaviors that are deemed expected and acceptable in a business environment. This includes activities such as when a user clicks on a PDF file, Adobe Reader launches to open that PDF document – that’s the expected behavior. CYDEF isn’t reading the document, but rather, monitoring the processes that are running in the background.

This list of ‘good’ activities (or, more specifically, application and process behavioral analytics) is much shorter and easier to maintain than the infinite list of all potential malicious activities and vulnerabilities.

The CYDEF solution takes a systematic approach. Analysts methodically review all telemetry which hasn’t already been classified and allow listed, and either add it to the allow list or flag it as malicious.

“As our baseline matures, anomalous activity stands out more,” said Michael Noory, Senior Threat Hunter at CYDEF. “Using this process-driven method, we’re not only finding things like ransomware precursors, living-off-the-land attacks, and corporate espionage, but also potentially unwanted programs and policy violations such as video games. The more we find, the more our customers improve their cybersecurity posture. Everybody wins.”

Even if a cyber criminal slightly modifies what has been previously allow listed, CYDEF’s technology flags that as needing to be reviewed again. For example, if a criminal got into a network and modified a file so that when a user clicks on it, it opens the PDF document, but also simultaneously downloads another file from the web, that secondary and unexpected activity would be brought to the forefront for priority investigation by an analyst. At that point, emergency containment can be performed.

This combination of people, process, and technology ensures that 100% of telemetry is reviewed by humans – an unprecedented accomplishment in the cybersecurity world.

The solution is so effective, that after only three years in operation, one CYDEF threat hunter can perform approximately five times the work of a traditional SOC analyst. And that number is getting bigger.

“It took just over a year to develop the technology and then another year or so of beta testing before we officially launched. Product updates are now all about the user experience for customers and staff,” explained Mark Levine, CYDEF’s Chief Product Officer and Technology Officer. “We’ve stopped doing major releases and have moved to a bi-weekly continuous improvement cycle. The product works and it scales extremely well.”

“The global IT staffing shortage doesn’t impact us as much because our tech is specifically built to make a threat hunter’s job much easier and more efficient. The process is repeatable and teachable, which is even more impactful for our partners looking to boost their local economies rather than outsourcing tech jobs,” said Elana Graham, CD, PEng, MBA, CYDEF’s Chief Operating Officer and co-founder. “And unlike our competitors, as we scale, our threat hunting solution becomes more efficient, not less. One day, we expect our analysts to be able to perform the work of 10 or 20 traditional SOC analysts.”

“CYDEF is also unique because we enable IT companies to break into the cybersecurity market,” said Ameen Sait, Chief Revenue Officer at CYDEF. “Our model empowers partners to move away from a break/fix model to a subscription-based model, without any up-front costs or additional resources. We now have partners, including three distributors, selling our solution in ten countries on five continents.”

CYDEF addresses yet another major problem: Reverse engineering of security software.

A common method criminals use to bypass cybersecurity software involves signing up for product demos, downloading the security software to an isolated computer, and then disconnecting the internet while they figure out how to bypass the software. Once they get in, they launch an attack – often working together in cyber crime rings to maximize the damage.

CYDEF’s solution differs in this manner because the software that is installed on endpoints (computers, desktops, and laptops) serves only to collect the data. All processing is done on the cloud. If a device is offline for any period of time, the telemetry is still collected and held in a queue. Once a connection is re-established, the telemetry is shipped to our Azure servers and gets investigated by our threat hunters as usual.

Additionally, the CYDEF solution is much more transparent than what other cyber vendors can afford. The software is proprietary, but the secret sauce is not in thwarting cyber criminals, it’s in making analysts more productive and effective at their jobs. Our patents-pending Stack View is a method of organizing and viewing data. We demonstrate it openly to anyone who wants to see it. We have even created a way for customers to verify our work and ensure we’ve done what we promised.

“Unfortunately, there is a serious lack of transparency in cyber,” said Steve Rainville, Chief Executive Officer at CYDEF, who has worked in the industry for over 20 years. “We’ve heard for years that cybersecurity companies are ‘selling smoke and mirrors.’ But providers can’t compete if they share too much about their proprietary technology, which would also expose them to further attacks. They keep closely guarded secrets to stay in business. But cyber criminals don’t have that problem, so they work together, joining forces and sharing critical information among themselves.”

“When I learned about CYDEF’s approach, I knew I wanted to be involved. This patent is one more stamp of approval, confirming what we already know,” added Rainville. “It’s a game-changer.”


CYDEF has revolutionized cybersecurity by developing a “threat hunting first” approach to detection and response.

Our solution uses a systematic process, along with machine learning, to generate a list of allowable, acceptable behaviors. This is done through application and process behavioral analytics. Any process that has not been previously added to the allow list gets investigated by our threat hunters and is either added to the list or deemed malicious. Since ours is a managed service, our customers only hear from us when action is required, which means we have near-zero false positives.

The result is a managed detection and response solution that is simple, transparent, affordable, and scalable – it gets more efficient with every device we protect.

CYDEF is proudly Canadian. We’re dedicated providing clarity into cyber health because everyone should feel safe to do business online. For more information, visit