Ready for Transfer

ORNL’s Akatosh Cybersecurity Tool

Dept. of Energy

Technology: Akatosh—Automated Cyber Incident Verification and Impact Analysis Tool

Opportunity: ORNL’s Akatosh security analysis tool is available for organizations to license and/or pilot.

Details: ORNL researchers have created Akatosh, a security analysis tool that keeps track of hosts on your network and coordinates with existing intrusion detection systems (IDSs) while aiding analysts when an attack occurs. Akatosh takes periodic full-memory snapshots of all host systems on the network during normal activity to establish a baseline reference that is used to quickly find what changed during the time leading up to a security breach as well as when it is occurring. Additionally, Akatosh takes a snapshot immediately upon receiving a high-priority IDS alert and uses this snapshot to determine exactly what changed on the affected host that triggered the original alert. These changes are automatically documented, and a report is sent to the network administrator. Akatosh accounts for the fallible nature of IDSs by providing a concise summary of all host changes to the analyst for review.

To learn more about the Akatosh tech, view this brief video:

Benefits: Akatosh enables network administrators and analysts to quickly and efficiently determine the validity of an IDS alert. The host snapshots enable Akatosh to catalog changes and only display the relevant, salient data to the analyst. Akatosh reduces the cost and time of incident response, and enables an organization to maintain awareness of the state of its hosts at any given time and rapidly mitigate threats as they hit the network.

Potential Applications:

  • Defense against malware and cyberattacks
  • Automating forensic analysis
  • General IT problem solving with use of historical data

Contact: For more information about Akatosh, contact David L. Sims at

To view the original ORNL marketing sheet for the Akatosh technology, visit