New advances in cyber-security are realistically legacy approaches whereby they rely on knowing who we’re protecting against and defending the perimeter from them. Orton highlighted that this approach is the same as building a moat around a Tuscan Castle: it’s not sufficient to protect us against modern techniques of infiltration. The issue today is that networks are too large and interconnected – there’s simply too many in-roads into a network for the ‘walled off’ style approach to be sustainable – as such, Darktrace are trying something different. The standard dogma of cybersecurity is that threats can be kept outside of the network. This has meant that the bulk of effort in the security sector and the IT industry at large, is based on the simplistic idea that we can just keep the bad guys out. However, this worldview historically hasn’t adjusted for defence against actors within the network itself.
Darktrace, while grounded in the heady mathematics of Machine Learning and Bayesian Probability Theory has taken inspiration from the Life Sciences. Specifically, in the way the Immune System operates. Our surface barrier, the skin, protects us from pathogens and foreign bodies. The ability to venture out into the world without fear of contracting an infection through simple contact is not something many are concerned about, and this is down to the efficacy of this barrier. However, the skin on its own is insufficient to produce a robust defence of the host – internal security mechanisms must be active. So, with this ‘bioinspiration’, Darktrace aims to catch anomalies from within the network, in what they term the ‘Enterprise Immune System’.
Machine Learning allows an enterprise to be alerted to unusual behaviour that would have previously gone unnoticed such as an insider syphoning off files, especially if that user isn’t already on some comprehensive watchlist. But Darktrace aren’t typically bumping up against malicious agents infiltrating some enterprise, interestingly much of their work in this context has to do with a technological naivety found in employees and their regard for basic data security. Orton pointed to a few groan-worthy examples of everyday behaviour that would stump security in the traditional paradigm: “We had a user sending massive files using iMessage because he couldn’t get them out. His company was so locked down. From what we could see he wasn’t malicious, he just wanted to get his work done. We’ve had game developers sending source code back on their Gmail accounts, these aren’t people that are trying to take the company down, again they’re just trying to do their work. Sometimes people just make mistakes, we’re seeing ransomware cases every week, and that’s always someone who clicked on links. And those phishing attacks are getting better and better”
There’s a general resignation in cybersecurity that as the creation of new threats occurs, awareness of those threats lags significantly. Orton noted that threats like polymorphic malware, are particularly problematic because they won’t appear in the security blogs until the malware has already undergone several ‘iterations’. The importance of automation now comes to the fore: action has to be taken in real time. The days of pushing software patches on the order of months after an infiltration are over.
It’s not simply in the defence of the network that Darktrace is applying their knowhow. Darktrace has proven to be an effective counter-puncher and bring to life the Immune System analogy with the company’s Antigena. This is an algorithm based counterstrike service that can intercept malicious actions before they can damage your core infrastructure and data. The cool thing about this is that, in essence, it’s the first time machine learning is responding to threats as opposed to just passive detection. As Orton intimated, “We now have a portion of our customers that love the machine learning so much, and have seen it in practice, that they trust that machine to take action on their behalf.” This highlights a larger point that there’s simply too many threats, and even with a 24/7 security team – there’s a capacity to what humans can deal with, and the volume of threats becomes an unmanageable problem when it comes to protecting your assets. She touched on the idea that automated cyber warfare is a likely reality, with automated hackers, tackling AI defence systems. But there’s an advantage to being on the defensive side, being proactive and assuming there will be attempts at infiltration: by learning everything you can about your network, you know the battlefield better than any attacker.