Immune system: How Darktrace’s Artificial Intelligence combats cyber attacks

Immune system: How Darktrace’s Artificial Intelligence combats cyber attacks

2016 was a huge year for technological advancement and innovation. But for every leap we’ve made, there is a corresponding hurdle. 2016 was also the year for cyber attacks unprecedented in scale and scope. It was the year where Australia had its largest data breach, there have been serious allegations made against Russia about affecting the outcome US election and a major banking organisation had $81 million dollars stolen through a cyber heist. What these events have demonstrated is that, in the words of Adrian Nish, Head of Threat Intelligence for Bae Systems, ‘The trend is moving from opportunistic crime to Hollywood-scale attacks.’

But it’s not all doom and gloom. Organisations are realising that they need to be making cyber security a key priority. It’s not enough to be responsive, business must be proactive and innovative creating systems that can anticipate activity, rather than attempting to deal with the fallout in a piecemeal manner.

Darktrace is one such company. Described as a world leader in cybersecurity, they are harnessing Artificial Intelligence to stay ahead of cyber attackers. We had a chat with Darktrace’s Chief Executive Officer, Nicole Eagan to tell us how AI is helping turn the tide on cybercrime.

1. Could you tell us a bit about yourself, and your role at Darktrace?

I’m Nicole Eagan, Chief Executive Officer at Darktrace. I am passionate about technological innovation and helping companies who have truly novel approaches scale. Based on machine learning and mathematics developed at the University of Cambridge, Darktrace’s Enterprise Immune System offers a fundamentally different approach to cyber defence. As the cyber security landscape continues to evolve, there is high demand for genuine machine learning and AI technology that enables defenders to cope with the increased speed and complexity of threats.

2. Darktrace is described as an ‘Enterprise Immune System technology’ what does that mean exactly?

Every day our bodies are exposed to new bacteria and viruses and while our skin stops most from getting in, some will inevitably get through and infect us. This is where the human immune system comes into play by identifying and killing dangerous pathogens.

Darktrace’s Enterprise Immune System is centered on this analogy and uses advanced mathematics and unsupervised machine learning (i.e. machine learning that does not require any human pre-programming), to defend organisations big and small. Our approach is capable of mapping all digital activity across the network and creates a baseline of what is the ‘pattern of life’ for every user, device and network as a whole. In this way, organisations can understand what ‘normal’ looks like for their unique infrastructure and can identify and respond to abnormal behaviour, before damage is done.

3. What do you think are going to be the biggest cyber security challenges businesses will face in the next 10 years?

The Internet of Things Will Become the Internet of Vulnerabilities

Gartner predicts that there will be approximately 21 billion connected ‘things’ by 2020. This explosion in the ‘Internet of Things’ (IoT) will revolutionise the way we do business and bring along with it challenges we cannot yet foresee. The more devices that are connected to the corporate network, the more complex enterprises become, the greater the opportunity for cyber criminals or insiders to wreak havoc.

Non-traditional IT like smart fridges and connected coffee machines offer novel ways in for cyber attackers, but they are overlooked by security teams who lack network visibility and might remain blind to these vulnerabilities.

We only need to reflect on 2016’s Dyn hack, one of the largest Internet blackouts in US history, where hackers took control of various home devices, such as wireless routers, smart TVs and even connected refrigerators to overload the Dyn servers and deny access to many popular sites and internet services including Spotify, Reddit and Twitter.

In one of our customer networks, a videoconferencing unit sitting in a meeting room was compromised and started transmitting audio files to an unknown server in another continent potentially leaking sensitive information. The fact is, these devices are creeping into our everyday lives, sidestepping security and providing an open window. Legacy tools that guard the perimeter and rely on rules and signatures to define and anticipate threats are falling short in the face of highly sophisticated threats both from outside and inside the organisation. The challenge now is for companies to gain full visibility into their networks and protect themselves from ‘unknown unknowns.'

Attackers Will Not Just Steal Data – They Will Change It

Today’s most savvy attackers are moving away from pure data theft or website hacking, to attacks that have a more subtle target – data integrity. Attackers will use their ability to hack information systems, not only for financial gain, but to cause long-term, reputational damage to individuals or groups, by eroding trust in the data itself.

The scenario is particularly worrying for industries that rely heavily on public confidence. A laboratory that cannot vouch for the fidelity of medical test results, or a bank that has had account balances tampered with, are examples of organisations at particular risk. Governments may also fall foul of such attacks, as critical data repositories are altered, and public distrust in national institutions rises.  

We should expect to see a shift towards attacks that interfere with strategic business decision making. Oil and gas firms are often cited as targets for hacktivists that might wish to, for instance, turn off an oil rig. But what if they could have smart malware hidden in the geophysical survey databases which changes the underlying data, so that the multimillion pound drilling rights are bought in the wrong places and many oil rigs come up drier than expected?

Attackers could target the ocean sensors (Internet of Things) that are collecting the data in the first place, so they are still able to influence the decisions right from the start of the ‘information supply chain’. This is just one example, but can be applied to any business that makes strategic decisions based on data e.g. finance.

4. To date, what is the biggest security threat you’ve dealt with?

Darktrace have now detected over 27,000 serious cyber incidents across all industries from energy to education. The Enterprise Immune System can flag genuine threats at their nascent stages, before they become a big problem. The diversity of threats is constantly increasing. For example, an Asian manufacturing company installed fingerprint scanners to restrict access to their machinery and industrial plants. After deploying the Enterprise Immune System, we observed unusual connections to and from one of the biometric scanners, and upon investigation, we saw that an external party had compromised the scanner, through software vulnerabilities on the main network.

The attackers downloaded the fingerprints and added new data – quite possibly their own fingerprints. This is extremely serious because it meant that the attackers were well on their way to gaining physical access to the company’s site. No signature existed for this type of breach and it went unchecked by legacy controls. Fortunately, our Enterprise Immune System was able to detect it before any catastrophic damage occurred.

5. In the article Cyber security and AI inspired by the human body President Obama stated:

‘If you've got a computer that can play Go, a pretty complicated game with a lot of variations, then developing an algorithm that lets you maximise profits on the New York Stock Exchange is probably within sight.’

How can businesses harness this same technology to prevent these crimes?  

The bottom line must be that we cannot continue with the security status quo, when the rules have changed. The threat is inside the network.

New machine learning technology and advanced mathematics can effectively ‘self-learn’ normal behaviours and identify abnormal activity, without relying on the rules and signatures of pre-categorised threats.

Fundamentally, the hard thing about being a defender is dealing with the complexity of all your unique people and their unique ways of working with increasing amounts of technology and in a sophisticated threat environment. As machine learning assists us in understanding all of these people and behaviours in a really detailed and complex way, it will become very hard for attackers to ‘slip in unnoticed.'

6. What do organisations need to do to meet the demands?

Organisations must understand that the modern cyber threat landscape is ever-evolving and attacks are very unpredictable. Legacy approaches to cyber security are outdated – build higher walls and threat actors will answer with even taller ladders. It is therefore impossible to ensure a fully secured perimeter.

Instead of focusing on protecting the border, organisations must already assume that data has been breached. Leveraging ‘self-learning’ technology will allow organisations to detect new forms of cyber-attacks that are intelligent enough to bypass perimeter defences and quietly hide inside networks. This is Darktrace’s approach.

7. Are you terrified or hopeful for the future?

Our future is definitely an exciting one, with technology becoming more and more integral to our workplace and homes. Just like the advent of self-driving cars, the advent of self-defending networks that inoculate themselves against threats will truly deliver on the promise of AI. This is the true power of unsupervised machine learning.

If you would like to know more about how AI and how it’s being used in cyber security, Darktrace’s Managing Director, Asia Pacific, Sanjay Aurora, will be leading a discussion on The Enterprise Immune System: Using machine learning for next generation cyber defence at CeBIT Australia’s 2017 Cybersecurity conference. To make sure you catch it, secure your spot now.

Register your interest in CeBIT 2018