A company called Darktrace has launched what it calls “a ground-breaking new product that uses machine learning to allow networks to automatically self-defend”.
Darktrace Antigena spots and inoculates against unknown threats, as they germinate within organizations in real time, according to the company.
In this exclusive interview, Dave Palmer, director of technology at Darktrace, tells Robotics and Automation News that artificial intelligence, specifically machine learning, will become a central component of cybersecurity strategies going forward.
R&AN: Are AI and machine learning systems the way things are going in cybersecurity?
Dave Palmer: Yes, machine learning is going to be at the heart of this new era in cyber defence. Today, threats are more diverse and sophisticated than ever before; whether socially engineered on the inside or silently gaining entry from the outside, criminal groups are harnessing the power of machines to deliver their attacks. Hence we need to use machines to fight back and machine learning is a critical part of this.
Unlike legacy security products, Darktrace is powered by unsupervised self-learning technology developed by specialists from the University of Cambridge.
This innovative approach means Darktrace can model the ‘pattern of life’ of every device, user and system in a network and identify when behaviour deviates from the norm. It does this with no prior knowledge of rules and signatures, so can identify completely unknown threats as they arise.
No other solution can do this, even those that claim to use machine learning still require some degree of human input and, as such, are not as powerful.
Antigena is centered around the same machine learning principles, but goes further to actively defend against threats. It executes appropriate action to slow down and neutralise anomalous behaviours faster than humanly possible.
Just as your immune system releases antibodies to precisely target the cut on your finger, Antigena directly attends to abnormal – and potentially dangerous – digital activity. Other security systems may implement extensive restrictions which can be frustrating for users and detrimental to daily business operations.
R&AN: How can people feel comfortable taking a risk in buying Darktrace Antigena?
Palmer: Antigena is the latest technology developed from the University of Cambridge’s Research and Development experts. It extends customers’ ability to not only detect threats using the Enterprise Immune System, but effectively respond to them too.
Let’s say Darktrace detected anomalous behavior, which uncovers that a bored employee has started browsing around and stumbles across back-up emails on a drive. You don’t want to fire that person, but you do want to take some action. Antigena may decide to slow down the user’s connections.
If that user starts waiting and doing it again – then Antigena will learn that the user is not just casually browsing. They are persistent. Antigena may then prevent the employee from seeing those PSTs. He gets blocked from the file share.
If that user continues by trying to gain access via other machines, Antigena knows that they are a threat.
Antigena may go through several cycles of response and feedback, before a human intervenes – it gets there faster, and mitigates risk before a security analyst can give it their attention.
R&AN: Give us some real-world threats that your solution may have been able to stop or mitigate.
Palmer: Darktrace continually detects threat that get past traditional tools. The system was developed by mathematicians from the University of Cambridge and experts from British intelligence services, GCHQ and MI5.
Professor Bill Fitzgerald was a particularly influential academic behind Darktrace. His extensive knowledge of Bayesian mathematics and probability theory allowed us to apply it to cyber security in a truly innovative way. Combined with UK intelligence expertise, including valuable insights into the scale and sophistication of the threat and what is necessary to combat it, the immune system idea was borne.
We acknowledged the inevitability of being hacked by something brand new and believed self-learning mathematical approaches could be the answer.
The self-learning capability on the probability theory means we can take on many different mathematical approaches that work across all kinds of sectors from chocolate factories to law firms.
We have lots of examples demonstrating how our technology has discovered a range of threats. For example, within a power utility provider in APAC, Darktrace detected that a considerable mix of sensitive internal files were being exfiltrated to a home broadband router via seemingly innocuous connections.
The threats we see today are very diverse as more operations become automated at a terrific rate, so fast we are unable to foresee potential implications beyond mere theft of personal data. A particularly topical case is one involving fingerprint hacking, last month a hacker discovered connectivity between door access systems in a company building.
They were able to upload their own software and use their own fingerprints to gain physical access. As Darktrace can be used to detect threats in any size enterprise, in any sector it has the potential to mitigate all kinds of breach implications.
R&AN: You use the concept of the human immune system as a way to explain what machine learning solution does. But what place do humans have in the picture?
Palmer: Humans remain essential. Antigena by no means makes security teams redundant. The role of Antigena is to get there first and take measured action to mitigate risks, before the human arrives on the scene. Defenders will always be a critical part of enterprise security, but they will never be able to react at machine speeds.
As attacks move faster, we need defences that can fight back at machine speed. With Antigena security analysts have the opportunity to prioritse their time more effectively and have a much greater impact on managing overall risk to the business.
Further automation is essential to address today’s cyber challenge as a large amount of the resources invested in enterprise security are used to imagine future attacks and create monitoring systems in networks or SIEMs capable of detecting the attacks.
Darktrace performs this function automatically so that human resources can be better invested into responding to attacks when they occur, and then improving the protective defences to stop the attacks happening again.
R&AN: Are all of Darktrace’s solutions machine learning products?
Palmer: Yes, all of Darktrace technology is powered by machine learning and mathematical algorithms, and we are always interested in applying them in transformative ways to aid defenders.
The explosion in complexity and connectivity of modern businesses isn’t going to slow down and so our research is looking at all emerging concepts like smart cities, IoT, connected vehicles and transport and the future of wearables and data interaction.