Fast Company SA - September 2016

Page 39

Charities handles the medical and financial records of more than 54 000 people each year. Of all the cybersecurity systems—including firewalls and antivirus software— that the non-profit had in place to shield those sensitive documents, only one flagged the intrusion. The security breach was detected by the flagship product created by Darktrace, a UK–based cybersecurity company founded in 2013. Just days before the malware attack, Catholic Charities had begun testing Darktrace’s pioneering new technology, the enterprise immune system (EIS). Modelled after the human body’s immune system, the EIS embeds in a computer network and learns what behaviour is considered normal for that system. It can then spot suspicious activity and even work to slow an attack, just as the human immune system releases antibodies at the first sign of invasive cells. Darktrace’s immunity approach represents a compelling new take on cybersecurity. The $75-billion (R1.1-trillion) industry is under mounting pressure to evolve beyond traditional methods as dated systems have failed to prevent high-profile hacks on major businesses. With attackers increasingly relying on fast-moving algorithms to carry out highly sophisticated security breaches—such as those that have recently compromised major universities and hospitals in the US—Darktrace is responding in kind, creating complex formulas that allow machines to continuously scan entire networks and register anomalies that other advanced systems may overlook. Its technology, built in part by former members of the British Intelligence Agencies MI5 and GCHQ, is intended to support— and enhance—existing systems. Where most cybersecurity companies focus on teaching their technology to recognise the digital footprints of malware (which can quickly become outdated as

S E L F - DE F E NCE How Darktrace halts a hypothetical ransomware attack BREACH An HR employee opens an attachment believing it is a CV. His computer connects to a server in Eastern Europe; ransomware begins encrypting files.

RECOGNITION The EIS spots an anomaly: No device in the company’s network has ever connected with this server.

REACTION As ransomware encrypts documents, Darktrace flags the employee’s computer for accessing so many files.

RESPONSE Antigena, Darktrace’s system for slowing attacks, limits the number of files the employee’s computer can open and blocks its access to shared folders and corporate email.

NOTIFICATION Within a half-hour of the breach, a Darktrace analyst sees the activity and tells the company to remove the computer from the network. Some of the computer’s files have been compromised, but the ransomware did not spread through the network.

new attacks emerge) or building firewalls to block intruders, Darktrace takes a more handsoff approach. Rather than rely on humans to feed them specific examples of suspicious behaviour, its algorithms train themselves to find abnormalities—a technique that’s known as unsupervised machine learning. “The concept of Darktrace says that [as attacks become more sophisticated] you’re not going to be able to keep the bad stuff out,” says Vanessa Colomar, a member of Darktrace’s board of directors. It’s far more effective to figure out how to stop attackers once they’re in. CEO Nicole Eagan says the EIS has been deployed in more than 1 000 networks worldwide, with clients ranging from a two-person hedge fund to a global bank. Once the hour-long installation is complete, the EIS searches for new threats while also examining the network for existing breaches. “Within the first and second weeks, we find things out of the ordinary in about 80% of the Fortune 500s we’re deployed in,” says Eagan. “It’s things their legacy tools totally missed.” That success has helped accelerate the three-year-old company’s growth. Of the businesses that have registered for its 30-day free trial, about two-thirds have become paying customers. The company, valued at $100 million (R1.4 billion), now has 20 offices, including outposts in New York, Hong Kong, Warsaw and Milan. Darktrace’s use of unsupervised machine learning comes with certain benefits: Since there are no assumed rules about what a hack looks like, attackers can’t simply tweak their code to dupe the system. And since the EIS operates as an observer, there’s no barrier that hackers could try to disable. “What we’re really passionate about is that there’s no one algorithm that rules them all,” says Dave Palmer, Darktrace’s

director of technology. “We’ve got a dozen different machine-learning techniques, all fighting to be the best representation for your specific setup.” (See sidebar for an example.) Not everyone agrees that unsupervised machine learning is the best approach to cybersecurity. Supervised learning—the technique used by antispam filters, in which algorithms are taught to discern between junk mail and the real thing—can help eliminate false positives that sometimes result when an unsupervised system reacts to a routine change within a network. (For example, an algorithm may notice that data is suddenly being transferred to Dropbox and flag it as a security violation, when in fact the company just added Dropbox as an official storage tool.) Avoiding such confusion is why some security companies take a hybrid approach of supervised and unsupervised machine learning. PatternEx, which launched in February, uses unsupervised learning to scan for abnormalities, then presents its data to a human analyst to distinguish true attacks from false positives. In a recent study, researchers from PatternEx and MIT found the system caught 85% of attacks, while delivering fewer false alarms than unsupervised learning alone. There hasn’t been a similar lab study completed on Darktrace, though Eagan says her system—despite being totally unsupervised— typically generates five to 10 alerts per client per week. Eric Ogren, a senior analyst at IT advisory firm 451 Research, says that most businesses will likely opt for the headache of false positives if it means a more secure network. “What’s the bigger risk: that you chase down a false positive, or that someone makes off with your customer data?” he asks. “I think that within five years, unsupervised machine learning is going to be driving security architecture.”

SEPTEMBER 2016  FASTCOMPANY.CO.Z A   37


Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.