Darktrace: Cyber Security Software That Learns

By   ISBuzz Team
Writer , Information Security Buzz | Feb 04, 2014 01:49 am PST

UNITED KINGDOM—Some notable computer network experts have joined a cyber security startup for a common reason:  the new company offers software that, its employees boast, could have detected Edward Snowden’s intrusions into those NSA networks he was unauthorized to access.

Based out of Cambridge, UK, Darktrace recently welcomed as its new CEO Andy France, former Deputy Director of the Government Communication Headquarters (GCHQ), or the United Kingdom’s equivalent of the NSA.

France was introduced to Darktrace by the company’s founder, Stephen Huxter, also a former senior figure within the United Kingdom’s cyber security establishment.

France and others were drawn to the startup by its self-proclaimed title of “The world’s first Behavioral Cyber Defense platform.”  Unlike other cyber security companies, Darktrace uses a number of unique algorithms and mathematical models to look for malicious activity in computer networks.

In particular, it uses two algorithms:  Bayesian statistics and Monte Carlo simulation.  The former is a theory of probability that allows computer network experts to build a baseline of a network’s regular activity.  These experts incorporate this referent point into an algorithm which helps the computer use observational evidence to look for abnormal behavior, such as persons like Snowden rifling through sensitive files.

The latter, Monte Carlo simulation, helps network security analysts try to forecast about future uncertainty.  Specifically, it helps them estimate a range of variables, such as an attacker penetrating a secure computer system.  More than that, however, it helps analysts understand how likely is each variable’s outcome.

Darktrace’s software is unique not only because it allows experts to create highly personalized, dynamic network security systems.  Indeed, it is also celebrated as potentially the future of cyber security.

Older paradigms of network security in which sysadmins create firewalls and other barriers to prevent intrusions are outdated.  What is clear in today’s security environment is that penetrations will occur, often without the knowledge of sysadmins.

This new understanding makes Darktrace so important.  Rather than concentrate on blocking unauthorized actors from accessing networks, it presumes that networks will be infiltrated.  It even expects cyber attacks to possess a certain degree of sophistication, including attackers installing malicious software that is not readily detectable by the target network’s security regime.

By using honeypots, or decoy systems that are set up to help analysts learn about ongoing attacks, as well as the mathematical algorithms discussed above, Darktrace is reinventing cyber security to be more adaptable and to be able to deal with attackers once they have infiltrated a network.

This is a welcome development, especially considering the ease with which attackers can forge packets and insert them into traditional intrusion detection systems (IDS), thereby eluding these safeguards altogether.

Given these shortcomings, Darktrace may be the first Behavioral Cyber Defense platform, but it likely will not be the last.

Dave BissonDavid Bisson | @DMBisson

Bio: David is currently a senior at Bard College, where he is studying Political Studies and writing his senior thesis on cyberwar and cross-domain escalation.  He also works at the Hannah Arendt Center for Politics and Humanities at Bard College as an Outreach intern.  Post-graduation, David would like to leverage his extensive journalism experience as well as his interest in computer coding and social media to pursue a career in cyber security, both its practice and policy.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x