Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Sunday, 28 May, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

How behaviour-learning machines will enable business

by The Gurus
February 25, 2015
in This Week's Gurus
Share on FacebookShare on Twitter

Last month 12 UK-based security firms travelled with Prime Minister David Cameron in his cyber riddled trip to the White House.
Among that number was Darktrace, a company who I met a few weeks later from briefing the PM on current issues. At the time, Darktrace CEO Nicole Eagan, said that there is a global demand for Darktrace’s Enterprise Immune System approach to address the increasing challenges faced by companies.”
Naturally the company said that “traditional methods of security are no longer enough” and it was time for a new machine learning approach that can identify cyber incidents in real time before they turn into a crisis. The company has won major customers and partners, including consultancy CNS Group, as part of its expansion.
Meeting with Dave Palmer, director of technology at Darktrace, said that the Cameron opportunity came as one “to change the way we think about security as prevention alone is not enough”.
The company’s offering is its Darktrace Cyber Intelligence Platform (DCIP), which analyses all information inside the network and adaptively learns the normal patterns for every user, each device and the enterprise as a whole.
This gives it the capability to detect behavioural anomalies, such as activity on a data-sensitive area of the network or unexpected decryption, which have not previously been recognised, in real time. Palmer said that you can have a system built to deal with complexity and know what is normal, and what it is offering is not a new idea, but the change in the threat environment has made the need for this to work in the past few years.
“We need to make it work and need a new system based on power and mathematics,” he said. “It comes from a maths and machine learning perspective. Data is ingested in one second and the immune system doesn’t know what good or bad behaviour is, but it should work in every environment.”
Founded at Christ College at the University of Cambridge, Darktrace has three key groups – the group at the university, a group with experience in enterprise software and a group with experience of intelligence from GCHQ, MI5, NSA and FBI. Palmer said: “Security is not a widget to solve everything, it should be about enabling people.
“Look at SIEM technology, you get it working in a week but it takes years of roll out before you feel the benefit. With the instant adding of tens of thousands of device, there is a need for visibility of an immune system that doesn’t care about anti-virus or mobile device management.”
He explained that DCIP is a SaaS product in appliance form that is “dropped into the right places on a network” that runs locally. “When I am out of the office, I don’t need to send huge volumes of data around, I just send a fingerprint to the place where I currently am,” he said. “You don’t need a giant database, but get it from where it is. The data does stay local but it learns what normal is at a level of detail.”
DCIP works by identifying characteristics on a user, and Palmer said that visibility has been a huge issue for the company and its customers as one company thought that they had 5,000 connected devices, but an audit revealed it to be 25,000.
I wanted to understand more about the concept of maths being used in this technology. Palmer said that it is completely anomaly based that it is unexpected to verify what is going on in the business, and have insight into what is not normal.
He said: “We talk a lot about changing and the reason is effectively our proposition is enterprises are getting too complex where you cannot have support. What we need is decision support and with the level of complexity we are talking about, it is huge.
“If you have 100,000 people in an organisation, we say estimate five devices per person so there is 500,000 machines and 100,000 people and that 600,000 things you need to worry about – and they are all doing something different. I don’t care how big your security team is, it is like trying to paint the Forth Bridge if you want to work through all the rules and compliance.
“So you have got to rely on the maths and machine learning to get into it and that is starting to get into our everyday life now. We take 350 behaviours from the network communications that come through and that is 350 attributes for everything and some are completely factual and some are completely inferred, but there are some clues and some things count and you learn the patterns of the sequences of actions.”
Palmer said that with the characteristics some are good for people and some good for machines, but both have weaknesses too, so what makes DCIP work is the individual learning of what works and it can flag what is a genuine concern. “We don’t get false positives with anti-virus and firewalls, this isn’t a ‘it was bad but we stopped it’, no matter the alert it is the matter of the ecosystem,” he said.
The company, formed in 2012 and pushing products for 18 months now, are growing steadily with around 60 full time employees. Palmer said that as a new company it has plenty to do, and on top of its core offering it is “not finished” and it “wants to be on the cutting edge” and its expansion will rely on the concept of new types of data that it can learn and react to.
 
Dave Palmer, director of technology at Darktrace, was talking to Dan Raywood

FacebookTweetLinkedIn
ShareTweet
Previous Post

Gemalto confirms NSA and GCHQ infiltration, but no major theft of SIM keys

Next Post

European agencies take down Ramnit C&C servers

Recent News

SnapDragon Monitoring scam advice

Tips to Protect Against Holiday and Airline Scams

May 25, 2023
Access Segmentation & Encryption Management from MyCena

New security model launched to eliminate 95% of cyber breaches

May 25, 2023
KnowBe4 Helps Organisations Battle QR Code Phishing Attacks With New Tool

KnowBe4 Helps Organisations Battle QR Code Phishing Attacks With New Tool

May 25, 2023
Purple Logo, capitalised letters: SALT.

Salt Security Uncovers API Security Flaws in Expo Framework, Issues have been Remediated

May 24, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information