Note to self: don’t shop at Target; don’t sell on EBay; avoid Sony Entertainment; and change insurance from Anthem to Blue Shield.
Most of us do not stay awake nights worrying about security attacks, unless you were a personal part of the major cyber security attacks recently taking place at these super-sized enterprises. Such a regular flow of headlines about new breaches should be sufficient information to tell us that something needs to be done. Even if you are not personally sleepless.
Of course, we are concerned. It might have been our information at EBay or Target. But what’s a user to do? There is a growing concern that hackers are growing in the sophistication of their attacks while the defenders are falling behind, perhaps needing to consider a different approach.
Founded by spies and mathematicians, a cyber security firm in Great Britain has taken a very non-typical approach, says a Washington Post article posted February 15, 2015, the very day a very large breach at Anthem Insurance was uncovered. Darktrace, set to open its U.S. headquarters in the Washington region this month, is literally thinking outside the computer box. That can best be understood by first knowing how the current model works.
Currently, cyber security companies maintain a shared catalogue of all known threats. The perimeter of each device or network is protected to keep hackers out. When that threat comes to your system, the catalogue identifies it and prevents entry. It is a very simple matter of securing the box by knowing the threats that exist.
But when a sophisticated attacker develops a new strain of malware targeted at your business, the model stutters. Is there sufficient time between discovery of the problem and deployment of protection to ensure minimal growth of the virus? Both the devastating Anthem attack, and the earlier humiliating attack against Sony Entertainment, used unknown methods taking advantage of unknown weak spots in the system. These were attacks that got by the system of protection because the system had a blind spot of ignorance.
The Economist puts succinctly the new paradigm of cyber security by saying that “Darktrace learns what is normal and spots when something is amiss.” That may sound too obvious. One of those “easy to say, difficult to do” types of ideas. Is it truly realistic?
In fact, Darktrace is based on a very successful model – the human immunological system. Our body is filled with information (DNA) which needs to be protected against viruses alien to human life. When a virus comes to the body, the immune system already has a clear picture of what the body is, so that the attacker is seen as an anomaly and is automatically attacked by defense cells. The starting point is to have an accurate knowledge of the body itself. A model of self defense.
Darktrace is self-learning software that develops a clear picture of self by modeling every device, user and network in the system. With this benchmark information as the norm, the cyber security intrusion becomes an event outside the norm, not a part of self. The intrusion is easily identified and quickly stopped before it gains full access to the system. Cyber security is preserved at the highest level by identifying the enemy as against the normal self, making true self defense.
As you might imagine this sophisticated cyber security software was developed by a large spectrum of cooperation both of government and science. Cambridge machine-learning specialists and cyber intelligence experts from British GCHQ and MI5 were a part of the team that developed the software designed to get ahead of an attack instead of cleaning up after the fact. Using algorithms developed by mathematicians, Draktrace’s Enterprise Immune System mimics the behavior of the human immune system.
The software paints a picture of the company’s routine operations, from the time of day employees usually come to work, to the files they work with and whether they are using their mobile device or a workstation. Once there is data for establishing the benchmark of what is normal, the unusual will stand out. So, a device trying to access an out-of-the-ordinary amount of data, or trying to connect with too many external devices becomes a warning of an intruder to the system.
For the sake of cyber security, fewer business breaches compromising your personal data, and the overall health of the Internet, the new paradigm represented by Darktrace is promising.