Case study: Norwegian insurer invests in Darktrace machine-learning cyber defence

Shipping insurance company DNK hopes to inspire the rest of the shipping industry to adopt Darktrace’s cyber defence system

This article can also be found in the Premium Editorial Download: CW Europe: CW Europe - April 2015 Edition

Founded in 1935, the Norwegian shipowners' mutual war risks association, DNK, is a members' own company, which insures interests attached to vessels, drilling rigs and similar movable units.

“We insure all Norwegian ship owners, but only against war, terrorism and piracy,” says DNK managing director Svein Ringbakken.

DNK has 460 members and insures more than 3,000 ships and offshore units to a value of $218bn. It has 13 employees, one of whom is responsible for IT. All IT operations are outsourced to Intility.

“Last year, we started to discuss implementing an IT security system that follows what happens in our systems in real time. We already had the conventional IT security products, like anti-malware, but wanted something more sophisticated,” says Ringbakken.

He and his colleagues started to look around at what was available on the market. They took a fancy to cyber defence company Darktrace.

“Darktrace uses a new sort of machine-learning technology, and we felt that we wanted to be in on this new generation of cyber defence. We did not want technology that depends on looking up things in catalogues – we did not want to define in advance what we're looking for or make assumptions on what threats might be out there,” says Ringbakken.

Self-learning threat detection

UK-headquartered Darktrace’s cyber defence system is based on Bayesian mathematics. Developed at the University of Cambridge, it is called Enterprise Immune System technology. The ambition is to address the challenge of insider threat and advanced cyber attacks through detecting previously unidentified threats in real time, as manifested in the emerging behaviour of the network, devices and individuals.

We have no illusions about being able to stop an attacker from getting into our systems. What we want is to know if someone gets in

Svein Ringbakken, DNK

“Our business is controlling risk, and we have no illusions about being able to stop an attacker from getting into our systems. What we want is to know if someone gets in,” says Ringbakken.

He and his colleagues saw a presentation of Darktrace’s technology, which delivers total, real-time visibility to the customer of all its digital interactions and communications, and decided to try it out.

“We liked the Darktrace system and the fact that it is highly scalable. We are a small company and Darktrace is affordable to us,” says Ringbakken. But neither DNK nor Darktrace are willing to disclose how big the monthly fee is. The free, one-month proof of value period started in December 2014.

“After a couple of weeks the system had learned the behaviours in our network and we started to get reports. We liked how it worked and decided to stick with Darktrace. I intuitively feel that technology working as a self-learning immune system is the right way to do cyber defence, and I also think it is the way the industry is heading,” he says.

Setting up the cyber defence system

Darktrace’s cyber defence consists of both hardware and software, implemented in the intersection between DNK and its IT outsourcing partner Intility, according to Ringbakken.

Read more about insider threat

  • Quocirca looks at the challenges faced by organisations when it comes to insider threats and the protection of sensitive information.
  • The threat to an organisation’s data security from within its workforce requires a considered and objective approach.
  • Malicious insiders pose a clear threat to enterprise information security, but non-malicious insiders can be equally dangerous, says industry expert.

“It is a box that registers all traffic in our systems. Our IT man handled the implementation, which was really simple. He had to do some work with our outsourcing partner, but it only took about a day before we were up and running,” he says.

If Darktrace’s application does not detect any emerging anomalous or suspicious behaviours, it produces a report once a week. And if something out of the ordinary is detected it alerts us straight away.

“We have had a handful of alerts so far – for small things like PCs turning on at unusual times, or an unusual amount of traffic between a PC and a server. Darktrace’s application does not try to stop anything, it only alerts, and then we contact Darktrace for advice on how to handle the incident.”

The user interface is easy to understand and resembles a computer game, according to Ringbakken.

“We get a visual representation of our system and if anything is out of character we can see which computers or users are affected. We can see the data streams and if there is an abnormal amount of traffic between a PC and a server the line between them gets thicker,” he says.

Singing the praises of Darktrace

The biggest benefit of Darktrace’s application, says Ringbakken, is that it gives DNK an understanding of what happens inside the organisation and the ability to detect and act on potential issues at a very early stage.

“We have intellectual property that we want to keep to ourselves, for example risk models. The biggest cyber threat we face is someone getting access to this information,” he says.

Read more about advanced cyber attacks

  • Defending a water purification plant from cyber attacks may sound straightforward, but not when faced with real-world business pressures.
  • The use of crypto-free zones to prevent last-mile network encryption can thwart stealthy advanced attacks that often go undetected.
  • With cyber attacks becoming more sophisticated and widespread, companies must take stronger measures to prevent and tackle them.

DNK sees the implementation of Darktrace’s application as an opportunity to be leading the fight against cyber threats in the shipping industry, according to Ringbakken.

“We tell our members and partners about what we are doing with our new technology and that we think it would be a good business decision for them too to adopt this new generation of cyber defence. We insure against terror and piracy, and there is a potential cyber element in that too.”

Ringbakken does not see any drawbacks with Darktrace’s application – except that it costs money. “But it's worth its price,” he says. “We are very satisfied with what we get. And Darktrace’s application is easy to handle, so it is not a burden for our IT person.”

DNK’s employees do not mind the extra monitoring, according to Ringbakken.

“Darktrace’s application does not mean we gain any extra insight into the contents of the employees’ communications – it only enables us to see the data streams. As a financial institution we already had high demands on IT security and data logs, but when we implemented Darktrace’s application we updated our IT guidelines,” he says

“All employees also got a demo of it. I think that is advisable when you implement this kind of system,” says Ringbakken.

Read more on Web application security

Data Center
Data Management