Business needs AI defence against AI attacks, says Darktrace

Cyber attackers are turning to machine learning to create smarter attacks and defenders will require similar technology to detect them, warns Darktrace

The world is entering a new era of cyber attacks in which the integrity of data is at risk, according to Emily Orton, director of UK information security startup Darktrace.

“These attacks on trust are silent and stealthy because the manipulation of data such as medical or financial data can be difficult to detect,” she told the Eema ISSE 2016 security conference in Paris.

Added to this, Darktrace is seeing increased usage of artificial intelligence (AI) by attackers to enable highly customised attacks that can be detected only if the defenders are also using AI, said Orton.

In India, Darktrace discovered an AI-enabled attack that was designed to monitor user behaviour and then emulate that to avoid detection.

“These are really clever attacks and defenders need to have a similar AI capability to detect them,” said Orton. However, she believes that defenders can do far more with AI than attackers.

“If a defender already has AI in place and have a refined understanding of what is happening on their network, then they will be one step ahead of attackers and will be able to detect this kind of attack before any real harm can be done,” she said.

Darktrace’s threat-detection and machine-learning capabilities are based entirely on mathematical models, which enable the detection of previously unknown threats that would not be caught by traditional security control systems.

“This approach enables organisations to spot malicious activity or risky behaviour when there is no way of pre-empting it,” said Orton.

Darktrace Enterprise Immune System

The company’s Enterprise Immune System is modelled on the human immune system and is designed to address the challenge of insider threat and advanced cyber attacks by detecting anomalous behaviour. 

The system focuses only on learning from the behaviours of people and systems in the business rather than on algorithms that look for known types of attacks.

According to Orton, a high proportion of data breaches are linked to insider behaviour, but this is purposefully malicious in very few cases.

She cited as an example an electronic games company, where intellectual property data was being sent outside the company on a regular basis.

“Darktrace detected the data transfers and identified the source as a PC belonging to a particular developer, but it turned out he was sending code to a personal server so he could work on it at home.

“We see this all the time, where employees are unintentionally or unknowingly exposing their organisations to risk,” said Orton.

Read more about artificial intelligence

Darktrace, which hopes to lead the way in cyber security automation based on AI, is designed to complement traditional security systems by working on the assumption that networks will be breached, that applications will be compromised and that users will expose their organisations to risk.  

Continuing the human immune system analogy, Darktrace Antigena is designed to replicate the function of antibodies that identify and neutralise bacteria and viruses. As the Darktrace Enterprise Immune System detects a threat, the Antigena modules are designed to act as an additional defence capability that automatically neutralises those threats without requiring human intervention.

“Antigena is aimed at enabling a self-defending network that understands threats and generates precise, proportionate responses,” said Orton.

“This means it can do a lot of the heavy lifting for security teams, which gives them time to catch up and focus on more strategic issues,” she said.

Darktrace consider Antigena and other automatic self-defence systems as being the start of a transition out of legacy system based on a traditional approach to security.

Read more on Hackers and cybercrime prevention