The Enterprise Immune System Machine Learning for Cyber Threat Defense Jeff Cornelius, Ph.D.
Company Background • Founded in 2013 in Cambridge, UK
• Bloomberg Business Innovator 2016
• Started by mathematicians and government intelligence specialists
• ‘Security Company of the Year’ at Info Security Global Excellence Awards 2016
• Technology based on machine learning & mathematics
• ‘Best Insider Threat Detection and Solutions’ at Network Products Guide IT World Awards
• HQs in Cambridge, UK & San Francisco • Over 750 customer installations • 20 global locations
• Gartner ‘Cool Vendor’ 2015 • World Economic Forum ‘Technology Pioneer’ 2015
• 500% year-on-year growth
“Darktrace is a game-changer” Virgin Trains
Darktrace Principles
It is impossible to fully secure your enterprise network
Sophisticated threats will always find a way in
Insider threat is as important as external
It is impossible to keep rules & signatures up to date 24/7
Why is the Enterprise Immune System unique? Learns ‘self’ For every individual user, device and network, using unsupervised machine learning
Detects insider & external threats That bypass traditional security tools
Real time Continually identifies anomalies, as they emerge
100% visibility Visualizes entire network, auto-classifies threats and allows for in-depth investigations
Play-back Analyzes and correlates events over time. Ability to replay incidents
Machine Learning & Mathematics • Advanced Bayesian mathematics pioneered at the University of Cambridge • Recursive Bayesian Estimation detects subtle changes within data series in real time and adaptively iterates its models • Numerous approaches used to classify the probability of an action based on previous and emerging behaviors • No ‘a priori’ assumptions about good or bad – mathematical models are unique to your organization • Distribution is built from a complex set of low-level host, network and traffic observations or ‘features’
How Is Darktrace Delivered? • • • • • •
Delivered as an appliance Passive tap into your network Automatically learns ‘normal’ for all devices, users and the network Interface accessed via web browser Results from day one No set-up
Installs in just 1 hour
Darktrace in your Security Stack
Technology Architecture
Case Study: Drax Industry • Energy & utilities Challenge • Drax is part of critical national infrastructure • Defence for corporate & production environments required • Concerned about insider threat • Needed protection about advanced threats Benefits • Detected threats that had bypassed other security tools • Added Industrial Immune System to monitor Industrial Control Systems • Continual monitoring of networks & anomalies • Ability to investigate and mitigate threats in real time
“Darktrace’s technology has identified threats with the potential to disrupt our systems” Martin Sloan, Head of Safety & Security Drax
Conclusion • Enterprise Immune System is unique • Automatically understands network, devices, users • Powered by machine learning and mathematics • Learns ‘normal’ and detects emerging insider, unsignatured and external threats • No rules or signatures • Installs in 1 hour
Thank you
Case Study: Irwin Mitchell LLC Industry • Legal Challenge
• • • • •
Keeping up to date with rules & signatures Protecting against potential threats Safeguard client data and confidentiality Integrating multiple devices/vendors Multiple portals and alert mechanisms
Benefits • Detects threats in real time, that used to bypass its controls • Total network visibility • Assistance with root cause analysis • Mapping applications/services • Ability to investigate incidents in real time and ‘replay’ them • Take control of evolving incidents
“With Darktrace, we can see threats earlier or as they are happening – this allows us to take control of a situation.” Mark Vivian, Head of IT Security Irwin Mitchell
Case Study: Virgin Trains Industry • Transportation Challenge • Cyber security named priority by Virgin Group • Large partner base connected to network • Increasingly wireless on trains • Maintain customer experience while managing risk Benefits • Baseline of how users, devices and network operate • Unlike SIEM tools, provides total, real-time visibility • Able to pinpoint security spend and maximise resources • Improved customer confidence
“Darktrace’s cyber intelligence platform provide us with total visibility into what is happening in real time” Louis Kangurs, IT Network Director Virgin Trains
Case Study: DNK Industry • Insurance Challenge • Lead cyber security efforts in shipping industry • Potential threats & cyber warfare against DNK’s members • Proactive defence required to anticipate problems Benefits • Constant monitoring of corporate network • Ability to address security issues in real time • Greater confidence in ability to defend against sophisticated threats and protect members • Boost to DNK as leader in security and risk mitigation
“Darktrace detects potential issues without us having to define what we’re looking for in advance or make assumptions” Svein Ringbakken, Managing Director DNK
Case Study: Sega Games Industry • Games Challenge • Protection against APTs • Widespread use of social media and other data-sharing sites • Defence of core intellectual property (games), customer data and corporate reputation Benefits • Adaptive monitoring • Better understanding of dynamic digital environment • Surfaces anomalies that would otherwise hide in Sega’s busy networks • Significant reduction in cyber risk • More stable environment for customers, customer and digital assets
CONFIDENTIAL
“Darktrace gives us a higher degree of confidence in our security, and that translates into a more stable environment for our staff, customers and data.” Stuart Wright, Head of Information Security Sega
Case Study: BT Industry • Telecommunications Challenge • Large, widely dispersed network • Fast-evolving sophisticated threats • Wanted a solution that could parse complex network data and detect previously unknown threats Benefits • Real-time, dynamically updated visibility of entire network • Confidence that previously unknown threats can be detected within network before they do serious damage • Enhanced their own security offerings with Darktrace’s expertise in unsupervised machine learning and Bayesian mathematics • Defended against potential insider threat
“Darktrace’s machine learning and mathematics are extremely powerful in detecting activity that is abnormal and will be critical to our future cyber security offerings.” Mark Hughes, President BT Security
Customer Testimonials “Darktrace is a game-changer - now we have a baseline of how our users, devices and network operate.” Louis Kangurs, IT Network Manager, Virgin Trains “Darktrace has already identified threats with the potential to disrupt our networks.” Martin Sloan, Head of Safety and Security, Drax
“Darktrace has given us real visibility into all our digital interactions.” Philip Aim, Managing Director, CreaCard
“I intuitively feel that technology working as a selflearning immune system is the right way to do cyber defense.” Svein Ringbakken, Managing Director, DNK
“Darktrace shines a light onto our systems, giving us a visual overview of what’s really happening ‘under the hood’ Conor Claxton, COO, Macrosynergy Partners “Darktrace’s approach to cyber security is fitted with our strategy of making our cyber defence more proactive.” Alain Daubié, CIO, Sisley
“Darktrace’s machine learning and mathematics are extremely powerful in detecting activity that is abnormal and will be critical to our future cyber security offerings.” Mark Hughes, President, BT Security