How Darktrace is leading Cambridge fightback against global cyber threats
PUBLISHED: 10:28 18 March 2017 | UPDATED: 10:28 18 March 2017
Iliffe Media Ltd
A global arms race is under way – and the dark side has been winning. But a unique weapon is now being unleashed by Darktrace in Cambridge to combat the cyber threats facing every network
‘This time last year we had 150 employees globally. We now have 370. That’s been the last 12 months. We’re probably the fastest growing company in Cambridge, if not the UK,” says Darktrace director Emily Orton.
“We have a different approach to cyber security. It’s about trying to fight back against some of the most advanced and sophisticated threats – not just state on state attacks, but every business, from small to medium to very large corporates, is facing a huge array of different cyber attacks.”
The firm was formed in Cambridge in 2013, the culmination of talks between some brilliant mathematicians and intelligence experts from MI5 and GCHQ.
Together they acknowledged that the battle against cyber criminals was being lost. Existing cyber security methods were falling woefully short.
“We knew it needed to be shaken up because the old approach to security wasn’t working,” recalls Emily. “You’ll have read about many hacks in the news: database breaches, customer data going missing – it’s constantly happening, even to the point where you’ve got people like the Democratic National Committee getting hacked.”
The firm has raised more $100million in funding – itself a validation of the mind-blowing technology at its heart.
It brings together advanced machine learning with a new branch of Bayesian probability theory, developed by University of Cambridge mathematicians. The system analyses huge volumes of data on a network and learns what is normal behaviour – developing a sense of that organisation’s pattern of life, or ‘self’, which enables it rapidly to detect anomalies and either alert the organisation or take action to mitigate or stop the threat.
“Machine learning is transforming cyber security,” says Emily, the firm’s global head of marketing. “The legacy approach was you can build a wall around a network and block people to keep them and the idea was if you’re updating your software or patching it, you should be OK. That fell to the ground when you had people inside your network doing things – getting through the network. There are more ways in, like remote working. There are so many inroads inside the network.
“Darktrace’s approach is to catch threats that are inside the network – that have got over the fence, or under the wall. We don’t try to stop threats coming on to your network because the threats will be inside. In the brave new world we’re living in, you’ve got to assume you are compromised.
“We call the whole approach the Enterprise Immune System. It’s a pertinent way to describe it. If you think about the human body, you have the skin, which is the physical barrier, but you also have an immune system. It’s the most complex biological system because it’s constantly adapting and learning what’s part of me and what’s not me. Without us knowing, our antibodies are doing a lot of work for us all the time. We take a similar approach. Yes, you have a firewall that’s a bit like the skin – a low-level barrier. The clever stuff will get in and it’s constantly adapting and learning a sense of self, which is different for every company. It’s constantly adapting as your business changes.
“It learns from scratch from your data and we visualise it on a big interface called the threat visualiser. It’s scary – a lot of organisations don’t know what their network looks like and there’s a dark underworld.”
Darktrace’s advanced AI platform is able to respond far more quickly than a human could.
“If you take something like ransomware, within 20 minutes it can encrypt tens of computers,” says Emily. “It’s so quick you can’t catch it. You’ve got to catch it within the first two minutes.
“We have caught ransomware. It’s fairly under-reported but many companies have suffered and they are paying big ransoms. Some criminals will go and demand £20,000 or negotiate and see what they can get. We’ve had charities that have been hit – they are low-hanging fruit. They don’t have much security. Their hard drives get encrypted and then it’s a case of what are they willing to pay to get their data back.”
“There are large criminal groups that use ransomware to make money.
“There are known hotspots for this – and some states turn a blind eye or actively encourage it. Sometimes there are people on the state payroll doing this for their job. But a good proportion of the things we see originate inside the organisation: Employees who are doing their jobs but might not use the right protocol – or might bypass your rules, or maybe even deliberately do things.”
Darktrace’s clients range from financial and legal services, to charities like the National Trust and Royal British Legion, to healthcare organisations and pharmaceutical firms. They pay a subscription and can choose a detection service, or detect and response package.
It is also being adopted by critical infrastructure companies like power stations amid growing concerns that they could targeted by terrorists.
“They are vulnerable. They know it,” says Emily. “One of the problems for critical infrastructure is they’ve got a lot of physical infrastructure like power plants which have had different types of network. All those old systems built in the 50s or before weren’t internet-enabled but now are so exposed to all the problems.”
Darktrace helped uncover a criminal attempt to get into an Asian manufacturer’s machinery through a fingerprint identification machine.
“Because it wasn’t a laptop or a desktop people didn’t think about it being vulnerable. They had started deleting the legitimate fingerprint data and replacing it with their own when we caught it. They were well on their way to getting a person in there,” says Emily.
“We now have 2,000 deployments of our technology globally,” says Emily. “In the last 12 months, we’ve expanded in Latin America and many parts of Asia that we weren’t in already, including India and Japan, Hong Kong, Taiwan, right through to various parts of continental Europe.
“Even in our first year, we went straight into the US market and we had people right across Europe. The last 12 months has been scaling it up. There is a pretty universal need for this technology.”
Construction is under way for Darktrace’s new Cambridge HQ at The Maurice Wilkes building, opposite its existing home on the St John’s Innovation Park. The firm’s Stateside HQ is in San Francisco and it has opened offices in New York, Auckland, London, Milan, Mumbai, Paris, Seoul, Singapore, Sydney, Tokyo, Toronto and Washington DC. Did the founders know how fast the company would grow?
“We knew it would grow quickly – Cambridge machine learning is the best in the world.
“We were seeing a lot of FTSE 100 companies compromised. People we were working with in Government intelligence saw this as a problem and a lot of them joined the company.
“So there was a lot of credibility and validation of our approach from day one. We knew it was a winner.”
The firm is now focused on further organic growth.
“Companies have got legacy technology so there’s a mismatch. At the moment it’s unequal – the attacker has the advantage. Once the defender is fighting back with the best tools, it’s an arms race. They’ve got good technology – you’ve got to have better technology,” says Emily.
“AI can be used on the attack side as well – smart machines will be used by people you don’t want using them,” warns Emily. “It’s an ongoing battle. But this is working. We have proven it.”
:: Article in association with Grant Thornton’s Creating a Vibrant Economy Initiative.
Intelligence experts on advisory board
Darktrace’s advisory board certainly know its stuff. It features:
Lord Evans of Weardale KCB - he was Director General of MI5 from 2007-13 and spent 33 years at the organisation, fighting terrorism.
Alan Wade – he spent 35 years in the Central Intelligence Agency and served as the Chief Information Officer before his retirement in 2005.
Dr Mike Lynch - he founded Autonomy in Cambridge in 1996, based on technology invented at the university. It became one of the most successful companies on the FTSE 100 and was acquired in 2011 for $11billion. In 2012, he founded investment firm Invoke Capital in 2012, which seed-funded Darktrace in 2013.
Founding advisor Bill Fitzgerald – Prof Fitzgerald, who died in 2014, was a world leader in Bayesian inference applied to signal and data modelling, and worked in Cambridge’s Department of Engineering.