Deep in the heart of the UK, at the University of Cambridge, a team of technical experts made up of world-class mathematicians, has gathered to develop a new technology designed to detect and decipher cyber threats as they occur in real time.
Sounds familiar? It is reminiscent of the plot of the film The Imitation Game, which chronicles the journey of famed computer scientist Alan Turing as he developed the Turing machine, a device that would be used to decode messages from the German Enigma machine during World War II.
Today’s cyber threats are far more advanced than the encrypted messages produced by the Enigma (but thankfully do not require a classroom-sized machine to tackle) and are evolving to new levels of sophistication. It is estimated that there are over 1 million new malware threats released daily.
Their potential to wreck heavy financial damage should not be underestimated either. The costliest virus of all time, MyDoom, racked up US$38.7 billion in damages. No small sum indeed.
The need for a paradigm shift in fighting viruses is imperative, and the aforementioned mathematicians at the University of Cambridge may have discovered a more potent formula.
This new technology is called the Enterprise Immune System technology. It is based on Bayesian mathematics, featuring 300 different algorithmic dimensions and developed for the aptly clandestine-sounding cybersecurity startup Darktrace — a UK-based startup founded in 2013 by various members of UK’s intelligence community including MI5 and GCHQ.
It has since expanded to include members from other global intelligence agencies such as the CIA and the NSA.
Changing the way we fight cyber threats
“The cybersecurity landscape up till now was always about prevention; trying to keep the bad guys from coming into the network. So it was things like next-generation firewalls,virus detection and malware detection.
“What we have seen in Asia and other places in the world, is that the idea of keeping the bad guys out doesn’t work,” says Nicole Eagan, CEO of Darktrace, in an interview with e27.
“Once someone [a virus] gets into your network, it’s there for a long time. Anywhere from 240 days to three years,” she adds.
Jiminy cricket! Three years is a long time, and a hacker could have gathered terabytes of critical information before someone finds out something is amiss. So how can Darktrace prevent this?
Eagen says that using its Enterprise Immune System technology, Darktrace detects anomalous behaviour and lateral movements inside the network. It is able to investigate specific instances of suspicious or unusual behaviour.
According to Darktrace, its immune system approach is “analogous to preventing a thief who holds the key to a stolen car from driving off, by detecting his inability to emulate the normal behavior and preferences of the car owner”.
This means that its system is able to learn automatically, apply adaptive understanding and proactively counter and detect cyber threats as they occur in real time.
No threats to privacy
To able to trace specific and subtle threats, Darktrace’s security system has to be deeply embedded in the enterprises’ networks, so is there a concern that there might be a breach of privacy?
“Unlike some counterattack approaches, where you have to actually pinpoint specific people based on factual information, resulting in the invasion of privacy, Darktrace removes this problem by using math and machine learning,” explains Eagen.
“We are not reading the actual content such as emails. We look for patterns of normal [behaviour] and anomalies in the network traffic. For example, at factors such as who is connecting, whether they have permission and what or how much data they are using. So, if anything, we are actually protecting people’s privacy a lot more than other approaches,” she adds.
Tackling the threats in Asia
Since being founded two years ago, Darktrace’s Enterprise Immune System technology has been adopted by more than 250 organisations worldwide.
It is currently valued at over US$100 million following its Series B funding of US$22.5 million from venture capital firm Summit Partners in July. It was recognised as a “Technology Pioneer” by the World Economic Forum in 2015.
In the APAC region, Darktrace is headquartered in Singapore and has operations in Japan, Australia, Hong Kong, India, New Zealand and South Korea. Eighty organisations within Asia have also deployed its system.
Sanjay Aurora, Managing Director of Darktrace Asia Pacific believes that APAC, which saw cyber attacks cost businesses US$81 billion in this year alone, needs to adopt a new approach to fighting these cyber threats.
“We are seeing business from different sectors and of all sizes starting to take cyber threats seriously,” says Aurora.
“In Asia, what we do is to seek out partnerships. A lot of companies have relationships with system integrators and some even have relationships with boutique cybersecurity companies. What has been key to us is to find out and establish those relevant partnerships in each local market where there is already trusted business relationships. We have to make sure that we are present in front of the customer. Asia needs that high touch,” he says.
One example of this is Darktrace’s partnership with Singapore-based cybersecurity and network performance solutions provider M.Tech. Through this collaboration, Darktrace will have access to M.Tech’s customer base that is spread across 17 countries including Singapore, Australia, China, Japan, Malaysia and New Zealand.
Aurora says that working with local cybersecurity partners is crucial. “These people know what the specific cybersecurity vulnerabilities are, they know their customers better and they know what our technology can do.”
Obstacles in Asia
Darktrace may have broken new ground in the technological arena but its ability to be deployed is bounded and limited by each country’s regulations or infrastructure. So understanding the unique challenges of each country is necessary.
“In Indonesia, regulations that are coming in 2017 require Indonesian companies to build their own data centres locally for a certain number of transactional data. Today a lot of companies in Indonesia have their data centres in Singapore or other parts of the world. So the big challenge for them now is that they have to implement their own data centres and their own security operational centres (SOC). They are at a very different stage from Singapore, which has all these infrastructure in place,” says Eagan.
“So what Darktrace might do in Indonesia is help them plan and enhance their security operation strategy, whereas, in Singapore, we can deploy Darktrace’s system immediately. So we adapt, adjust our business strategy, partner strategy and the timing … to cater to the different markets,” she adds.
Employing the “intelligence community approach”
Another value proposition that Darktrace is bringing to Asia besides its advanced security system, is what it calls the “intelligence community approach”.
“What happened in the cybersecurity field is that there were traditional IT companies who did network security or IT security — then, all of a sudden, the term ‘cyber’ came along, so now they put ‘cyber’ in front of it because it needed to sound trendy and hip, but all it was was refitted IT security,” says Eagan.
What Darktrace does, she says, is drastically different. The people who are tackling cybersecurity are not traditional IT personnel but people who come from the intelligence community — people who perceive cyber threats differently.
“An IT person who looks at it [cyber threats] will see it as another IT project. For example ‘I have a budget, I have a timeframe and I am going to select a vendor to deploy the system.’ In the cybersecurity field, you don’t look at the world that way. It’s about managing business risks, it’s about understanding the nature of the attack factors and what information they might be better after. For example: What they are doing in your network and what data types they are going for,” she says.
Eagan says that Darktrace will seek to partner with different intelligence communities in Asia. Some agencies such as those in Australia and New Zealand are already well connected with other agencies in the US and the UK, so it will be able to leverage on those relationships.
In Singapore, Darktrace will also be working with Interpol if there is a major cybercrime at hand.
Future of Darktrace
At this juncture, Darktrace has no plans to raise funding and is focussed on accelerating growth, increasing hiring and expanding into new markets. It will also look to integrate with more systems as cybersecurity grows in complexity.
“In the coming years, we will be looking at further integrations into industrial systems, and IoT (Internet of Things). We see the trend of physical objects connecting to networks as the next important phase, ” concludes Eagan.