AI For Cyber - You Don’t Need To Know The Threat, Just The Network

AI is helping Darktrace fight the good fight against the bad guys in the cyber world, but AI cyber security does it by understanding networks; it doesn’t need to look for a viruses signature, then again, cyber criminals are adopting AI too, or so according to Darktrace’s Max Heinemeyer.

There is a shortage of talent, and personalisation in the new mantra. Everyone who works in tech knows this. But it is not just a problem for legitimate business, it is a problem for cyber criminals too, how do they address the staff shortage?

You may not have too much sympathy for them, but they can relax, take it easy, for they have a friend in AI for cyber. And that makes them formidable indeed.

“Cyber-crime is a perfect market,” says Max Heinemeyer, Director of Threat Hunting at Darktrace.  He explained: “Whatever works, if phishing works, they go for it. If ransomware works, they go for it. If crypto currency works, they go for it. Whatever makes the big bucks, they go for it.”

It also turns out that thanks to AI, cyber-crime is really good at personalising; so if you are a CEO, then ransomware might work quite well for the cybercriminal, stealing data from your machine might be lucrative too, but putting a bitcoin mining tool on your machine is a wasted opportunity. 

But if there is a server used only occasionally for development work, and then it just sits around collecting dust, processing very little, then installing a bitcoin miner, might be a very good enterprise for the cybercriminal. And AI can help the recruiting-challenged cybercriminal achieve this.

Max should know, he used to be an ethical hacker, a penetration tester, and an also ex-member of the Chaos Computer Club he knows a thing or two about what cyber criminals are up to and, he, along with his team of 30 odd people scattered around the world, hunt down cyber threats. But how can they do it? 

The cyber world is vast, you can count the numbers of experts in Max’s team without having to draw breath. The answer: AI, or AI for cyber. That’s what Darktrace is good at.

The company was founded five years ago, that may seem recent to any reader who left school before the iPhone was launched, but in the world of AI, that is positively ancient history. Max has been with the company for three years, making him a veteran. 

When he joined he was employee number 120, now there are almost a thousand employees. And the company, which recently completed its latest funding round, this time rustling up $50 million, has a valuation of $1.6 billion. It’s technology has been deployed in over 7,000 networks, R&D is headquarter in HQ Cambridge but the company has offices in over 33 countries, with a dual HQ in the UK and in San Francisco.

The company was founded by three very different types: ex spooks, boffins and the money. Max put it this way: “Ex intelligence people, from GCHQ, and MI5 and other agencies trying to focus on cybercrime, catching hackers, concluded that they needed to change the legacy approach to cyber security. 

“So instead of looking for signatures and rules, which clearly does not scale, while at the same time there was a huge skill gap, they looked for another way. The spooks realised they needed to change something, so they approached Cambridge Mathematicians, working in AI and Machine Learning, and asked ‘can we work together?’ Investors then completed the three-way convergence, so that the company could have the sales force and marketing it needed.”

“You can never anticipate tomorrow,” says Max Heinemeyer “so you need an army of people keeping up to date with signature and rules.”

So how does it work?

“We use what we call the enterprise immune system; a very simple analogy which underlines how Darktrace works, relates to understanding cells, instead of looking for what bad looks like, it understands networks, it understands the information age. Drax, the company behind the massive power station was one if its first customers. And working in that way, Darktrace earned its spurs. And it works by spotting a deviation, as soon as a deviation occurs and attacks, entering a network, it can spot the deviation in behaviour.

So, for example, it may know that a certain individual logs in between 7am and 9am every morning, and goes to Facebook and Instagram, and uses HTPS encryption. Darktrace understand all of this; but if a lot of data is then sent by this individual to an usual website, or it starts making connections to weird servers in in say Germany, US, China, Russia or Japan, Darktrace will highlight that.

Diversity may be part of Darktrace’s success. Its founder, Poppy Gustafsson and CEO Nicole Eagan, are both female. In Max’s team, the split is 40% women 60% men.

Puppet masters for the internet

“It’s not the kid working in their parent’s basement anymore, if we think about the most sophisticated human attacks, they try to blend as stealthily as possible. These subtle-nation driven attacks are sophisticated, the people behind them know what they are doing. They are like puppet masters for the internet.”

Max says that they “live off the land”, they don’t operate from a server in say Russia, but from the cloud. They stay very low and move around very stealthily.

And from this, he makes a prediction. The AI driven tools cannot make judgement calls as they are automated. We believe that AI driven malware will start understanding context.

“The most the advanced attackers, sit there, they listen, they see what you are doing, they understand ‘oh, this person doesn’t talk to finance very often so I will move around to say Amy’s computer. And Malware can learn to do the same. Narrow AI, like Darktrace understands context, what is normal for a given device, or a normal network or normal environment.”

“If you put yourself in the shoes of a malicious nation stage, then their work is very human capital intensive, you need a lot of very skilled hackers, somebody who can use the tools, to understand Windows, Linux, to move around and attack stealthily. 

“But what if the human attackers, can use a piece of malware to understand by itself, say, that a specific target watches a bit of Netflix on a Friday, so they may create a website similar to Netflix, so by understanding what is normal, hackers can scale much more effectively, and hack into say hundreds of organisations.

“So AI can solve the skill shortage of cyber criminals and personalise its activity.”

So if the more sophisticated cyber criminals are moving to AI, that leaves companies trying to resist, with little alternative, but to adopt AI-cyber too.

Information Age:

You Might Also Read:

Darktrace Describe The Alarming Future AI Attack Scenario

« Delay, Deny and Deflect: How Facebook’s Leaders Fought Through Crisis
Journalists Aim To Detect Deepfakes »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Netsafe

Netsafe

Netsafe is an independent, non-profit New Zealand organisation focused on online safety. We help people stay safe online by providing online safety education, advice and support.

certSIGN

certSIGN

certSIGN develop innovative software for information security and information systems protection.

Indeed

Indeed

Indeed is a worldwide employment-related search engine for job listings covering job types in all industries, including cybersecurity.

CPP Group UK

CPP Group UK

CPP Group UK develops products to help insurers add further value to their products and services through its innovative suite of new products in FinTech, InsurTech and cyber security.

Adlumin

Adlumin

Adlumin Inc. provides the enterprise-grade security operations platform and managed detection and response services that keep mid-market organizations secure.

Data Privacy Office (DPO)

Data Privacy Office (DPO)

Data Privacy Office is a company that specializes in privacy and personal data protection, following the highest standards in its sector.

Cado Security

Cado Security

Cado Security is pushing digital forensics, and cyber incident response to the next level with an incident response software platform and specialist consulting services.

Communicate Technology

Communicate Technology

Communicate Technology are IT, telecoms and cyber-security specialists, keeping over 500 businesses and 50,000 users connected and secure across the UK.

White Tuque

White Tuque

A new way to protect your organization. White Tuque is your partner in identifying threats, understanding your risk, and ensuring your business remains resilient.

CommandK

CommandK

CommandK provides companies with infrastructure to protect their sensitive data. Built-in solutions to prevent data-leaks and simplify governance.

OutKept

OutKept

OutKept offers the highest quality phishing simulation campaigns, supported by a community of ethical phishers, to build awareness, and maintain alertness.

Automotive Information Sharing & Analysis Center (Auto-ISAC)

Automotive Information Sharing & Analysis Center (Auto-ISAC)

Auto-ISAC provides a forum for companies to analyze and identify threats sooner and share solutions that enhance vehicle cybersecurity.

Cyber Defense International (CDI)

Cyber Defense International (CDI)

At CDI, we utilize decades of experience in designing and building large-scale cybersecurity programs, creating tailored solutions and services that protect businesses from cyber threats.

CyberGrape

CyberGrape

CyberGrape is a client centric managed services company, providing enterprise leading security solutions and helping companies through their IT risk and security challenges.

M7 Services

M7 Services

M7 Services are a comprehensive Managed Services Provider (MSP) with a focus on delivering cutting-edge information technology solutions and unparalleled customer service.

StackGen

StackGen

StackGen (formerly appCD) automatically generates Infrastructure from Code (IfC) based on application code with golden standards applied.