A tiny amoeba makes it’s way across the prehistoric mud. It is happily sliming away, as – suddenly – it is attacked. The amoeba now has two options: build a wall to try and stop the intruder, or develop an intelligent and superior immune system to fight off the nasty virus by taking the right steps and not wasting energy on the unnecessary ones.
A wall may be a good defense for simple things. But once the wall is breached, you need an immune system that works properly.
This is what Darktrace does.
It is, essentially, a computerized immune system that detects your network against intruders, in real time and with an amount of adaptability only a highly automated, hyper connected capability which only a software can deliver.
Humans are inherently slow to react to threat. And that is multiplied thousandfold if more humans get together. One person is slow, a company is even slower and a huge corporation or government is so slow you may as well forget about it when it comes to making decisions about security and policy.
Cybercriminals, however, are fast. And their malware attacks are even faster. And once they have breached the traditional wall of defence (your company’s first layer of security, and the traditional, policy driven defense systems) your data is there for the taking, open for anything.
The new approach that Darktrace is pioneering in is a biological approach to a purely non-biological threat.
Its system detects a virus much like your own body does and then creates innovative ways to protects the system (and itself): it does this by “understanding” the “self” (the proper, real system) and “non-self” (the virus, the attack).
The philosophy behind it is just as fascinating as the product itself. Programs will be protecting programs from other programs. Matrix, here we come.
The markets needs this – Mike Lynch, the co-founder of the Autonomy Corporation, which was sold to HP for over 7 billion, says “that 80 percent of the FTSE 100 companies could be taken over in a hack”
That is a scary thought and one that we already looked at in our post about Cyberwars in the Boardroom.
Companies and corporations, who by nature are slow policy makers need to take the step back from trying to police their own security and let the machines take over that part for them as well.
The new generation software that Darktrace and others (Microsoft’s Adallom might fall under that category as well) are pioneering in taking the step from human-controlled decision making to allowing intelligence gathering programs scour their systems to look for intruders and lurking dangers that need to be addressed.
At the base of all this is machine learning: the ability for the program to detect, learn and understand new situations and categorize them correctly as either threats or normal system behaviour. A human immune system can fight viruses it has never seen before – a software should do this, too.
Is this new bit of data traffic that I’m seeing a new database being operated or is it an attack I need to shut down? Based on experience, on intelligence and on learned facts, new security systems can understand the difference between a simple glitch and an attack.
Attack is happening constantly, and so these systems need to operate in real time, with zero delay.
We have now started a new era of instant attack, instant decision making and instant defence. We have now arrived in a world where systems protect systems to fight off other systems.