Archive for Darktrace

US Goes After China For Hacking… China Hits Back

Posted in Commentary with tags , , on July 21, 2021 by itnerd

The US has taken the unusual step taking a shot at China over the hacking of Microsoft. This March, Microsoft reported that at least 30,000 customers were affected by a hack that allowed outsiders to access the firm’s email and calendar service through a software loophole previously unknown to the company. Volexity, the cybersecurity firm that first discovered the Exchange breach, and Microsoft concluded the attacks originated from China and appeared to be state-sponsored.

This has now led to the U.S. Justice Department charging four Chinese citizens from China’s secretive ministry of state security who are alleged to have hacked into the computer networks of dozens of companies, universities and government entities. China denies this:

“The U.S. ganged up with its allies and launched an unwarranted accusation against China on cybersecurity,” Chinese Foreign Ministry spokesman Zhao Lijian said Tuesday at a regular press briefing in Beijing. “It is purely a smear and suppression out of political motives. China will never accept this.”

But this is likely the beginning according to Director of Enterprise Security at Darktrace, David Masson:

“We have entered a new era of cyber-threat – attacks are increasing in speed, sophistication, and scale with malicious software like ransomware being able to encrypt an organization’s entire digital infrastructure in seconds. Even more alarmingly, geopolitical tensions are being played out in cyber battles with organizations getting caught in the crossfire.

Although it is difficult to attribute these attacks to any single nation-state, our government should take every opportunity to pressure cyber-criminals and grow international condemnation in the hopes of resetting the current state of unchecked nation and non-nation state cyber-aggression targeting countries globally. This lack of a unified strong and significant international response only further emboldens nation-state driven or sponsored cyber-attacks against the private sector and government institutions.

Canada can lead the way in putting every nation state and cybercriminal group, whether state-sponsored, supported, or simply sheltered, on notice that cyber-attacks will not only be taken extremely seriously, but that there could be a high cost where those responsible are held accountable through all levers of national power.

The priority must be protecting Canadian businesses and institutions from cyber-attacks that pose a threat to both economic and national security.”

Hopefully Canadian businesses, if not all businesses take heed of this warning.

Darktrace Reports Rapid Growth in Canada

Posted in Commentary with tags on June 23, 2021 by itnerd

Darktrace, a leading autonomous cyber security AI company, today reported that its Canadian customer base has grown substantially over the last year, as organizations across the country seek to protect themselves from increasingly sophisticated cyber-attacks. Significant customer wins in Canada include global retailer Herschel Supply Co., leading Quebec-based brokerage firm Lussier Dale Parizeau (LDP), the City of Sudbury, non-profit United Way of Calgary and Area, and Canucks Sports & Entertainment. 

Powered by self-learning Cyber AI, the Darktrace Immune System works by learning the normal ‘pattern of life’ of an organization and can interrupt in-progress attacks across increasingly complex digital infrastructures, including the cloud, email and home office environments. Organizations across the region have not only embraced AI to understand where threatening activity is happening, but also now trust the technology to stop attacks from evolving within a matter of seconds, before security teams are even at their desks.  

Darktrace is a leading autonomous cyber security AI company and the creator of Autonomous Response technology. It provides comprehensive, enterprise-wide cyber defense to over 4,700 organizations in over 100 countries, protecting the cloudemail, IoT, traditional networks, endpoints and industrial systems

A self-learning technology, Darktrace AI autonomously detects, investigates and responds to advanced cyber-threats, including insider threat, remote working risks, ransomware, data loss and supply chain vulnerabilities. The company has 1,500 employees globally, with headquarters in Cambridge, UK. Every second, Darktrace AI detects a cyber-threat, preventing it from causing damage. 

Ransomware Now Top Use Case For Autonomous Cybersecurity Technology: Darktrace

Posted in Commentary with tags on May 26, 2021 by itnerd

Darktrace today announced that ransomware is the top use case of its market-leading Autonomous Response technology, as organizations face the increased threat of machine-speed attacks. 

As sophisticated ransomware attacks continue to pose an existential risk to organizations in all sectors, Darktrace Antigena allows customers to take proportionate action to thwart all strains of ransomware, both known and unknown, in real time, avoiding costly shutdowns and business disruption. 

Powered by self-learning Cyber AI, Autonomous Response is a world-first technology that rapidly neutralizes a range of novel cyber-attacks by taking highly targeted actions, while allowing normal business operations to continue as usual. Its self-learning technology isolates only the unusual data encryption activity associated with ransomware. 

In addition, Darktrace has also announced that it has extended its Autonomous Response capability to enhance coverage of servers, allowing the AI to fight back against all forms of fast-moving attacks. 

Darktrace is a leading autonomous cyber security AI company and the creator of Autonomous Response technology. It provides comprehensive, enterprise-wide cyber defense to over 4,700 organizations in over 100 countries, protecting the cloudemail, IoT, traditional networks, endpoints and industrial systemsA self-learning technology, Darktrace AI autonomously detects, investigates and responds to advanced cyber-threats, including insider threat, remote working risks, ransomware, data loss and supply chain vulnerabilities. The company has 1,500 employees globally, with headquarters in Cambridge, UK. Every second, Darktrace AI detects a cyber-threat, preventing it from causing damage. 

Darktrace & Microsoft Partnership Extends Autonomous Cyber Defense Across The Cloud

Posted in Commentary with tags , on May 10, 2021 by itnerd

Darktrace today announced that it has joined forces with software giant Microsoft. The partnership provides mutual customers with enterprise-scale, self-learning AI that detects and autonomously responds to cyber-threats.

This collaboration amplifies Darktrace’s self-learning artificial intelligence for cyber security within Microsoft environments, including Microsoft 365 and cloud applications like Azure Sentinel. As organizations and workforces across the globe increasingly rely on cloud infrastructure and virtual collaboration tools, the partnership ensures that attacks can be thwarted by Microsoft’s solutions together with Darktrace’s autonomous Cyber AI technology.

The partnership between Microsoft and Darktrace provides enhanced security across multiplatform and multicloud environments, automates threat investigations, and enables teams to prioritize strategic tasks that matter.

The two organizations are collaborating to help organizations in a number of critical areas:

  • Cyber AI email security: Antigena Email, which uses Darktrace’s autonomous response technology to stop the most advanced email threats, is now hosted on Microsoft Azure and listed on Microsoft Azure Marketplace.
  • Simplified and streamlined security workflows: Darktrace now integrates seamlessly with Azure Sentinel, with a bespoke Workbook allowing users to send and visualize Darktrace threat alerts and automated threat investigation reports inside Sentinel.
  • Seamless data integration: Darktrace one-click integrations allow users to connect Darktrace’s AI detection capabilities to Microsoft Defender for endpoint.

You can find out more here.

Darktrace and MIT Technology Review Release Co-branded Whitepaper

Posted in Commentary with tags on April 14, 2021 by itnerd

Darktrace, a world leading cyber AI company, in collaboration with MIT Technology Review, released a whitepaper that assesses industry professionals’ views towards AI-powered attacks. At a time when cyberattacks are at an all-time high, it’s integral for companies to understand and anticipate such attacks – no matter the industry.    

The report is based on research gathered from December 2020 to January 2021 and surveyed 309 senior global business leaders; more than half were C-level executives or directors.

Key findings from the report include:  

  • How 97 per cent of respondents are concerned about AI-augmented attacks  
  • The top three reasons respondents are concerned are: 
  • Human driven response can’t keep up  
  • Security tools can’t anticipate new attacks  
  • Hiring qualified employees is difficult  
  • How 96 per cent of respondents said they had started preparing for AI- powered attacks  
  • That respondents think the top three ways AI-attacks will manifest themselves are: 
  • More advanced spear-phishing and impersonation attacks  
  • More effective ransomware  
  • Misinformation and undermining of data integrity 

The white paper is available for download here.   

Darktrace Appoints James Sporle as General Counsel

Posted in Commentary with tags on April 1, 2021 by itnerd

Darktrace, a leading autonomous cyber security AI company, today announced that it has appointed James Sporle as General Counsel and Company Secretary.

James brings a wealth of legal experience to the Darktrace team, having formerly served as Group General Counsel and Company Secretary at online food delivery company Just Eat plc, where he was instrumental in its transformation from pre-IPO business to the FTSE 100 and in subsequently navigating its merger with Takeaway.com. In 2020, James was shortlisted for The Lawyer’s General Counsel of the Year.

Prior to Just Eat, James worked at BP plc, having qualified as a solicitor at Linklaters in 2001. He holds a Law degree from St Catharine’s College, Cambridge.

Richard Eaton, current General Counsel at Darktrace, will retire in the autumn.

Darktrace Appoints Lord David Willetts As A Non-Executive Director

Posted in Commentary with tags on March 17, 2021 by itnerd

Darktrace, a leading autonomous cyber security AI company, today announced that the Rt Hon. David Willetts has agreed to join the Board of Directors as a Non-Executive Director.

Lord Willetts served as a Member of Parliament from 1992 to 2015. He was Minister for Universities and Science within the Department for Business, Innovation and Skills from 2010 to 2014, and previously held roles within HM Treasury and the No. 10 Policy Unit. His current roles include President of the Resolution Foundation and Chair of the Foundation for Science and Technology, together with serving on several company boards.

“I am honoured to join the Board of Darktrace, a true example of great British innovation and leadership in the cyber AI field,” Lord Willetts said. “I look forward to supporting the company as it continues to play a critical role in building the technology and talent needed to counter the rising threat from cyber-attacks on business, government and critical national infrastructure.”

Darktrace is a leading autonomous cyber security AI company and the creator of Autonomous Response technology. It provides comprehensive, enterprise-wide cyber defense to over 4,500 organizations worldwide, protecting the cloudemail, IoT, traditional networks, endpoints and industrial systems.

A self-learning technology, Darktrace AI autonomously detects, investigates and responds to advanced cyber-threats, including insider threat, remote working risks, ransomware, data loss and supply chain vulnerabilities.

The company has 1,500 employees and 44 office locations, with headquarters in Cambridge, UK. Every second, Darktrace AI detects a cyber-threat, preventing it from causing damage.

Guest Post: Comparing Different AI Approaches To Email Security

Posted in Commentary with tags on February 12, 2021 by itnerd

By Dan Fein, Director of Email Security ProductsDarktrace

Innovations in artificial intelligence (AI) have fundamentally changed the email security landscape in recent years, but it can often be hard to determine what makes one system different to the next. In reality, under that umbrella term there exists a significant distinction in approach which may determine whether the technology provides genuine protection or simply a perceived notion of defense.

One backward-looking approach involves feeding a machine thousands of emails that have already been deemed to be malicious, and training it to look for patterns in these emails in order to spot future attacks. The second approach uses an AI system to analyze the entirety of an organization’s real-world data, enabling it to establish a notion of what is ‘normal’ and then spot subtle deviations indicative of an attack.

In the below, we compare the relative merits of each approach, with special consideration to novel attacks that leverage the latest news headlines to bypass machine learning systems trained on data sets. Training a machine on previously identified ‘known bads’ is only advantageous in certain, specific contexts that don’t change over time: to recognize the intent behind an email, for example. However, an effective email security solution must also incorporate a self-learning approach that understands ‘normal’ in the context of an organization in order to identify unusual and anomalous emails and catch even the novel attacks.

Signatures – a backward-looking approach

Over the past few decades, cyber security technologies have looked to mitigate risk by preventing previously seen attacks from occurring again. In the early days, when the lifespan of a given strain of malware or the infrastructure of an attack was in the range of months and years, this method was satisfactory. But the approach inevitably results in playing catch-up with malicious actors: it always looks to the past to guide detection for the future. With decreasing lifetimes of attacks, where a domain could be used in a single email and never seen again, this historic-looking signature-based approach is now being widely replaced by more intelligent systems.

Training a machine on ‘bad’ emails

The first AI approach we often see in the wild involves harnessing an extremely large data set with thousands or millions of emails. Once these emails have come through, an AI is trained to look for common patterns in malicious emails. The system then updates its models, rules set, and blacklists based on that data.

This method certainly represents an improvement to traditional rules and signatures, but it does not escape the fact that it is still reactive, and unable to stop new attack infrastructure and new types of email attacks. It is simply automating that flawed, traditional approach – only instead of having a human update the rules and signatures, a machine is updating them instead.

Relying on this approach alone has one basic but critical flaw: it does not enable you to stop new types of attacks that it has never seen before. It accepts that there has to be a ‘patient zero’ – or first victim – in order to succeed.

The industry is beginning to acknowledge the challenges with this approach, and huge amounts of resources – both automated systems and security researchers – are being thrown into minimizing its limitations. This includes leveraging a technique called “data augmentation” that involves taking a malicious email that slipped through and generating many “training samples” using open-source text augmentation libraries to create “similar” emails – so that the machine learns not only the missed phish as ‘bad’, but several others like it – enabling it to detect future attacks that use similar wording, and fall into the same category.

But spending all this time and effort into trying to fix an unsolvable problem is like putting all your eggs in the wrong basket. Why try and fix a flawed system rather than change the game altogether? To spell out the limitations of this approach, let us look at a situation where the nature of the attack is entirely new.

The rise of ‘fearware’

When the global pandemic hit, and governments began enforcing travel bans and imposing stringent restrictions, there was undoubtedly a collective sense of fear and uncertainty. As explained previously in this blog, cyber-criminals were quick to capitalize on this, taking advantage of people’s desire for information to send out topical emails related to COVID-19 containing malware or credential-grabbing links.

These emails often spoofed the Centers for Disease Control and Prevention (CDC), or later on, as the economic impact of the pandemic began to take hold, the Small Business Administration (SBA). As the global situation shifted, so did attackers’ tactics. And in the process, over 130,000 new domains related to COVID-19 were purchased.

Let’s now consider how the above approach to email security might fare when faced with these new email attacks. The question becomes: how can you train a model to look out for emails containing ‘COVID-19’, when the term hasn’t even been invented yet?

And while COVID-19 is the most salient example of this, the same reasoning follows for every single novel and unexpected news cycle that attackers are leveraging in their phishing emails to evade tools using this approach – and attracting the recipient’s attention as a bonus. Moreover, if an email attack is truly targeted to your organization, it might contain bespoke and tailored news referring to a very specific thing that supervised machine learning systems could never be trained on.

This isn’t to say there’s not a time and a place in email security for looking at past attacks to set yourself up for the future. It just isn’t here.

Spotting intention

Darktrace uses this approach for one specific use which is future-proof and not prone to change over time, to analyze grammar and tone in an email in order to identify intention: asking questions like ‘does this look like an attempt at inducement? Is the sender trying to solicit some sensitive information? Is this extortion?’ By training a system on an extremely large data set collected over a period of time, you can start to understand what, for instance, inducement looks like. This then enables you to easily spot future scenarios of inducement based on a common set of characteristics.

Training a system in this way works because, unlike news cycles and the topics of phishing emails, fundamental patterns in tone and language don’t change over time. An attempt at solicitation is always an attempt at solicitation, and will always bear common characteristics.

For this reason, this approach only plays one small part of a very large engine. It gives an additional indication about the nature of the threat, but is not in itself used to determine anomalous emails.

Detecting the unknown unknowns

In addition to using the above approach to identify intention, Darktrace uses unsupervised machine learning, which starts with extracting and extrapolating thousands of data points from every email. Some of these are taken directly from the email itself, while others are only ascertainable by the above intention-type analysis. Additional insights are also gained from observing emails in the wider context of all available data across email, network and the cloud environment of the organization.

Only after having a now-significantly larger and more comprehensive set of indicators, with a more complete description of that email, can the data be fed into a topic-indifferent machine learning engine to start questioning the data in millions of ways in order to understand if it belongs, given the wider context of the typical ‘pattern of life’ for the organization. Monitoring all emails in conjunction allows the machine to establish things like:

  • Does this person usually receive ZIP files?
  • Does this supplier usually send links to Dropbox?
  • Has this sender ever logged in from China?
  • Do these recipients usually get the same emails together?

The technology identifies patterns across an entire organization and gains a continuously evolving sense of ‘self’ as the organization grows and changes. It is this innate understanding of what is and isn’t ‘normal’ that allows AI to spot the truly ‘unknown unknowns’ instead of just ‘new variations of known bads.’

This type of analysis brings an additional advantage in that it is language and topic agnostic: because it focusses on anomaly detection rather than finding specific patterns that indicate threat, it is effective regardless of whether an organization typically communicates in English, Spanish, Japanese, or any other language.

By layering both of these approaches, you can understand the intention behind an email and understand whether that email belongs given the context of normal communication. And all of this is done without ever making an assumption or having the expectation that you’ve seen this threat before.

Years in the making

It’s well established now that the legacy approach to email security has failed – and this makes it easy to see why existing recommendation engines are being applied to the cyber security space. On first glance, these solutions may be appealing to a security team, but highly targeted, truly unique spear phishing emails easily skirt these systems. They can’t be relied on to stop email threats on the first encounter, as they have a dependency on known attacks with previously seen topics, domains, and payloads.

An effective, layered AI approach takes years of research and development. There is no single mathematical model to solve the problem of determining malicious emails from benign communication. A layered approach accepts that competing mathematical models each have their own strengths and weaknesses. It autonomously determines the relative weight these models should have and weighs them against one another to produce an overall ‘anomaly score’ given as a percentage, indicating exactly how unusual a particular email is in comparison to the organization’s wider email traffic flow.

It is time for email security to well and truly drop the assumption that you can look at threats of the past to predict tomorrow’s attacks. An effective AI cyber security system can identify abnormalities with no reliance on historical attacks, enabling it to catch truly unique novel emails on the first encounter – before they land in the inbox.

Former Director General Of MI5 Warns Of Rising Nation-State Cyber-Threat To The Private Sector

Posted in Commentary with tags on February 9, 2021 by itnerd

Darktrace recently hosted its first ever Cyber AI Forum, a virtual event which brought together global experts to discuss the evolution of cyber-threats and the role of AI in tackling these risks.  

Among the expert speakers was Lord Evans, former Director General of MI5. Evans provided a breakdown of the recent attack on SolarWinds, commenting: “You can detect, from the decisions that the attackers have been making, what their real concerns are, because there are thousands of companies infected by it, but only a handful have actually been subject to a full extraction of data.”  

This attack, explained Evans, signifies a new frontier in cyber warfare in which thousands of businesses are now “caught in the crosshairs” of state campaigns, and vulnerable to exploitation. He continued: “You may be wide open to this attack, even if it hasn’t happened to you yet.”   

On a later panel, experts discussed the role of AI in combatting this new era of sophisticated cyber-threats and the UK’s national stance. Former Home Secretary Amber Rudd said: “Government is never going to be ahead of the private sector. [It must] create the right policy structure so that the private sector can thrive and create solutions [to be] used by the private sector and government.”  

Autonomous Cyber AI solutions were at the fore of the discussion about the right technologies to adopt for resilience against cyber-threats. Nick Jennings CB FREng, Professor of Artificial Intelligence at Imperial College London, highlighted the importance of unsupervised machine learning, commenting: “It’s dealing with a novel, unusual, unpredicted attack where you need unsupervised learning – and if you haven’t got this capability in your system, you’re very much at the mercy of inventive folk who will always find new ways of attacking you.”  

Leon Shepherd, CIO of Ted Baker, commented: “Deploying AI [has] given us the ability to augment [our] security team. Having an AI automated response to an attack in place buys time for our human team to investigate further and work out what happened.” He continued: “When we talk about great security – AI is absolutely part of it. A combination of humans and AI is what works today for security.”  

On the future of the cyber-threat landscape, Dave Palmer, Chief Product Officer at Darktrace, said: “We’ll see amplification and improvement in terms of [the attackers’] tech capabilities – it will be a perpetual arms race with defenders as [our] tech gets better.”  

Darktrace is the world’s leading cyber AI company and the creator of Autonomous Response technology. It provides comprehensive, enterprise-wide cyber defense to over 4,500 organizations worldwide, protecting the cloud, email, IoT, traditional networks, endpoints and industrial systems.  

A self-learning technology, Darktrace AI autonomously detects, investigates and responds to advanced cyber-threats, including insider threat, remote working risks, ransomware, data loss and supply chain vulnerabilities.  The company has 1,500 employees and 44 office locations, with headquarters in Cambridge, UK and San Francisco. Every 3 seconds, Darktrace AI fights back against a cyber-threat, preventing it from causing damage. 

Darktrace Experiences Surge In Demand Driven By WFH & Wave Of Sophisticated Cyber-Attacks

Posted in Commentary with tags on February 2, 2021 by itnerd

Darktrace has today announced strong demand for its latest product release, Version 5 of its self-learning Darktrace Immune System, as customers tackle security challenges related to home working, and the new wave of sophisticated cyber-attacks.   

Requests to trial its award-winning Cyber AI technology in December 2020, when the security industry was rattled by the compromise of SolarWinds which made thousands of organizations vulnerable to infiltration, were up 40 per cent compared to December 2019. Darktrace’s customer base now numbers over 4,500 organizations, including Micron, Rolls-Royce and NHS trusts, and its headcount has recently risen to 1,500 employees.  

Darktrace is the world’s leading cyber AI company and the creator of Autonomous Response technology. It provides comprehensive, enterprise-wide cyber defense to over 4,000 organizations worldwide, protecting the cloudemail, IoT, traditional networks, endpoints and industrial systems.  

A self-learning technology, Darktrace AI autonomously detects, investigates and responds to advanced cyber-threats, including insider threat, remote working risks, ransomware, data loss and supply chain vulnerabilities.  

The company has 1,300 employees and 44 office locations, with headquarters in Cambridge, UK and San Francisco. Every 3 seconds, Darktrace AI fights back against a cyber-threat, preventing it from causing damage.