In 2013, a group of mathematicians and intelligence experts from the UK got together in Cambridge and envisioned a new way of dealing with the quickly rising and changing cybersecurity threats. They included Alan Wade, former CIO of the CIA and Lord Evans of Weardale KCB, former head of the British internal intelligence service MI5. These individuals went on to create a company called Darktrace which is headquartered in Cambridge and San Francisco. A large portion of the board came from HP autonomy.
Darktrace is a company that uses artificial intelligence to detect and combat cyber security threats. Their most interesting suite of products are the Enterprise and Industrial Immune Systems. They are aptly named, as just like the immune system in living organisms, they recognize threats by identifying “outlier” behaviors. To do this, the system learns normal behavioral patterns over varied metrics. When it notices significant deviation from the regular behavior, it flags the threat and responds to it. Since it is a continuously learning system, it adjusts the definition of outlier behaviors based on the changing system usage trend. The industrial variant does the same for cyber-physical systems and is hence able to detect and respond to potential industrial accidents before they happen.
What really sets Darktrace apart is the fact that it does not need periodic threat signature updates unlike most other cyber security systems. Rather than learning to identify abnormal behavior, it learns to identify normal behavior. Hence the lack of need for downloading signatures. It classifies anything outside normal behavior as a potential threat and lets system operators decide on how to respond to it. This makes it capable of addressing a wider array of threats. This also enables it to address novel threats before they can cause quantifiable damage. The system relies on no prior knowledge of threats as it does not look for threats in a conventional manner.
The other part of their suite of services is the response which is called Antigena. Antigena is the first ever Autonomous Response system that handles threats detected by the Enterprise Immune System. It does so by slowing down or stopping any services or network connections that have been displaying behavior outside of what is classified as “normal”. Their users are especially happy with the proactive nature of the platform and how little it requires in the way of human intervention. The main form of human intervention required by Darktrace’s platform is in the “Threat Visualizer” which allows the system administrators to look at all the threats to the system and describes the normal behavior in the network. When the WannaCry ransomware wreaked havoc across the world, Darktrace clients were protected from massive damages as its behavior fell outside the pre-determined “normal” assessed by the Immune System.
In 2019, Darktrace introduced the Cyber AI analyst which not only assisted in detection and response to threats but also their investigation and reporting which would earlier have consumed too many valuable man hours. It can correlate multiple seemingly dissociated security events to a single incident and help teams reduce triage time by over 90%.
This adaptability and scalability and scalability of their offering is what will help them capture value and the rapid growth in cyber threats is what will create value for them. They are fairly unique as the majority of their value is created from without and not within. But that value creation is guaranteed as it is a byproduct of other entities’, government or private, necessary value creation. They can expand their value capture over time by collecting more training data and adding more capabilities to capture more value in the cyber security space.
An interesting article on the future of cyber security can be found here: Darktrace CEO: the Future of Cybersecurity is A.I. vs. A.I. | Fortune
The work done by the folks at Darktrace could very well go to define the future of cyber security. This is because conventional cybersecurity methods just cannot handle the scale and diversity of the upcoming cyber threats. Their need to be supervised in their detection and response makes them near impossible to scale. The unsupervised learning provided by Darktrace and companies like it, which are bound to pop up, makes it possible for a system to recognize a threat by itself and respond to it. This is backed by the fact that Darktrace now has over 4,700 clients and currently employees over 1,500 people across the world.
The company seems to have great faith in the value they bring to the market as they have recently filed for an IPO on the London Stock Exchange. It remains to see what the free market values the company at considering how specialized their offering is.