Imagine the consequences if tomorrow 10% of the UK’s power supply were to disappear in an instance. That could happen if Drax Power Station, the largest power supplier in the UK, was hacked in an attack that paralyzed the station’s IT system. Drax is facing a common challenge in any digitalized organization today: The number of cyber attacks is increasing while there is a shortage of skilled cyber security experts capable of stopping such attacks. Drax found their solution in cyber security vendor Darktrace that seeks to address their issue through unsupervised machine learning.
As our society is digitized we are achieving magnificent benefits both in terms of productivity and convenience, but investments in digitalization have not been matched by investment in cyber security. Estimated spend on IT of 3.7T in 2018 dwarfs the estimated 114B spent on cyber security1. It is estimated that cyber security attacks will cost $400 billion each year as a consequence of several billion breached data sets with an average time of ~100 days to discover covered attacks2. Increasing threat of cyber security attacks is expected to drive demand for cyber security professionals 12x faster than the total job market, leading to an estimated expected shortage of 1.5m cyber security professionals by 20203.
The increasing skills gap and growing threat level is why using machine learning is so important to the Darktrace product development. The company’s Cyber AI platform is built on unsupervised machine learning, performing billions of probability-based calculations to teach itself what network traffic in an organization’s IT infrastructure is normal and what traffic should be flagged as a threat5. The company compares their technology to the human immune system, able to identify a virus and start fighting back in real time without having previous experience. In the short term, the Darktrace management team believes their technology can be used by any organization to flag potential threats in real time without much human interaction. In the medium term, the management team envisions that cyber criminals will increasingly deploy machine learning in their attack strategies. Darktrace therefore believes using machine learning is the only way to defend against these types of cyber attacks in the future, as humans will simply not be able to keep up with the pace of machines5.
While the Darktrace approach to cyber security defense has shown early promise and been highly successful against recent ransomware attacks such as WannaCry, the approach using machine learning does have it’s drawbacks. The largest issue Darktrace faces is to educate users. Customers that have not implemented the technology correctly have reported that it produces too many false negatives, leading IT teams to ignore the generated threat alerts. Other customers might be unable to attract the required skills to analyze threat information generated by the technology6. Meanwhile, Darktrace senior management seem set on not providing much help to their customers, proclaiming that they are “not a consulting firm” and only provides limited support services to customers6.
In order to better address the cyber security threat and skills gap in the near term, I recommend the Darktrace management team focus on building a services organization to support customers with implementation and provide “expertise as service” on a subscription basis. These services could be built faster if Darktrace partner with IT services organizations to provide external parties that can handle first and second line support to customers as the cyber security services industry shifts to rely more heavily on outsourced service providers7. In medium term, I would recommend the management team address the user friendliness of the product they are selling. If Darktrace is able to simplify the user interface and installation of the product it would greatly increase the value proposition of the product to customers struggling to attract skilled cyber security professionals.
Cyber security will likely be one of the most challenging issues of our time, but with a growing skills gap how can the challenge be solved? Darktrace and their approach using unsupervised machine learning in cyber security product development is likely a large step in the right direction, helping organizations leverage their IT employees and resources more efficiently through automated identification cyber security threats. However, the Darktrace technology will need to support from human judgment in the short-term and will only bridge the skills gap in the medium term if it can be translated into a user friendly platform. If Darktrace can do both of these effectively in the short and medium term, their approach to cyber security might be what enables us to protect our infrastructure from an ever-increasing sophistication from cyber criminals employing machine learning in their attacks. However, if we increasingly rely on unsupervised machine learning to protect our infrastructure, can we live with increasingly not understanding how cyber security technology works to protects us from cyber attacks? (799 words)
1Gartner Global IT spend, Gartner, Inc., accessed November 2018.
2 McKinsey, “Digital and Risk: A new Posture for Cyber Security in a Networked World, March 2018, https://www.mckinsey.com/de/~/media/mckinsey/locations/europe%20and%20middle%20east/deutschland/publikationen/2018%20compendium/a%20new%20posture%20for%20cybersecurity%20in%20a%20networked%20world/kompendium_03_cyberrisk-2.ashx, accessed November 2018.
3 Rebecca Vogel, “Closing the cyber security skills gap” Salus Journal, volume 4 issue 2, (2016): 3, via Google Scholar, accessed November 2018.
4 Cathrine Clifford, “How billion dollar start-up Darktrace is fighting cybercrime with AI” CNBC, Augsut 7, 2018, [https://www.cnbc.com/2018/08/07/billion-dollar-start-up-darktrace-is-fighting-cybercrime-with-ai.html], accessed November 2018.
5 Darktrace, “Technology” https://www.darktrace.com/en/technology/#machine-learning, accessed November 2018.
6 Ally Ram, “Inside Darktrace, the UK’s $1.65bn cyber security start-up” Financial Times, October 9, 2018, [https://www.ft.com/content/2fa5bade-cb09-11e8-9fe5-24ad351828ab, accessed November 2018.
7 Guide for Managed Detection and Response Services, Gartner, Inc., accessed November 2018.