Darktrace: Can Artificial Intelligence lead the fight against Cyber Crime?
Rapidly increasing frequency of cyber crime
In 2017, more than 4000 daily ransomware attacks were recorded in the United States, up from a daily average of 1000 in 2015. According to a survey of 254 companies in 7 countries, an increase in the number of cyber security breaches in 2017 led to an average cost for companies of $11.7 million, an increase of 22.7% from the prior year [1]. Global damages from cyber crime were estimated to total $5 billion in 2017 and expected to rise to $6 trillion by 2021 [2]. Increasing the speed at which a cyber security threat can be identified and contained is expected to significantly reduce the associated costs [1].
Exhibit 1: The Cost of a Data Breach (Source: https://www.ft.com/content/56dae748-af79-11e7-8076-0a4bdda92ca2)
Darktrace and the Fight Against Cyber Crime
Enterprise Immune System at Darktrace: The increase in cyber crime has led to an increase in cyber defense strategies, including the use of Artificial Intelligence (AI) to create a rapid response to threats. Founded in 2013 by mathematicians at the University of Cambridge and currently owned by investors including KKR, Summit Partners and Samsung Ventures, cyber security company Darktrace’s Enterprise Immune System uses advanced machine learning technology and AI algorithms to detect cyber security threats in real time, so that threats can be removed even before the occurrence of a breach.
Instead of relying on historical data for predicting future threats, the Enterprise Immune System emulates the human immune system by iteratively adapting to new cyber threats. The technology “learns a unique ‘pattern of life’ (‘self’) for every device and user on a network and correlates these insights in order to spot emerging threats that would otherwise go unnoticed” [2]. The technology does not need prior knowledge of a threat to categorize it as a potential risk.
Darktrace provides services to clients across a variety of industry verticals (financial services, manufacturing and supply, energy and utilities, government and defense, healthcare and pharma, education, legal and HR, transportation, retail and e-commerce, media and entertainment, technology and telecoms, and non-profit) and is valued at $1.65 billion as of October 2018 [5]. Clients in the UK include the National Health Service, Gatwick Airport and Drax [5].
Exhibit 2: The rise and rise of Darktrace (Source: https://www.ft.com/content/2fa5bade-cb09-11e8-9fe5-24ad351828ab)
In order to continue to play a crucial role in the fight against cyber crime, Darktrace has created new products that have a wide range of applications. For example, Darktrace Industrial was launched to provide real time cyber threat detection for both operational technology (OT) and informational technology (IT) environments. Similarly, Darktrace Cloud and Darktrace SaaS were launched to extend the use of AI for cyber security to the cloud and SaaS application spaces respectively and are compatible with all leading cloud providers and SaaS applications.
Darktrace has remained relevant by creating new products that prepare its clients well to respond against cyber crime. For example, Darktrace Antigena was launched in 2017 (with a version 2 launched in September 2018) to tackle in-progress threats and instantly detected and interrupted the “WannaCry” attack. WannaCry was a global cyber attack that affected 150 countries in May 2017 [6] [7].
The Path Forward
False Positives and Increased Competition: Despite booming valuations, cyber security researchers have criticized Darktrace for being expensive, for generating excess noise from false positives (i.e., incorrectly suggesting that a threat is present where it might not be), and for being difficult to understand and implement in companies with smaller IT departments [5]. Additionally, recent increases in the number of breaches have led to the creation of several cyber security AI businesses that are creating technologies that may be incompatible with one another. Darktrace can help mitigate some of these problems by creating open-source software and iteratively tweaking its products to eliminate noise from false positives [5].
Risk of a Cyber Arms Race: According to Nicole Eagan, CEO of Darktrace, the availability of Artificial Intelligence to hackers leads to the possibility of an “all-out arms race”, a battle of “mathematical algorithms against mathematical algorithms” [4]. Although the current number of attacks that use AI is small, the number could increase significantly as hackers build up technical expertise. Should regulatory bodies actively work to create policy mechanisms that limit the potential misuse of Artificial Intelligence in cyber-space?
Wordcount: 713 words
[1] Hannah Kuchler, “Cost of cyber crime rises rapidly as attacks increase”, Financial Times, November 8, 2017, https://www.ft.com/content/56dae748-af79-11e7-8076-0a4bdda92ca2
[2] D Pienta, J Thatcher, H Sun, J George, “Information Systems Betrayal: When Cybersecurity Systems Shift from Agents of Protection to Agents of Harm”, Information Systems, April 16, 2018, https://aisel.aisnet.org/pacis2018/175/
[3] “The Enterprise Immune System”, on Darktrace website, retrieved November 11, 2018, https://www.darktrace.com/en/technology/
[4] H Vieira, “Nicole Eagan:”Cybersecurity is very fast becoming an all-out arms race””, LSE Business Review, May 13, 2017, http://blogs.lse.ac.uk/businessreview/2017/05/13/nicole-eagan-cybersecurity-is-very-fast-becoming-an-all-out-arms-race/
[5] Aliya Ram, “Inside Darktrace, the UK’s $1.65bn cyber security start-up”, Financial Times, October 10, 2018, https://www.ft.com/content/2fa5bade-cb09-11e8-9fe5-24ad351828ab
[6] Maija Palmer, “Cyber security: Darktrace’s AI system acts fast against attacks on networks”, Financial Times, April 20, 2018, https://www.ft.com/content/f80a931e-39d7-11e8-8eee-e06bde01c544
[7] Andrew Tsonchev, “WannaCry: Darktrace’s response to the global ransomware campaign”, Darktrace Blog, May 17, 2017, https://www.darktrace.com/en/blog/wanna-cry-darktraces-response-to-the-global-ransomware-campaign/
This application of machine learning is really interesting, and it is not something I had previously considered. Thinking about the ramifications that you have outlined I definitely believe that government regulation or monitoring is required to avoid future AI abuses. This is especially the case as large companies, independent actors, or even other countries benefit from the theft of private data or intellectual property. Small businesses may be left particularly vulnerable if government doesn’t create a framework for AI usage as the Darktrace software is very expensive.
My biggest concern is that this system may not be able to stop the biggest threat enterprises face: their employees. An algorithm might be able to be trained to detect a virus spreading but it may not be smart enough to prevent Joe in accounting from accidentally providing classified information to a spoofed email account.
Cybersecurity is already an absolutely essential part of any business. Using Artificial Intelligence as a solution seems viable in so much that it can augment a more complete security plan that would include effective training for employees as mentioned in the comment above. However, contrary to that same comment I think regulators would only make the problem worse if they attempted to create a policy that restricted AI usage. Many of the cyber threats are originated from outside the US and can include state actors. Thus state policy would do little to prevent international crime. The arms race will happen regardless and the “good guys” should seek to win it at all costs by creating effective AI-powered cybersecurity solutions.