WHY THIS MATTERS IN BRIEF
- AI’s are increasingly being deployed to expose and eliminate cyber security threats and now fully autonomous cyber security platforms, that take humans out of the loop, are becoming a reality
With the number of cyber attacks rising exponentially and with many organisations now reporting hundreds of thousands of attacks an hour, or more, it’s no secret that human cyber security analysts are struggling to keep up with the pace, and variety of attacks. Consequently it’s little wonder that vendors are turning to artificial intelligence (AI), such as the Robo-Hackers that took part in DARPA Capture the Flag Challenge, to automate as much of the process as possible – from identification to remediation.
A few years ago Darktrace, a cyber security company founded by a team of mathematicians and machine learning specialists from the GCHQ, MI5, and University of Cambridge, broke cover and announced its revolutionary new approach to identifying and countering zero day and other hard to find cyber attacks. Maths and artificial intelligence (AI). A truly deadly combo.
What made the company unique though, and one of the reasons why it’s now one of the darlings of the cyber security industry with more Fortune customers on its books than you can shake a stick at, was its approach – they created what they call an “Enterprise immune system,” fashioned after the human immune system. Think of how the human body is able to identify, respond to and eliminate bacteria and diseases it’s never encountered before, and now apply that same concept to cyber attacks, and you’ve got the basic concept.
Now, Darktrace has unleashed a new weapon in its cyber security arsenal, a product called Antigena that generates the equivalent of “Digital antibodies,” small snippets of antibody like code which permeate an enterprise organisations network looking for threats that can identify in progress attacks and either counter them, automatically, and create self-defending networks, or slow them down enough to let human security analysts get a handle on them.
While Antigena is still pre general release it already seems to have at least one guaranteed customer after it automatically identified and stopped a Brexit themed data protection threat. Think Snowden on a miniature scale, anglicise him, and you get the idea.
One company that trialled the system was recently alerted to an insider threat, and while it was a mundane “attack” it’s also one of the most common and one of the hardest attacks to identify and stop. In their case a previously exemplary employee had reacted angrily to his company’s strategy for dealing with Brexit and had dug out confidential documents with the intention of leaking them, but Antigena spotted the move and terminated it.
“It’s an interesting example, not because of Brexit, but because this staffer never leaked anything in the past and he had a perfect track record,” said Dave Palmer, DarkTrace’s Director of Technology, “this made such a threat hard for human analysts to spot and counter, but [our system] blocked the documents from leaving the organisation.”
“Antigena is all about making smart or autonomous decisions and actions to stop the unexpected from happening so we can buy security teams time to respond,” said Palmer, “the system has your back on things that you weren’t expecting to happen.”
For its part Antigena also, genuinely, appears to be learning, and Palmer rather strangely suggests that customers don’t even look at it for the first week, saying that it accumulates most of its crime fighting intel during the first month, peaking at a year of learning on a system.
Some attacks though are easier to spot than others and it requires subtlety to notice a carefully crafted insider attack, while a ransomware attack, on the other hand “looks like a “bomb going off in the environment.” But just noticing an attack isn’t enough because in the majority of cases by the time they’ve been identified it’s already too late to stop them and it just becomes a damage limitation exercise – that’s where Antigena steps in to neutralize threats automatically.
While the new system is still going through trials it’s one of the first examples of a commercially available AI that’s been designed from the ground up to automate the entire cyber security “kill chain,” everything from initial identification all the way through to remediation. And, where practical, it’s designed to automate security and take human analysts out of the loop.
However, as organisations toy around with unhackable code and as next generation cyber security organisations, such as the ones who entered last year’s DARPA Cyber Grand Challenge, where twelve of the world’s best robo-hackers were pitted against each other, play cyber war games trying to hack each other while at the same time trying to identify and fix vulnerabilities in their own systems, one of which is now tackling botnets, it won’t be long before we begin trusting AI with defending our organisations crown jewels. Automatically.