The Enterprise Immune System: Using Machine Learning to Detect ‘Unknown Unknown’ Threats

Chris Martin Senior Business Manager

Company Background

• Founded in 2013 in Cambridge, UK

• Started by mathematicians and government intelligence specialists

• Technology based on machine learning & mathematics

• HQs in Cambridge, UK & San Francisco

• Over 750 deployments worldwide

• 18 global locations

• Winner of ‘Security Company of the Year’ at Info Security Global Excellence Awards 2015

• Winner of ‘Best Insider Threat Detection and Solutions’ at Network Products Guide IT World Awards

• Gartner ‘Cool Vendor’ 2015

• World Economic Forum ‘Technology Pioneer’ 2015

“Darktrace is a game-changer” Virgin Trains

Enterprise Immune System

Unsupervised machine learningDevelops mathematical models of normal behavior

Inside-out viewComplete analysis and visibility of 100% network traffic

Correlation & behavioral analysisFor every individual user, device and network

Real time & long-runningAnalyzes events over long periods of time, with playback capability

Visualization and investigationAuto-classification of threats, supporting workflow and collaboration

Machine Learning & Mathematics

• Advanced Bayesian mathematics pioneered at Cambridge University

• Recursive Bayesian Estimation detects subtle changes within data series in real time and adaptively iterates its models

• Numerous approaches used to classify the probability of an action based on previous and emerging behaviors

• No ‘a priori’ assumptions about good or bad – mathematical models are unique to your organization

• Distribution is built from a complex set of low-level host, network and traffic observations or ‘features’

Darktrace in your Security Stack

Case Study: BT

Industry• Telecommunications

Challenge

• Huge dataset with confidential customer information• Distributed, global workforce• Protect against constantly-evolving and insider threat

Benefits• Able to stay ahead of ever-changing threats• Threat Visualizer provides 100% network visibility • Increased efficiency due to threat classification • Able to carry out in-depth investigations into real-time

incidents

“Darktrace’s machine learning and mathematics are extremely powerful in detecting activity that is abnormal and will be critical to our future cyber security offerings.”Mark Hughes, PresidentBT Security

Darktrace Antigena

Darktrace Antigena

Works like digital antibodies -  produced by the immune system to inoculate against threats

Gets to the threat faster, as it unfolds

Allows networks to self–defend

Automatically takes thoughtful, measured actions, in response to the threat detected by Darktrace 

Applicable to all Darktrace customers

To date, Darktrace has detected threats and given customers the ability to investigate and mitigate those risks. Today, we are living through a new era of threats, including fast, machine-on-machine attacks. The reality is that – a security team, no matter how big, is never going to be fast enough, every time. 

Conclusion

• The threat is inside

• Rules & signatures are not enough

• Enterprise Immune System is unique

– Powered by machine learning and mathematics

– Understands ‘normal’ and detects emerging insider and external threats

– No rules or signatures

– Installs in 1 hour

• Antigena

– Automatically self-defends against a full range of potential threats

Q&A