Security in Action
Daniel Bardsley examines how cybersecurity firm Darktrace is applying the latest artificial intelligence technologies to detect and combat cyber threats.
With its old colleges and picturesque river, where tourists like to take relaxed boat trips, England’s ancient university city of Cambridge exudes tradition. But while Cambridge has the second oldest university in the English-speaking world – it was founded 800 years ago – the city is anything but stuck in the past. It has become a key centre for hi-tech start-up businesses, giving rise to the name “Silicon Fen”, the fens being the flat, often bleak landscape near to the city. While there have been plenty of success stories, few Cambridge companies have done better than Darktrace, an artificial intelligence centred cybersecurity company.
The company was founded in 2013 through a tie-up between ex-intelligence officials and Cambridge mathematicians, and the research-and development headquarters are now located in a state-of-the-art building in one of Cambridge’s numerous new business parks. It is here that the experts craft the technology that has allowed Darktrace to secure thousands of contracts across the world, helping the company’s value rocket above $1 billion. “The growth has been absolutely phenomenal. We’re now 700 employees in five years,” says Emily Orton, Darktrace’s Cambridge-educated chief marketing officer and one of the company’s co-founders.
The statistics tell the dramatic story: sales in the second half of 2016 and first half of 2017 totalled about GBP 30.8 million ($40.1 million), up about 80 percent on the previous year, while the company is now valued at about $1.25 billion. The company’s total contract value is around $500 million and while Europe and the United States are the key markets, among its clients is the UAE-based Tristar, a Jebel Ali-headquartered liquid logistics company with operations in 18 countries.
Instead of focusing on firewalls, what marks out Darktrace is its use of artificial intelligence (AI) to identify and neutralise threats once they’ve entered a network. “This AI is at the core of the technology. You have to distinguish between the hype and meaningful applications,” says Orton, who is based at Darktrace’s central London offices. “The prevailing approach was a firewall and perimeter to keep the bad guys out. That was no longer a model that was working. There’s so many ways you can get into the network – through the front door or the back door. There are so many potential vulnerabilities and there’s a range of criminal networks. You can buy hacking tools from the internet for $20.”
Drawing parallels with the immune system, the company calls its system Enterprise Immune Technology. It monitors the activity of an institution’s network to build up a picture of what is normal, so that deviations can be identified and neutralised. False positives – mistakenly identifying normal activity as suspicious – do happen, but despite the potential downsides, many blue-chip companies have put their faith in the method.
The technology has been developed to the extent that it can now deal with intrusions without human input, something that, according to Orton, was critical because ransomware, for example, might take just a matter of seconds to bring a network down. “Increasingly it’s a battle unfolding at computer speed,” she explains.
Darktrace now boasts thousands of clients worldwide, about 90 percent of them in the private sector. Reports have highlighted some offbeat wins that Darktrace’s technology has achieved at these diverse clients: a US tech firm told media that it had identified a Russian hack in its systems, while another notable success was highlighting ransomware that could have caused the venerable Church of England to fall victim. Among the public sector customers are parts of Britain’s National Health Service that signed up after the organisation was badly hit by the WannaCry ransomware attack of May 2017.
Darktrace in the Middle East
The company opened an office in Dubai in 2017 and is growing operations in the region. Recently it was announced that the Jebel Ali-based liquid logistics company Tristar is using Darktrace as it deploys more Internet of Things (IoT) technology.
Europe, Middle East and Africa (EMEA) accounts for about 40 percent of turnover, with most of this in the United Kingdom, while another 40 percent of business is done in the United States. The rest is taken up by the Asia-Pacific region. “We’ve been operating in the Middle East for the past 18 months. We have a team of seven people,” says Emily Orton, Darktrace’s chief marketing officer. This number is roughly double the staff count of a year ago and annual sales growth in the region is about 50 percent.
“There’s clearly a lot of interest in protecting critical infrastructure,” explains Orton, adding that oil and gas, manufacturing and transport were key sectors. “These organisations have industrial networks – the networks that run the power grids or public transportation systems. Protecting industrial control systems is a massive priority for their governments. This is definitely important in the Middle East.” In late 2017, the company launched Darktrace Industrial, a business unit focused on using AI to combat threats to infrastructure and industry. “We’re talking about systems that could be 50 years old and they’ve been retrospectively connected to the internet, so they’re vulnerable,” says Orton. Orton says Darktrace “works across all industry verticals, from media to law to non-profit”, but she highlighted financial services as another key sector in the Middle East. “There’s a lot of concern around a systematic cyber-attack against trading platforms or the banking sector,” she says.
Read full interview (pg. 24-26) here: https://www.tahawultech.com/magazine/securityadvisorme-september-2018/