Darktrace: You can't stop compromise, in fact you're probably compromised right now

Security firm outlines why traditional security techniques no longer work, with both networks and hacking techniques evolving so rapdily that security teams can't keep up

You can't stop your organisation being compromised by security threats, and in fact your network is probably already compromised.

That's the view of Simon Wilson, account manager at Darktrace, giving a talk at Computing's CyberSecurity Strategy Briefing for the financial sector, titled Self-Learning, Self-Defending Networks: Identifying Early-Stage Threats with an Enterprise Immune System.

Wilson said that his firm has seen a change in the way in which networks are attacked, and the security concerns of its customers.

"Attacks are moving quickly, and becoming more advanced," said Wilson. "You read in the papers about massive hacks, but we're more concerned about the ones you don't read about. That could be because the organisation wants to keep quiet about it, or even worse, that they don't know it's going on."

He added that networks are also changing, with many organisations now consuming cloud services, there is no longer a defined perimeter. And it's not just cloud providers, but other partners including outsourcers, logisitics providers and many other kinds of suppliers, all of whom could have some form of network access, and may not be accredited to the standards its customers would like.

"Our approach is that traditional defences can't protect you as adequately as they did previously," explained Wilson. "Anti-virus is still needed, but it's updated with new signatures within a day or two if you're lucky. You can put firewalls in, but realistically they don't work; they can't provide one hundred per cent protection.
"You can't stop compromise, in fact you're probably compromised right now," he added.

He went on to describe Darktrace's strategy, which takes its inspiration from the human immune system. Comparing traditional defences to the skin, which protects the body against most forms of attack, he described his firm's tool as the immune system.

"The immune system knows what's the self, it knows what is and isn't you," Wilson said.

Darktrace, once installed, analyses normal traffic and behaviour, and builds a detailed picture of what it considers to be standard. Then it can detect subtle behavioural changes in real-time, claimed Wilson.

"Our approach is underpinned by unsupervised machine learning and AI," he said. "Every network I've seen is a beautiful snowflake, they all have different access points, applications, devices connected and so on. We can come in to any kind of network, and start providing value straightaway."

He gave the example of one client who had a fingerprint scanner controlling access to a secure room in which analysts had access to extremely sensitive information.

"In this case a hacker gained access to the fingerprint scanner, which was the primary point of defence into the secure zone. The scanner was open to internet, and as a non-traditional tool, it wasn't something you could load AV onto. The hacker accessed it, not just to view the records that were hosted there, but to alter and delete records, and add their own.

"With Darktrace installed the client identified that the device was making an unusual number of connections to an external domain. We saw very small quanities of data going in and out, but it was enough to flag up as unusual."