'We stopped WannaCry outbreak within two seconds,' says Darktrace's John Dyer

Intelligent network monitoring can't do much to prevent fast-propagating security threats unless the tool can also block them, says Dyer

WannaCry was stopped in its tracks within two seconds of penetrating corporate networks and shut down by organisations running ‘autonomous response' features in Darktrace's software, according to the company's senior account director John Dyer.

But a manufacturing organisation running Darktrace's security software succumbed to NotPetya because they hadn't yet turned on the autonomous response features.

The problem with monitoring software, added Dyer, isn't that it does not pick up nefarious activity, but that security staff often lack the tools to highlight the genuine and pressing threats among the plethora of other alerts they are receiving every day - hence the need for more proactive security software.

Dyer was speaking at this week's Computing Cloud and Infrastructure Live! event in London.

"People get ‘dashboard fatigue' and can be alerted to far too many things," said Dyer, adding that the tools need to provide "prioritisation based on maths and machine learning" that can provide "a high degree of confidence that something out-of-the-ordinary is happening on the network without any prejudgement about what's ‘good' and what's ‘bad'".

He continued: "It's critical to be able to spot new and subtle indicators of threats and to be able to stop them before they can escalate into a crisis.

"Autonomous response is about using machine learning not just to be able to detect unusual and threatening activity on a network, wherever that is, but it's about using that to be able to immediately respond and stop it, and to do it with precision - stopping it within seconds."

Furthermore, he added, it's not about shutting down systems, but only the threat so that users can continue working. "It's all about minimising the impact of any potential threat."

The software works on several levels, he added, plugging into routers, switches and firewalls to prevent a device spreading infection, encrypting data or exfiltrating data that it shouldn't. "It's crucial that those actions are specific and targeted."

And the software, he added, can also be deployed on cloud systems, like AWS and Azure, as well as software-as-a-service apps.