Darktrace co-founder Poppy Gustafsson recently predicted, at TechCrunch Disrupt London, that malicious actors will increasingly use artificial intelligence to create more sophisticated spearphishing attacks.
Criminals are just as capable of using artificial intelligence as those trying to thwart them, according to security vendor ESET‘s 2017 trends report, with “next-gen” security marketers throwing around the buzzwords “machine learning,” “behavioral analysis” and more. That’s making it more difficult for potential customers to sift through all the hype.
It predicts the rise of “jackware” or Internet-of-Things ransomware, such as locking the software in cars until a ransom is paid.
Darktrace has noted IoT security problems in some unexpected places:
UK-based security vendor Darktrace takes the view that determined hackers will get into your network, so a perimeter-based strategy won’t work. Instead, it’s focused on detecting and mitigating attacks in their earliest stages. It calls its detection piece the Enterprise Immune System, modeled after the human body’s defenses. Using unsupervised machine learning — it doesn’t look for signatures or known examples of malware — without knowing what to look for, it develops a pattern of “normal” for the network, then looks for anomalies.
“My body is like a network — it’s different from yours, it’s constantly changing,” explained Justin Fier, director of cyber intelligence and analysis at Darktrace. “We’re not just looking for malicious actions, we’re looking for anomalies. Anomalies can turn into malicious activity, but it can also be a configuration error or an employee that’s gone rogue. We don’t want to just focus on the malicious arena because there are a lot of other things that can be very bad without it being malware.”
He likens the Enterprise Immune System to the body’s, able to detect subtle changes, such as elevated temperature that could signal the flu.
“If you look at network activity, it’s really just a big data set. The real problem is how do I manipulate and read that data in an efficient manner? That’s where unsupervised machine learning comes in. It’s all about looking at that data, which also is changing every second. It looks for trends; it can cluster and find what objects are acting like others and find obvious deviations and often very subtle deviations,” he said.
“We’re looking at how a device is talking to other internal devices, how it’s talking to the outside world,” Fier added. “Is it acting in a way that it doesn’t normally act based on its pattern of life? Then we’ll say, ‘Show me all the devices that are similar to this device.’ Is it acting in a way that’s anomalous to those?”
Darktrace was founded in 2013, in a collaboration between British intelligence agencies and Cambridge University mathematicians. Its backers include Autonomy founder Mike Lynch. It has raised 104.5 million, including a $64 million Series C in July.