Stop, Disrupt: Winning Combo Against CyberthreatsBy Andrea Villar | Mon, 08/09/2021 - 05:00
Q: Darktrace was the first company to apply AI in cybersecurity. What does this mean when preventing and reacting to a cyberattack?
A: We have found that the key to implementing cybersecurity at a more rapid pace is to incorporate the right security tools into your organization’s security toolbox, in this case – autonomous, self-learning AI. This AI approach provides an understanding of normal business operations and detects and alerts security teams when there is a deviation from normal. This strategy can allow companies to detect even the most difficult, never-before-seen attacks, however, they might emerge.
Although attackers often take different approaches, Darktrace can quickly detect, alert, investigate, and respond to attacks. Our strategy is very different from others in the market that rely on traditional or legacy approaches to cybersecurity. We are very external-looking, threat-actor-centric, and perimeter-driven. If there is a breach of any type, other players would be playing catch-up. By building a self-defending, self-learning, and resilient organism, we ensure that business operations continue with minimal disruption in the event of a breach. This means that attackers do not get to halt essential business operations, encrypt files, steal intellectual property, or manipulate data on our watch.
Q: What is the difference between cyber-AI and threat hunting when it comes to preventing attacks?
A: Threat hunting is the act of actively looking for suspicious behavior or investigating an incident. It is enhanced by AI. For example, when a company gets an alert, its security team has to start a threat investigation or hunt. The traditional approach would look at logs and signatures to get the big picture or connect the dots of the security event, but AI can assist the human team through the Cyber AI Analyst. The Cyber AI Analyst is a supervised AI and machine-learning approach created after watching our own Darktrace analysts for about four years. The system autonomously triages every incident and alert behind the scenes and then packages this information into a concise and powerful report for the human team. Once the human team is augmented by the Cyber AI Analyst, it has a better starting point to act, rather than waste time on an initial incident report.
The system does not replace the human element; it augments the human team. Security teams augmented by AI will outperform and replace those relying on the traditional approach. Threats are coming fast and scaling up; security is no longer a problem that can be exclusively solved by humans.
Q: As more security providers incorporate AI into their solutions, what will continue to set Darktrace apart in the market?
A: Since our founding in 2013, we have expanded and deepened our understanding of AI, and our lab resources focus on AI and machine learning. Our solution is evergreen because it is self-learning, self-optimizing, and self-defending. In terms of capability differentiators, augmenting the human team is a game-changer. Many of the applications we see in the market focus on threat prediction rather than on alerting human teams and augmenting their capabilities. Threat prediction is very difficult. Applying AI can provide some insights, but this cannot be its core application.
All our knowledge and understanding are applied to self-defense, meaning the ability to not only alert the security team but also to eliminate the attack as it occurs and to disrupt the attacker. Darktrace has been doing just this for our customers over the past eight years, and that makes our product unparalleled.
Q: In early June, the US Department of Justice said it was giving ransomware hacks similar priority as terrorism. What does this mean for cybersecurity companies and their customers?
A: Treating ransomware attacks the same as terrorist attacks show the elevated risk these attacks pose to national security, the economy, society, and democracy. Cyber-criminals are receiving that label because of the level of disruption they can cause to governments and businesses. Those in the cybersecurity industry have seen that these actors are problematic and disruptive. Those outside of the industry are starting to understand the danger. Some of that understanding has come from society’s increased dependency on digital and cyber tools.
The US government is trying to implement regulations without getting in the way of business operations. There is certainly room for more regulation, especially when it comes to reporting and acknowledging breaches. The standards regarding how companies should be protecting themselves could also be improved - higher standards defend companies from a variety of cyber threats and prevent ransomware attacks.
Q: How do you expect the cybersecurity landscape to behave at the end of this year?
A: Attackers are not going to slow down. As attacks increase, the public discussion of cybersecurity will change. Companies are now doing deeper assessments of their stances. CISOs and CIOs are now getting more phone calls from CEOs and boards of directors asking that they become more involved in business decisions that touch on cybersecurity and compliance.
Attackers, however, have had a great deal of success, and the return on investment on ransomware attacks remains high. Although pressure is growing, we will continue to see these threats expand and adapt. Anyone who has not reevaluated or thought through their cybersecurity stance in the last year should do so now. Organizations need to take an honest look at their vulnerabilities and risks before the damage is done.
Darktrace, founded in 2013, is an autonomous cyber-defense platform. Its AI technology detects, investigates and responds to cyberthreats in real time.