This Company Says Its Technology Could Have Detected Snowden’s Intrusions

Government servants are hardly the best paid employees in the world, even if they are spies. But the older ones do have pensions of the sort most young people could never imagine. So why would a 30-year veteran of Britain’s secret service, with a “gold-plated” pension to look forward to, leave his position as deputy director for cyber defense operations at GCHQ (The Government Communications Headquarters, Britain’s equivalent to the US’s National Security Agency) for a start-up with no history and no security?

According to 50-year-old Andy France, as of today the CEO of Darktrace, it’s because when he first saw his company’s technology he was convinced it was “like the invention of radar for cybersecurity.” France says that unlike conventional information security measures, Darktrace does not aim to protect your computer from threats. This is a quixotic goal. Instead, Darktrace looks for unusual activity on a network, whether that is manifested as flows of data that wouldn’t normally move around, individual machines acting in uncharacteristic ways, or users attempting to access parts of the network they have no business looking at. Moreover, the system includes a “honey pot,” which if accessed by anyone is a giveaway that they’re up to no good.

This sounds fairly straightforward. Indeed, there exist “intrusion detection systems” for that very purpose. But they have proven unreliable. What makes Darktrace different, says France, is the way it combines various algorithms, including those that draw on Bayesian statistics and Monte Carlo algorithms to allow the machine to learn what is and what is not normal activity. It can detect intrusions or unusual insider activity, such as a Snowdenesque systems administrator poking around in top-secret files or attempting to access the “honey pot.”

“If your IT security guy comes in and says ‘I’m running a secure network,’ sack him. It’s a lie. It’s impossible to do,” says France. The point is to leave the network relatively open, rather than to wrap in a bubble, which is impracticable. It is not possible to keep the bad guys out while letting the good guys in so Darktrace’s answer is to let everybody in and watch what they do.

Darktrace was founded by Stephen Huxter, an ex-MI5 man, and is funded by Invoke Capital, an investment fund started by Mike Lynch, formerly of software group Autonomy. In September 2013, Darktrace became the first company to gain investment from Invoke, which aims to commercialize the hard science research going on at Britain’s universities. Darktrace’s technology comes from a group of mathematicians at Cambridge University, as does Invoke’s second investment,Taggar.

France claims multinational companies are lining up around the block to use his system but that he has not sold it to any government as yet. Asked in a follow-up email whether it would be possible for an intelligence agency such as GCHQ to subvert or in any other way bypass Darktrace’s technology, France did not respond.