recommended reading

This Company Says Its Technology Could Have Detected Snowden’s Intrusions

Vincent Yu/AP File Photo

Government servants are hardly the best paid employees in the world, even if they are spies. But the older ones do have pensions of the sort most young people could never imagine. So why would a 30-year veteran of Britain’s secret service, with a “gold-plated” pension to look forward to, leave his position as deputy director for cyber defense operations at GCHQ (The Government Communications Headquarters, Britain’s equivalent to the US’s National Security Agency) for a start-up with no history and no security?

According to 50-year-old Andy France, as of today the CEO of Darktrace, it’s because when he first saw his company’s technology he was convinced it was “like the invention of radar for cybersecurity.” France says that unlike conventional information security measures, Darktrace does not aim to protect your computer from threats. This is a quixotic goal. Instead, Darktrace looks for unusual activity on a network, whether that is manifested as flows of data that wouldn’t normally move around, individual machines acting in uncharacteristic ways, or users attempting to access parts of the network they have no business looking at. Moreover, the system includes a “honey pot,” which if accessed by anyone is a giveaway that they’re up to no good.

This sounds fairly straightforward. Indeed, there exist “intrusion detection systems” for that very purpose. But they have proven unreliable. What makes Darktrace different, says France, is the way it combines various algorithms, including those that draw on Bayesian statistics and Monte Carlo algorithms to allow the machine to learn what is and what is not normal activity. It can detect intrusions or unusual insider activity, such as a Snowdenesque systems administrator poking around in top-secret files or attempting to access the “honey pot.”

“If your IT security guy comes in and says ‘I’m running a secure network,’ sack him. It’s a lie. It’s impossible to do,” says France. The point is to leave the network relatively open, rather than to wrap in a bubble, which is impracticable. It is not possible to keep the bad guys out while letting the good guys in so Darktrace’s answer is to let everybody in and watch what they do.

Darktrace was founded by Stephen Huxter, an ex-MI5 man, and is funded by Invoke Capital, an investment fund started by Mike Lynch, formerly of software group Autonomy. In September 2013, Darktrace became the first company to gain investment from Invoke, which aims to commercialize the hard science research going on at Britain’s universities. Darktrace’s technology comes from a group of mathematicians at Cambridge University, as does Invoke’s second investment,Taggar.

France claims multinational companies are lining up around the block to use his system but that he has not sold it to any government as yet. Asked in a follow-up email whether it would be possible for an intelligence agency such as GCHQ to subvert or in any other way bypass Darktrace’s technology, France did not respond.

Threatwatch Alert

Software vulnerability

Malware Has a New Hiding Place: Subtitles

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

    Download
  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

    Download
  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

    Download
  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

    Download
  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

    Download

When you download a report, your information may be shared with the underwriters of that document.