In this interview we meet Corrado Broli, Country manager Italy at Darktrace, an innovative company in the world of information security.
We were told about the interesting approach with which Darktrace create solutions that exploit artificial intelligence and more. Specifically, we will talk about the Enterprise Immune System solution which uses a particular technology that is inspired by the functioning of the human immune system.
Below is our interview to learn more:
1) Where did the idea of the Darktrace Immune System come from?
The idea itself was how Darktrace was conceived. Intelligence and cyber experts came together and set out to create technology that could operate by detecting threats from within, rather than trying to stop them entering. The founders of Darktrace realized that using rules and signatures was an outdated technique, because predicting what the next attack will look like is a fundamentally impossible task. So, a technology that learns ‘self’ was created, which is today used by almost 6,000 organizations across the world.
The technology takes its inspiration from the human immune system. Our Immune systems learn ‘on the job’ to detect threatening activity (such as viruses and bacteria) and respond autonomously to keep our bodies safe. In the same way, Darktrace’s Enterprise Immune System and autonomous response technology autonomously detect and respond to even the most subtle indicators of threat.
2) How does the Darktrace Immune System technology work?
The technology learns a sense of ‘self’ from the data and activity that it observes in situ. This means making billions of probability-based calculations in light of new evidence and continuously learning the ‘pattern of life’ as the business evolves.
Darktrace focuses on learning this ‘pattern of life’ for individual businesses and spotting subtle deviations indicative of a threat. By learning a sense of ‘self’ for your entire organization, Darktrace’s immune system discovers subtle, previously unseen patterns and emerging threats that would otherwise go unnoticed, and responds in a proportionate and surgical way to neutralize the threat – without disrupting the rest of the business.
3) How did artificial intelligence play an important role in this solution?
Darktrace’s is fundamentally an AI company. Its core detection, investigation and response platforms were built entirely from scratch at Darktrace’s R+D headquarters in Cambridge, UK by AI and machine learning experts. The technology uses unsupervised machine learning to build a dynamic understanding of ‘normal’ for each organization it safeguards. Rather than rely on rules, signatures, fixed baselines, or training data, the immune system learns from the system’s constantly changing digital environment – forming a bespoke and multi-dimensional understanding of every user, device, and all the complex relationships between them.
The challenge of cyber security has gone beyond a human scale problem, and only AI can reliably do things like detect the subtle indicators of stealthy attacks or stop machine-speed threats like ransomware from causing widespread damage.
4) What role does the cloud environment play in this solution?
Darktrace covers all areas of a digital business including email, OT, endpoint, cloud and SaaS, and operational technology, using the same AI across all environments. Darktrace is instrumental in protecting cloud environments where security teams not only struggle with a lack of visibility and control, but also diverse and incompatible defenses that often lead to overly relaxed permissions and simple mistakes.
This siloed approach to security is rarely robust and unified enough to provide sufficient coverage, relying on static methods that fail to detect compromised credentials, insider threats, and critical misconfigurations. Darktrace’s Immune System fills these gaps with self-learning AI that understands ‘normal’ at every layer, dynamically analyzing the dispersed and unpredictable behaviors that show up in email, cloud, and the corporate network.
5) What are the benefits of using A.I. in the solution within the network?
AI works round the clock, meaning it can offer defence when security teams are out of office, on holiday, or simply cannot respond fast enough. AI is also uniquely well placed to disrupt attacks that are moving laterally through a digital estate because they can deploy solutions at machine speed. Rather than generate broad-brushed quarantines that would cause more disruption, Antigena works by surgically enforcing the normal ‘pattern of life’ of an infected device or compromised user, neutralizing the threat in seconds and sustaining normal operations by design. These self-directed actions are not only granular, but also dynamically adapt to the severity of the threat as it unfolds.
6) Can artificial intelligence also be used by hackers in malicious attacks?
Absolutely. Cybercriminals are already turning to artificial intelligence to scale up their attacks and evade detection. With the threat of AI-powered attacks, organizations need to reform their strategies quickly, be prepared to defend their digital assets with AI, and regain the advantage over this new wave of sophisticated attacks.
7) How does Darktrace see the future of Cyber Security?
Autonomous systems are going to have a larger part to play in augmenting security teams who are facing an increasingly difficult task. In the face of AI enabled cyber-threats, many organizations are turning to defensive AI to fight fire with fire. Rather than relying on historical attacks to find new ones, defensive AI learns what’s normal for an organization and can then detect abnormal, potentially malicious activity as soon as it appears—even if it has never been seen before.
