Plenty
of security companies offer to help fend off external threats.
Darktrace is one of the few that aim to find wrongdoing from within.
When cybersecurity firm Darktrace
introduced its first product in 2013, Mike Sherwood was overseeing
technology for a police department in Irvine, California. Plenty of
vendors promised to help him combat external threats, he says, but at
the time, Darktrace's cyber-intelligence platform was the only one that
provided a window into internal threats. "We had machines streaming data
out to the internet to unknown destinations," he says. "It wasn't
sensitive data, but that's something you don't want, regardless."
In 2016, Sherwood accepted a job in Las Vegas as the city's director of technology and innovation--and brought Darktrace's technology with him. He uses it to look for early signs of compromise, such as employees using prohibited cloud services (such as Dropbox) that "could bring in bad viruses or remove data from the city," he says. Without Darktrace, "we would only know about it if we did a software audit or if a technician came by."
Going into 2017, Darktrace was well on its way to becoming a well-known player in enterprise software. But this year, the value of its signed contracts rose to $231 million as of September 30, a rise from $131 million just eight months earlier. During the same time period, head count grew to 578 from 371. The company now counts 3,750 clients, up from 2,000, including, the company says, two of the four largest telecommunications companies in the U.S. In May, Darktrace signed an agreement with German technology giant Siemens to increase sales in the utility, oil, and gas sectors. The company's valuation more than doubled this summer when it secured a $75 million round of financing at an $825 million valuation. (Back in July 2016, it raised $64 million at a $400 million valuation).
Darktrace is clearly on a tear. The company is the brainchild of a group of University of Cambridge mathematicians and former British military intelligence staff. Darktrace uses artificial intelligence to monitor the routine patterns of behavior within a network. After those have been established--generally within five to seven days--Darktrace watches out for, and reacts to, anomalies.
Darktrace was initially backed by Invoke Capital, the investment company set up by Autonomy founder Mike Lynch, who is regarded as one of the U.K.'s most successful technology entrepreneurs. The company now has dual headquarters in Cambridge, England, and San Francisco.
"Detecting an insider threat is very hard," says Nicole Eagan, Darktrace's CEO.
"You have people you give access to your network--business partners, employees, vendors. They don't have to break in."
Of course, Darktrace has plenty of competitors, from Vectra Networks and Deep Cyber to Hewlett Packard's Arc Sight and startups such as Dragos. Earl Perkins, a research vice president at Gartner, says a few things distinguish Darktrace in the busy, buzzy market for cybersecurity. First, he says Darktrace was early with its approach and, from a technology point of view, has managed to stay in the lead. Second, Darktrace has been smart to focus on both enterprise and so-called operational technology, which is the infrastructure critical to the machine world. And, Perkins says, Darktrace "has a well-honed path into artificial intelligence. I think they've used it properly and harnessed it with a good user interface that allows them to respond pretty quickly."
In April, Darktrace introduced its automated response tool, Antigena, which Sherwood refers to as "a 24/7 staff member." If Antigena detects large quantities of information leaving an organization, for example, it can send an alert to an IT person, who can decide how to handle it. But Antigena is somewhat unique in that it can be configured to take action without human intervention. Most companies, says Eagan, start by allowing Antigena to simply send them an alert.
"Once they've confirmed a few times, they put it in automatic mode," she says.
Often the software can act more quickly than a person could, quarantining suspicious activity while waiting for a person to make the final call.
Eagan says that when a company first installs Darktrace, they often find they have up to a third more devices on their network than they thought they had. That's partly because employees bring in devices from home and connect them to the company network, sometimes neglecting to change the default passwords.
Photocopiers and vending machines are often internet-enabled. One company, Eagan says, was attacked through its voice-over-IP phone system. Another attempted breach came via an internet-connected fish tank. "There's now an early warning system that is capable of taking action if you let it," says Sherwood. "Compare that with earlier days, when you didn't know something was wrong until you got a phone call."
No comments:
Post a Comment