Artificial intelligence is being used to understand what’s ‘normal’ inside digital systems and autonomously fight back against cyber-threats
As cyber-attacks grow in scale and sophistication, governments and corporations are struggling to adequately protect their digital assets. The majority of cyber-defences they rely on sit at the perimeter of the organisation, using rule-based policies and signatures of historically observed attacks.
This ‘protective skin’ of next-gen firewalls, email gateways and endpoint solutions is enough to keep out the majority of attacks targeting our systems, but weekly headlines of high-profile data leaks and ransomware attacks highlight the limitations of these legacy defences. Cyber-criminals recognise the backwards-looking approach these tools take and are regularly updating their attack infrastructure to ensure their campaigns fly under the radar.
A similar challenge is played out within our own bodies every day. While our skin acts as a protective barrier, bacteria and other pathogens inevitably get inside. These threats are a fact of life, but we can rely on our immune system to tackle them as they emerge. Having evolved over millions of years, our immune systems have the unique ability to understand ‘self’ – they know what is part of ‘us’ and what is not – allowing them to rapidly detect and contain emerging threats, even those our bodies have never encountered before.
An immune system for the enterprise
In the digital world, this approach is being replicated to protect organisations’ critical data and systems from a new era of cyber-attacks. Artificial intelligence (AI) is being harnessed to form an evolving understanding of normal for every user and device within an organisation, allowing the system to recognise what is ‘self’ and what is ‘other’.
This contextual understanding allows the machine to spot the subtle deviations from normal that indicate a cyber-threat. Like a digital antibody, the AI then initiates a response, taking targeted and proportionate action to disrupt the ongoing attack while the rest of the business continues to operate as normal.
This fundamentally different approach emerged from collaboration between mathematicians and former government intelligence experts, who came together to form the cyber-security company Darktrace in 2013. Its pioneering technology is now relied on by more than 4,500 organisations across every industry worldwide to protect data and systems across the digital business, from email and cloud services to industrial networks and the Internet of Things (IoT).
In 2019, a series of high-profile ransomware attacks impacted almost 1,000 government agencies, healthcare providers and educational institutions. The potential cost is said to be in excess of $7.5 billion. Last year, the SolarWinds hack laid bare how advanced attackers can compromise supply chains and lay low inside hundreds of systems for months undetected. The ramifications of this attack are still being worked out.
Whether it’s fast and deadly malware or low-and-slow, state-sponsored espionage and data exfiltration, there is no doubt we have entered a new era of cyber-attacks. Organisations must accept the fact that threat actors can and do slip through our traditional perimeter defences on a regular basis.
By embracing a digital immune system that sits behind that first line of defence, security teams can dramatically improve visibility, detection and response in the face of novel and sophisticated cyber-attacks that inevitably get through – safeguarding their business’ critical assets against this new era of cyber-threat.
Find out how Darktrace AI stopped a WastedLocker attack before ransomware was deployed: https://www.darktrace.com/en/blog/how-ai-stopped-a-wasted-locker-intrusion-before-ransomware-deployed/