This Company Says Its Software Could Have Prevented Snowden’s NSA Leaks

Image by Shutterstock via Bruce Rolff

AA Font size + Print

A company called Darktrace says its software could have detected any suspicious online activity at the NSA. By Leo Mirani

Government servants are hardly the best paid employees in the world, even if they are spies. But the older ones do have pensions of the sort most young people could never imagine. So why would a 30-year veteran of Britain’s secret service, with a “gold-plated” pension to look forward to, leave his position as deputy director for cyber defense operations at GCHQ (The Government Communications Headquarters, Britain’s equivalent to the US’s National Security Agency) for a start-up with no history and no security?

According to 50-year-old Andy France, as of today the CEO of Darktrace, it’s because when he first saw his company’s technology he was convinced it was “like the invention of radar for cybersecurity.” France says that unlike conventional information security measures, Darktrace does not aim to protect your computer from threats. This is a quixotic goal. Instead, Darktrace looks for unusual activity on a network, whether that is manifested as flows of data that wouldn’t normally move around, individual machines acting in uncharacteristic ways, or users attempting to access parts of the network they have business looking at. Moreover, the system includes a “honey pot,” which if accessed by anyone is a giveaway that they’re up to no good.

This sounds fairly straightforward. Indeed, there exist “intrusion detection systems” for that very purpose. But they have proven unreliable. What makes Darktrace different, says France, is the way it combines various algorithms, including those that draw on Bayesian statistics and Monte Carlo algorithms to allow the machine to learn what is and what is not normal activity. It can detect intrusions or unusual insider activity, such as a Snowdenesque systems administrator poking around in top-secret files or attempting to access the “honey pot.”

“If your IT security guy comes in and says ‘I’m running a secure network,’ sack him. It’s a lie. It’s impossible to do,” says France. The point is to leave the network relatively open, rather than to wrap in a bubble, which is impracticable. It is not possible to keep the bad guys out while letting the good guys in so Darktrace’s answer is to let everybody in and watch what they do.

[READ: Obama to Nominate Navy Admiral as NSA Director]

Darktrace was founded by Stephen Huxter, an ex-MI5 man, and is funded by Invoke Capital, an investment fund started by Mike Lynch, formerly of software group Autonomy. In September 2013, Darktrace became the first company to gain investment from Invoke, which aims to commercialize the hard science research going on at Britain’s universities. Darktrace’s technology comes from a group of mathematicians at Cambridge University, as does Invoke’s second investment, Taggar.

France claims multinational companies are lining up around the block to use his system but that he has not sold it to any government as yet. Asked in a follow-up email whether it would be possible for an intelligence agency such as GCHQ to subvert or in any other way bypass Darktrace’s technology, France did not respond.

[Image by Shutterstock via Bruce Rolff]

Close [ x ] More from DefenseOne
 
 

Thank you for subscribing to newsletters from DefenseOne.com.
We think these reports might interest you:

  • Ongoing Efforts in Veterans Health Care Modernization

    This report discusses the current state of veterans health care

    Download
  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

    Download
  • Top 5 Findings: Security of Internet of Things To Be Mission-Critical

    As federal agencies increasingly leverage these capabilities, government security stakeholders now must manage and secure a growing number of devices, including those being used remotely at the “edge” of networks in a variety of locations. With such security concerns in mind, Government Business Council undertook an indepth research study of federal government leaders in January 2017. Here are five of the key takeaways below which, taken together, paint a portrait of a government that is increasingly cognizant and concerned for the future security of IoT.

    Download
  • Coordinating Incident Response on Posts, Camps and Stations

    Effective incident response on posts, camps, and stations is an increasingly complex challenge. An effective response calls for seamless conversations between multiple stakeholders on the base and beyond its borders with civilian law enforcement and emergency services personnel. This whitepaper discusses what a modern dispatch solution looks like -- one that brings together diverse channels and media, simplifies the dispatch environment and addresses technical integration challenges to ensure next generation safety and response on Department of Defense posts, camps and stations.

    Download
  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

    Download

When you download a report, your information may be shared with the underwriters of that document.