This Company Says Its Software Could Have Prevented Snowden’s NSA Leaks

Image by Shutterstock via Bruce Rolff

AA Font size + Print

A company called Darktrace says its software could have detected any suspicious online activity at the NSA. By Leo Mirani

Government servants are hardly the best paid employees in the world, even if they are spies. But the older ones do have pensions of the sort most young people could never imagine. So why would a 30-year veteran of Britain’s secret service, with a “gold-plated” pension to look forward to, leave his position as deputy director for cyber defense operations at GCHQ (The Government Communications Headquarters, Britain’s equivalent to the US’s National Security Agency) for a start-up with no history and no security?

According to 50-year-old Andy France, as of today the CEO of Darktrace, it’s because when he first saw his company’s technology he was convinced it was “like the invention of radar for cybersecurity.” France says that unlike conventional information security measures, Darktrace does not aim to protect your computer from threats. This is a quixotic goal. Instead, Darktrace looks for unusual activity on a network, whether that is manifested as flows of data that wouldn’t normally move around, individual machines acting in uncharacteristic ways, or users attempting to access parts of the network they have business looking at. Moreover, the system includes a “honey pot,” which if accessed by anyone is a giveaway that they’re up to no good.

This sounds fairly straightforward. Indeed, there exist “intrusion detection systems” for that very purpose. But they have proven unreliable. What makes Darktrace different, says France, is the way it combines various algorithms, including those that draw on Bayesian statistics and Monte Carlo algorithms to allow the machine to learn what is and what is not normal activity. It can detect intrusions or unusual insider activity, such as a Snowdenesque systems administrator poking around in top-secret files or attempting to access the “honey pot.”

“If your IT security guy comes in and says ‘I’m running a secure network,’ sack him. It’s a lie. It’s impossible to do,” says France. The point is to leave the network relatively open, rather than to wrap in a bubble, which is impracticable. It is not possible to keep the bad guys out while letting the good guys in so Darktrace’s answer is to let everybody in and watch what they do.

[READ: Obama to Nominate Navy Admiral as NSA Director]

Darktrace was founded by Stephen Huxter, an ex-MI5 man, and is funded by Invoke Capital, an investment fund started by Mike Lynch, formerly of software group Autonomy. In September 2013, Darktrace became the first company to gain investment from Invoke, which aims to commercialize the hard science research going on at Britain’s universities. Darktrace’s technology comes from a group of mathematicians at Cambridge University, as does Invoke’s second investment, Taggar.

France claims multinational companies are lining up around the block to use his system but that he has not sold it to any government as yet. Asked in a follow-up email whether it would be possible for an intelligence agency such as GCHQ to subvert or in any other way bypass Darktrace’s technology, France did not respond.

[Image by Shutterstock via Bruce Rolff]

Close [ x ] More from DefenseOne
 
 

Thank you for subscribing to newsletters from DefenseOne.com.
We think these reports might interest you:

  • Federal IT Applications: Assessing Government's Core Drivers

    In order to better understand the current state of external and internal-facing agency workplace applications, Government Business Council (GBC) and Riverbed undertook an in-depth research study of federal employees. Overall, survey findings indicate that federal IT applications still face a gamut of challenges with regard to quality, reliability, and performance management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • GBC Issue Brief: Supply Chain Insecurity

    Federal organizations rely on state-of-the-art IT tools and systems to deliver services efficiently and effectively, and it takes a vast ecosystem of organizations, individuals, information, and resources to successfully deliver these products. This issue brief discusses the current threats to the vulnerable supply chain - and how agencies can prevent these threats to produce a more secure IT supply chain process.

    Download
  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download
  • Information Operations: Retaking the High Ground

    Today's threats are fluent in rapidly evolving areas of the Internet, especially social media. Learn how military organizations can secure an advantage in this developing arena.

    Download

When you download a report, your information may be shared with the underwriters of that document.