This Company Says Its Software Could Have Prevented Snowden’s NSA Leaks

Image by Shutterstock via Bruce Rolff

AA Font size + Print

A company called Darktrace says its software could have detected any suspicious online activity at the NSA. By Leo Mirani

Government servants are hardly the best paid employees in the world, even if they are spies. But the older ones do have pensions of the sort most young people could never imagine. So why would a 30-year veteran of Britain’s secret service, with a “gold-plated” pension to look forward to, leave his position as deputy director for cyber defense operations at GCHQ (The Government Communications Headquarters, Britain’s equivalent to the US’s National Security Agency) for a start-up with no history and no security?

According to 50-year-old Andy France, as of today the CEO of Darktrace, it’s because when he first saw his company’s technology he was convinced it was “like the invention of radar for cybersecurity.” France says that unlike conventional information security measures, Darktrace does not aim to protect your computer from threats. This is a quixotic goal. Instead, Darktrace looks for unusual activity on a network, whether that is manifested as flows of data that wouldn’t normally move around, individual machines acting in uncharacteristic ways, or users attempting to access parts of the network they have business looking at. Moreover, the system includes a “honey pot,” which if accessed by anyone is a giveaway that they’re up to no good.

This sounds fairly straightforward. Indeed, there exist “intrusion detection systems” for that very purpose. But they have proven unreliable. What makes Darktrace different, says France, is the way it combines various algorithms, including those that draw on Bayesian statistics and Monte Carlo algorithms to allow the machine to learn what is and what is not normal activity. It can detect intrusions or unusual insider activity, such as a Snowdenesque systems administrator poking around in top-secret files or attempting to access the “honey pot.”

“If your IT security guy comes in and says ‘I’m running a secure network,’ sack him. It’s a lie. It’s impossible to do,” says France. The point is to leave the network relatively open, rather than to wrap in a bubble, which is impracticable. It is not possible to keep the bad guys out while letting the good guys in so Darktrace’s answer is to let everybody in and watch what they do.

[READ: Obama to Nominate Navy Admiral as NSA Director]

Darktrace was founded by Stephen Huxter, an ex-MI5 man, and is funded by Invoke Capital, an investment fund started by Mike Lynch, formerly of software group Autonomy. In September 2013, Darktrace became the first company to gain investment from Invoke, which aims to commercialize the hard science research going on at Britain’s universities. Darktrace’s technology comes from a group of mathematicians at Cambridge University, as does Invoke’s second investment, Taggar.

France claims multinational companies are lining up around the block to use his system but that he has not sold it to any government as yet. Asked in a follow-up email whether it would be possible for an intelligence agency such as GCHQ to subvert or in any other way bypass Darktrace’s technology, France did not respond.

[Image by Shutterstock via Bruce Rolff]

Close [ x ] More from DefenseOne
 
 

Thank you for subscribing to newsletters from DefenseOne.com.
We think these reports might interest you:

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

    Download
  • Military Readiness: Ensuring Readiness with Analytic Insight

    To determine military readiness, decision makers in defense organizations must develop an understanding of complex inter-relationships among readiness variables. For example, how will an anticipated change in a readiness input really impact readiness at the unit level and, equally important, how will it impact readiness outside of the unit? Learn how to form a more sophisticated and accurate understanding of readiness and make decisions in a timely and cost-effective manner.

    Download
  • Cyber Risk Report: Cybercrime Trends from 2016

    In our first half 2016 cyber trends report, SurfWatch Labs threat intelligence analysts noted one key theme – the interconnected nature of cybercrime – and the second half of the year saw organizations continuing to struggle with that reality. The number of potential cyber threats, the pool of already compromised information, and the ease of finding increasingly sophisticated cybercriminal tools continued to snowball throughout the year.

    Download
  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

    Download
  • Information Operations: Retaking the High Ground

    Today's threats are fluent in rapidly evolving areas of the Internet, especially social media. Learn how military organizations can secure an advantage in this developing arena.

    Download

When you download a report, your information may be shared with the underwriters of that document.