Cybersecurity challenges are continuing to rise at a staggering rate. Since the beginning of the pandemic in March 2020, reports of cybercrime have risen by as much as 300% according to the FBI, driven by advanced attacks such as ransomware, account takeover and social engineering.
Dealing with these risks can pose a serious a challenge for organizations, no matter their size or security budget. Legacy security technologies are often not equipped to deal with advanced modern attacks, and the increasing sophistication of attack methods means that even the most powerful solutions on the market need to be constantly evolving to keep up.
Darktrace, a UK-based cybersecurity provider founded in 2013, are on the cutting-edge of protecting organizations against cybersecurity attacks. Darktrace were one of the first cybersecurity vendors to apply artificial intelligence to cybersecurity challenges, and are a market leader in self-learning artificial intelligence (AI) and autonomous response technologies.
Darktrace’s platform is modelled on the principles of the human immune system, using AI systems to help machines understand and interrupt cyberattacks in real-time. Their systems provide automated incident response and reports for admins around the world; they claim to stop a cyberattack every single second.
We interviewed Max Heinemeyer, director of threat hunting at Darktrace to find out more about the Darktrace solution, and his perspective on the threat landscape today. Heinemeyer oversees Darktrace’s global threat hunting efforts, working with over 5,000 clients to investigate and respond to cyberthreats.
Heinemeyer works closely with Darktrace’s R&D team at their Cambridge, UK office. The team conduct world-leading research into artificial intelligence, giving Heinemeyer a unique insight as to how artificial intelligence is reshaping the cybersecurity industry. He has over a decade of experience in the cybersecurity industry, specializing in Penetration Testing, Red-Teaming, SIEM and SOC consulting, and hunting Advanced Persistent Threat groups.
A New, AI-Based Approach To Cybersecurity
Traditionally, cybersecurity solutions look at protecting the network perimeter as their primary goal. If they can stop anything they judge as malicious from entering your systems or devices, they’ll have done their job. But over the last few years, an evolution in cyberattacks has forced a new way of thinking.
“Over the past decade in cyber, we’ve learnt that simply trying to stop attackers getting into your system is futile––that only works for low-level attacks. It doesn’t work for anything advanced,” Heinemeyer says. “A perimeter defence is like having skin. It protects you––but not when something gets inside the body. That’s when you need an immune system.”
Artificial intelligence can act as that immune system, providing real-time protection against attacks—like antibodies fighting off diseases.
“That was the philosophy we founded Darktrace with,” Heinemeyer explains. “And today, that philosophy remains more pertinent than ever. Hackers’ methods will always evolve to evade traditional defences, but the key to fighting back remains the same: with sophisticated AI technology that is capable of spotting novel and sophisticated attacks wherever and whenever they emerge across the digital business.”
If you’ve been following the cybersecurity industry closely, you’ll know that since 2013, hundreds of companies that have emerged using AI technologies in their solutions— and their marketing. You may be cynical about the effect the technology can have on stopping cyberthreats, but it’s important to remember that not all AI is equal, Heinemeyer says.
“Many AI-powered security solutions are merely analytics tools, which create reports after an event has occurred. The most powerful contribution that AI has made to cybersecurity is that of fully autonomous, intelligent defence systems.
“This is cutting-edge technology, which sits in the heart of an organization and is entirely self-learning, understanding the unique pattern of life for each organization, and taking autonomous and strategic actions to stop anomalous behaviours in their tracks,” he says.
How AI Can Prevent Advanced Cyberattacks
To illustrate how artificial intelligence can help to secure organizations against advanced cyberattacks, Heinemeyer uses the example of one of the most notorious and prevalent threats being used today: ransomware.
Since last year, ransomware attacks have risen by up to 400%, with a number of high-profile attacks including the Irish Health Service, the Keystone Pipeline and JBS, the world’s largest meat processor. Ransomware is continuing to escalate both in severity and sophistication, putting millions of dollars and potentially even lives at risk as critical healthcare systems were targeted during a global pandemic.
It’s clear that we’ve entered a new era of ransomware, Heinemeyer says. One where attacks travel at computer-speed, overwhelming and outpacing security teams. To combat this era of attacks, he says, organizations must strive for machine-speed resilience, which is where AI comes in.
“In a typical ransomware scenario, Darktrace’s AI leverages its deep understanding of what is ‘normal’ for an organization’s digital world, to then watch out for abnormalities which may point to an emerging threat. This is the ‘self-learning’ aspect in practice: the AI is constantly relearning the ‘pattern of life’ for the organization in which it sits, in order to spot attacks in their earliest stages,” Heinemeyer says.
“When a compromise starts to happen, the AI then acts autonomously to isolate only the unusual activity associated with the ransomware attack—be that the initial malware infection, the infected computer phoning home, the attacker moving through the network laterally and finally the encryption of the data.
“Having contained the ransomware attack before it could escalate, the AI then generates a report on the incident for the security team to read. It does all of this without disrupting normal business operations, creating a ‘self-healing’ security ecosystem wherein AI augments the human team and stops machine speed threats on their behalf.”
AI technology can thwart ransomware in seconds, Heinemeyer says, preventing attacks before any data can be damaged or data encrypted and providing a much higher level of protection.
Artificial Intelligence And Email Security
One of the most critical aspects of an organization’s cybersecurity strategy is email. Email remains one of the top channels for cyber-attacks to be delivered, with 91% of data breaches originating via a phishing email. Darktrace launched their Antigena Email solution in February 2019, applying their AI-powered technology to the email security threat landscape.
“Email has long been considered the unsolved piece of the cybersecurity puzzle,” Heinemeyer says. “Too often employees, busy doing their jobs, are faced with very convincing and sophisticated social engineering email attacks.
“Some malicious emails are now virtually indistinguishable from genuine communication, and there are no hard and fast rules for how employees can identify them.”
Traditional email security technologies, like legacy email security gateways, compare emails against blocklists to identify if emails are malicious or not. This is no longer effective, Heinemeyer says; instead, businesses need sophisticated AI technology to combat phishing attacks, before they reach the user.
“Antigena builds a deep understanding of the unique human behind the email address,” he explains. “It understands what is ‘normal’ across email environments and adapts to changes in the workforce. When an email is malicious, it responds autonomously to protect the organization from exposure––whether that means holding back the email entirely, locking a link, or converting attachments to a harmless file type.”
The Artificial Intelligence Arms Race: ‘A War Of Algorithms’
Of course, while artificial intelligence can help to revolutionize threat protection solutions, it’s also being utilised by cybercriminals to help them execute ever more advanced and sophisticated attacks.
In a recent interview with the Guardian, Darktrace CEO Poppy Gustafsson likened the use of AI to an “arms race”, predicting that attackers would utilize AI to create even more sophisticated and highly targeted attacks. A recent report by Darktrace found that 96% of company directors were concerned about the use of AI in cyberattacks, and were beginning to implement defences to combat them.
“Traditional security controls are already struggling to detect attacks that have never been seen before in the wild––be it malware without known signatures, new command and control domains, or individualized spear-phishing emails,” Heinemeyer says.
“AI can be used to create highly convincing emails that impersonate trusted people within your network, or to help malware target high-value data sets within a corporate network. This is known as ‘offensive AI’ and its emergence should be a real concern for businesses and governments. There is no chance that traditional tools will be able to cope with future attacks as this becomes the norm and easier to realize than ever before.”
To combat these threats, organizations must invest in strong AI security solution he says, which can work far more effectively, and far more rapidly.
“Defensive AI is absolutely necessary to fight offensive AI. Humans alone cannot do this. Autonomous Response technology is already combatting some of the most sophisticated attacks out there at machine speed, empowering thousands of enterprises to continue normal business operations when attackers try to strike.
“This computer speed response will be critical to stopping offensive AI, which will be fast and intelligent. It will be a war of algorithms.”
Should You Apply Artificial Intelligence To Your Cybersecurity Strategy?
Heinemeyer’s advice to organizations struggling with cybersecurity threats is to consider a new perspective. Instead of trying to mitigate against the risk of data breach, assume that a breach has already taken place.
“First and foremost, a mindset shift is necessary—you’ve got to assume that a compromise has taken place or will happen in the near future,” he says. “Attackers will get in one way or another, and organizations have to be on the lookout for them—detecting breaches in their earliest stages and thwarting them before damage can be done.”
“Instead of focussing on the latest buzzword in security and the latest attack that made the headlines, organizations need to focus on using technology that understands self––shifting attention away from the attacker and towards what is ‘normal’ for their organization, in order to stop malicious activity wherever it emerges.
“For thousands of organizations around the world today, AI is doing just that—spotting the subtle behaviour that is indicative of an attack and putting a stop to it before it escalates into a crisis.”
Thanks to Max Heinemeyer for participating in this interview. You can find out more about Darktrace and their security solutions here: https://www.darktrace.com/