The art and science of detecting emerging threats
by Mirko Zorz - Editor in Chief - Monday, 11 August 2014.
In this interview, Stephen Huxter, COO at Darktrace, talks about the challenges involved in detecting emerging threats, Recursive Bayesian Estimation, the evolution of AI, and more.

What are the most substantial stumbling blocks when it comes to detecting emerging threats?

Detecting threats as they develop is not easy, because you are dealing with uncertainty. In todayís threat landscape, we face the risk of extremely sophisticated intruders, who constantly change and refine their methods in order to perpetrate their mission, as well as insiders who abuse legitimate access rights to manipulate data.

These kinds of attacks are very difficult to spot because there is no rulebook that tells us how they will behave. A clever intruder may lie low within an organization for weeks or months, and conceal their movements within the noise of a busy network. An insider is extremely difficult to spot because a lot of what they do may be legitimate, while a small but significant part of their activity is threatening.

The information security industry does a decent job of finding the threats that have already been identified and classified, but struggles with detecting unprecedented threats. We have seen example after example of damaging cyber-attacks against large, ostensibly well-defended companies, carried out by sophisticated threat actors that successfully bypass traditional security defences. The question is, how do you find something when you donít know what you are looking for?

We are seeing a transition in the industry now, where we are abandoning the illusion of 100% network security Ė the perimeter has almost become a notional concept in todayís large, complex and global networks. Instead, the challenge is to understand what is happening within the firewall, evaluate the degree of risk that we face at any one time and prioritize top-level threats over low-level incidents, in order to protect our information networks in a proportionate, intelligence-led manner.

How can Recursive Bayesian Estimation help strengthen IT security?

By embracing the probability-based approach that Recursive Bayesian Estimation mathematics enables, organisations can enhance their ability to detect threats that are in progress within their internal systems and operate in a dynamic and covert manner.

This branch of mathematics has been developed by world-class mathematicians at the University of Cambridge, and applied to the cyber security challenge to deliver the first Enterprise Immune System. The math uses an unsupervised learning approach, which means that it statistically works out patterns of activity and classifies its learnings without any prior knowledge or assumptions. Within a corporate network, it monitors and analyzes information, continually calculating probabilities of anomalous behaviours based on changing evidence.

The key word is probability Ė we are not talking about certainties, but about establishing the best possible, evidence-based understanding of ever-changing threats within complex information environments. Ultimately, this innovation lets IT security focus on mitigating threats in a proactive way and respond to top-level incidents, instead of getting stuck in a reactive mode and dealing with floods of false positives. Without prior knowledge of how a threat may manifest itself, Recursive Bayesian Estimation powers an immune system that constantly refines its understanding of normality and abnormality in real time. It therefore evolves in step with the organisation to find only relevant and highly anomalous behaviours that require timely intervention of some kind.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th