Master Class

How billion-dollar start-up Darktrace is fighting cybercrime with A.I.

Pit the machines against the machines to keep your data safe.

That's the philosophy of cybersecurity start-up Darktrace, which uses artificial intelligence to fight cybercrime against corporations.

"It's clear that we're now in the midst of a cyberarms race, and the battlefield is going to be inside of every company network and we're going to see a war against algorithms," Darktrace co-founder and CEO Nicole Eagan tells CNBC Make It.

"We're going to see attackers beef up their mathematical and artificial intelligence algorithms and we're going to see the defenders doing the same. And this is going to probably continue on for some period of time — we expect actually that's going to get worse before it gets better."

The answer to combating such threats, in Eagan's estimation, is AI.

Using the human body as inspiration

"Darktrace's AI technology is software that can run in a cloud, in a corporate network, in a manufacturing plant floor or power facility," says Eagan. (Customers typically sign a multiyear subscription that includes the AI cyberdefense software as well as access to Darktrace's experts.) It fights threats from attackers gaining access to company computer networks via internet connected devices to upset company insiders using their position to take advantage of company networks.

But its artificial intelligence takes inspiration from something distinctly organic: the way the human immune system fights illness. It makes sense, as even the common cybersecurity lexicon has talked of viruses.

Nicole Eagan, co-founder and CEO of Darktrace
Photo courtesy Darktrace
Nicole Eagan, co-founder and CEO of Darktrace


As Eagan puts it, "Evolved over billions of years, the human body's immune system has the unique ability to understand 'self' — what is part of us and what is not us — allowing it to rapidly detect and contain emerging threats, even those our body has not encountered before.

"Similarly, Darktrace works by learning a sense of 'self' across the entire digital business and identifying emerging threats in real time," she said.

Its machine learning understands normal patterns of behavior of every user and every device connected to a corporate network. "By learning this evolving 'pattern of life' for every user and device," Darktrace is able to then identify deviations from normal activity, said Eagan, whose company has headquarters in San Francisco and Cambridge, England.

"Like a digital antibody, it then instantly neutralizes the threat before it has time to cause damage."

Adds Eagan: "Human teams simply can't keep up without the help of artificial intelligence. Digital antibodies that can be shared around the world are a way to help combat new attacks."

Cybersecurity from the inside out

Indeed, the threat from cybercrime is massive. In 2015, cybercrime cost the world $3 trillion, according to an annual estimate from Cybersecurity Ventures, which provides research and insights on the global cybereconomy. By 2021, cybercrime will cost the world $6 trillion a year. (That estimate includes damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic work around hacked data and systems, and reputational harm for companies, governments and consumers or individuals.)

"With each passing year, not only has the sheer volume of threats increased, but the threat landscape has become more diverse, with attackers working harder to discover new avenues of attack and cover their tracks while doing so," says the 2018 Internet Security Threat Report, published in March by publicly traded cybersecurity company Symantec.

Because of the vast and growing threat of cybercrime, Darktrace is also built on the notion that hackers will get into company computer systems. Eagan, who previously worked at Oracle, Quest Software and Hewlett Packard, among others, says the company decided to look at cyberthreats "from the inside out" — building and deploying software as a service (SaaS) to see when something gets in, what other computers it touched and what other data it accessed in order to stop in its tracks before real damage is done.

Furthering the immune system comparison, Eagan says, "While we may catch the occasional cold, the human immune system is the mission-critical defense system that we rely on every day to live and grow. Likewise, while cyberattacks may successfully infiltrate our systems, the 'Darktrace enterprise immune system' ensures that they do not lurk unnoticed and stops it at the earliest stage."

That's not to say preventative measures aren't used — security tools like next-gen firewalls and antivirus software help detect against known threats but can miss subtle threats lurking inside corporate networks, she says.

Real stories of cyberattack

"We actually find and stop threats every day," says Eagan.

Darktrace, whose clients range from a 10-person hedge fund to a global bank and include the City of Las Vegas, Penguin Random House, Trek Bicycles, YMCA LA and National Hockey League Players' Association, sees one area of particular vulnerability in the internet of things, or devices that are connected to the internet.

For example, one casino Darktrace was serving as a customer was hacked through its internet-enabled fish tank, says Eagan.

The "very large" fish tank had an IoT-connected thermostat to measure the water temperature, says Eagan. "Well, they forgot to tell the I.T. and security departments about this new IoT device connected to the fish tank," says Eagan.

"Low and behold, attackers scanned the network and were able to break in through this thermostat. Then they searched across and they tried to find the high-rollers database because that's what was of value to them, and they were able to find some of that try to pull it back across the network and steal the data and move it up to a cloud."

Eagan says Darktrace was able to spot the activity because it wasn't usual behavior. "Normally, the thermostat wouldn't look for the high-roller database," she says. "So we were able to spot it and stop it right in its tracks."

A visualization of Darktrace's cyber artificial intelligence being deployed. 
Photo courtesy Darktrace
A visualization of Darktrace's cyber artificial intelligence being deployed. 

In another case of cybercrime caught by Darktrace, an employee of a large bank was surreptitiously using the company's computer servers and processing power to mine bitcoin.

"His job was to load new servers into the computer room," Eagan tells CNBC Make It. "Once in a while he would just take one of these servers and hide it under the floorboards in the data center and eventually he put enough servers together that he started running his own bitcoin mining operation. ... This was doing something different than all the other servers in the data center, so Darktrace's artificial [intelligence] was able to spot it and stop it right away."

In an amusement park working with Darktrace, an attacker was able to gain access to the corporate network through the company's smart locker system where guests can store personal affects.

"Darktrace identified it before any data could be exfiltrated and their security team was able to remove the compromised locker from the network," Eagan says.

Of course, the attacks coming from hackers will get ever more challenging to identify.

"Ransomware is a great example of how threats evolve," says Eagan. "Right now we are seeing a lull in ransomware attacks which indicates to us that cybercriminals are currently developing new tactics to bypass these legacy tools. It's only a matter of time before we see the next WannaCry." In May 2017, the WannaCry ransomware attack spread across 150 countries.

"We do imagine there will be a time that the attackers themselves will start to employ AI techniques to blend into the background of noisy networks," says Eagan. "Ultimately, it will be an arms race between attackers and defenders – who will be able to deploy the better AI."

But because AI is self-learning, using it helps Darktrace automatically evolve with the attacks, says Eagan.

The competition

Darktrace has grown significantly since launching in 2013. The company has more than 700 employees around the world and has raised $179.5 million at a valuation of $1.25 billion. Since its inception, Darktrace has signed over $400 million in total contracts. (The company declined to share revenue.)

But it's not the only player in the industry using AI.

"We're seeing growing interest in applying computing things like machine learning, deep learning, artificial intelligence, etc. (think of IBM Watson stuff) to cybersecurity issues both in 'real time' and on a more strategic basis to try and identify trends and vulnerabilities before they become actual incidents," Richard Forno, assistant director of the Center for Cybersecurity and the director of the Cybersecurity Graduate Program at the University of Maryland, Baltimore County, tells CNBC Make It.

Indeed, there are now "multiple" companies using artificial intelligence and machine learning to fight cybercrime, said Jonathan Katz, director of the Maryland Cybersecurity Center and a professor in the department of computer science at the University of Maryland. "It has certainly increased over the past five years, but there are no statistics available to quantify this."

One such company is San Jose, California-based Trustlook. Founded in 2013, "Trustlook's solutions protect mobile devices, network appliances, and the [internet of things]," according to the company's website. Trustlook has raised $35.1 million, according to public funding database Crunchbase and is constantly updating its response to threats.

"The secret sauce here is that the system is constantly learning. Every time a human analyst identifies a false positive or a genuine threat, the system adjusts to accommodate that feedback and creates new models to detect threats," says a white paper on Trustlook's artificially intelligent product, Secure A.I. "The more feedback it gets, the more accurate it becomes. Not only does this improve threat detection, but it also frees up human analysts to investigate the complex cases that really require their attention. If they're not bogged down in false positives, it's possible to make better use of their expertise."

Another company using machine intelligence to fight cybercrime is Mountain View, California-based Chronicle, which was started in 2016 in X, Google's moonshot factory, and was unveiled as an independent business in 2018. Chronicle, which also sells software as a service, would not discuss its funding raised or valuation, but did say its connection to its parent company Alphabet gave it a strategic advantage.

"Chronicle is a new independent business within Alphabet dedicated to helping companies find and stop cyberattacks before they cause harm. Chronicle is uniquely suited to build a planet-scale security information analysis platform for enterprise customers," a spokesperson for the company tells CNBC Make It. "We can leverage massive amounts of security intelligence that corporations are providing and crunch that data in a way that only Alphabet can bring to bear."

But according to at least one industry insider, Darktrace helped pave the way.

"Darktrace was an early mover in the AI space for cybersecurity. They delivered a robust solution early on and they were able to get a LOT of deployments" (or customers using their software), Steve Morgan, founder and editor-in-chief at Cybersecurity Ventures, tells CNBC Make It via email. Currently, Darktrace has more than 7,000 deployments, according to its website.

"With that, they've built up a lot of expertise and an excellent reputation (which they deserve). … Darktrace's ability to execute in the market — either as a standalone company or as part of a larger company — is substantially greater than the other independents in their field," he says. "Independents" refers to privately held companies that are comparable to Darktrace.

Of note and importance, says Morgan, is that Eagan is a good salesperson.

"[She] is an excellent marketer, and that's critical in a complicated market like cybersecurity, where CEOs and business executives struggle to understand the threats and solutions," Morgan says. "She has a very deep background as a [chief marketing officer] for major brand name tech vendors. That definitely gives Darktrace an edge over its competition. The company has done a very good job of explaining more than just what AI is. They help the market understand how it is used."

A visualization of the Darktrace artificial intelligence in action.
Photo courtesy Darktrace. 
A visualization of the Darktrace artificial intelligence in action.

The future of the industry

Within cybersecurity, "The artificial intelligence market is ripe for massive growth over the next decade," Morgan tells CNBC Make It.

In fact, the cybersecurity industry was faced with a global shortfall of 1 million job openings in 2014, and that will grow to 3.5 million unfilled positions by 2021, Morgan says. AI is the technology, more than any other, than can help organizations deal with that shortage, he says. "We expect rapid AI adoption over the next few years while cybersecurity unemployment will remain at zero percent."

For her part, Eagan says the future of cyberdefense is having AI not only identifying but also responding to threats, an area into which Darktrace has started working already. Darktrace launched its autonomous response product over two years ago and currently has hundreds of customers using it.

"The next step is really being able to use the AI to fight back to actually stop the attacks themselves," says Eagan. "That's an emerging area, we happen to call it 'autonomous response.' You've heard of autonomous vehicles — well, it's kind of along the same lines.

"So that's really the next phase, and that's where people are going to have to really trust the technology to all of a sudden take action, without humans being in the middle or being involved," which can be tricky, says Eagan, but is necessary.

"Autonomous response is the only way forward when it comes to fighting AI attacks," she says.

— Video by Andrea Kramar

See also: