According to the AV-Test Institute, around 400,000 new malware strains are detected on any given day. Phishing, malicious code (malware) and hacking are some of the top attacks any connected device is vulnerable to. There are solutions to thwarting the incoming attacks, but dealing with insider leakage is much more difficult.
Darktrace, a global artificial intelligence company for cyber defence which was found in 2014, has been creating ripples in the cyberspace with its cutting-edge solutions. Modeled on the immune system of humans, Darktrace’s AI products are smoking out the dormant hackers who ride below the radar and evade detection.
In partnership with the University of Cambridge, they have developed an anti-hacking tool which runs on unsupervised machine learning models.
Models can be trained for threats with historical data but hackers come with sneak attacks out of the blue. They intrude and hibernate even before the system can detect them.
Unsupervised machine learning allows the models to detect patterns with very less data. That is how these cyber-ninjas go undetected and there is little to no information known regarding their dwellings.
Bridging the gap between automated threat detection and a security team’s response, Darktrace Antigena represents a new era of cyber defence that autonomously fights back.
Darktrace’s Antigena is an autonomous response solution that takes action against in-progress cyber-threats, limiting damage and stopping their spread in real time. The developers say that their technology works like a digital antibody, intelligently generating measured and proportionate responses when a threatening incident arises, without impacting normal business operations. This is a game changer in the cyber security space and it can only become better going ahead.
Powered by Darktrace’s AI, Darktrace Industrial is another well-crafted product which passively monitors network traffic across OT and IT, automatically generating localised models for every user, device and controller in the system. Darktrace Industrial’s self-learning approach means that it can learn ‘normal’ behaviour, irrespective of the type of proprietary protocol or industry application.
“As complex as it is, it has this innate sense of what’s self and not self. And when it finds something that doesn’t belong—that’s not self—it has an extremely precise and rapid response,” said Nicole Eagan, CEO, talking about Darktrace’s capabilities.
Darktrace Cloud is another self-learning cybersecurity managing tool which is compatible with popular cloud platforms like AWS, Azure and Google Cloud. Darktrace Cloud is fully configurable, allowing organisations to see all or selected cloud traffic without requiring access to the hypervisor and with a minimal performance impact. Available for Linux and Windows, Darktrace Cloud is robust and resilient, providing end-to-end coverage across the digital business.
Darktrace’s software maps their customers’ activity using data from physical and digital sensors. Machine learning algorithms run this data over multiple layers which eventually will come up with results to be shared with the clients.
This easy to install; plug and play software assures the user with real-time threat detection and network visualisation. With machine learning, it tries to distil intelligence into the complicated web construct.
Deep Learning For Deep Web
Phishing makes for more than 90% of the cyber attacks. Usually, attackers send tailored emails to the victims which when opened, grants access to the illicit entities.
Spam detection in e-mails is a well known, widely deployed application of machine learning models. So, a deep learning network trained on raw data from threats can thwart future attacks. Firms like Technicacorp have developed DeepInsight which analyses the text to detect any potential phishing baits.
A neural network trained on millions of legitimate and malicious files will be able to predict and prevent any malware activity. What makes this challenging is the nature of the attack. A successful malware attack morphs itself with the files in the system, making it undetectable and even trickier to run pattern recognition machine learning models.
Smart filtering could bait the nefarious actors to honeypots for further analysis. The system could be coupled with packet analysis techniques such as deep packet inspection to dodge Distributed Denial of Service (DDoS) attacks or detection of nefarious scans.
So far, standard techniques like NLP for text analysis along with regression models and others have been deployed. Machine learning models are getting better with time and robust with agile systems for real-time detection. But, the nature of attacks also, evolve with time. The fact that the attackers can deploy their own machine learning models can’t be ignored which shall keep the cybersecurity professionals on their toes or will be duped into chasing their own tails.