Contributed by: Mike Gluck, CTO, Sanity Solutions on January 9, 2018.

Every week, and what often seems like every day, we are bombarded with news of high-profile security breaches that threaten our companies, our government, our personal identities and our society.

In some of my Technology Tuesday blogs, I discuss some innovative security technology approaches, as well as some common sense approaches, for any in business who has the responsibility to protect their corporate assets and their employees. At Sanity Solutions, we are fond of the commonly quoted definition of insanity: “Doing something over and over again and expecting a different result.” As CTO, I am constantly looking for paradigm shifts and innovative products that can provide significant breakthroughs or leverage in achieving desired results.

The imperative for new approaches has never been more urgent and the stark reality is evidenced by two charts from a recent VMware presentation:

The first chart from the Gartner Group shows visually the $80 billion of revenue that business and consumers spent in 2016 with companies in 15 segments of the Security Industry.

And what has been the result of spending that $80 billion?

The answer sadly is that all that “investment” did not prevent $445 billion in security losses. Furthermore we are “spending more (with % of IT spend doubling in the last 3 years) and getting further behind. Clearly, this fits Einstein’s definition of insanity!

There are a couple of simple observations that go a long way to explaining this disheartening trend:

  • It is estimated that a vast majority (some say 75% to 85%) of all security spend is for trying to find the “needles in the haystack” and to keep the bad guys from breaking in.
  • However, the “attack surface” is too big and getting larger everyday with mobile phones, hand-held computers, wireless, and the increasing Internet-of-Things with “smart appliances, smart homes, smart cities, smart cars,… everything.”
  • While the benefits of technological advancements are phenomenal, the bad guys seem to be utilizing advanced technology for ominous attacks faster than we can keep up.
  • Attackers are using automation (i.e. bots) to propagate malicious software at lightning speed.

There is an urgent need to “think differently”. Fortunately, there are innovative companies that are doing just that. In my latest security focused blog series, I highlight 3 vendors that are each utilizing Artificial Intelligence and Machine Learning with new approaches to Core Infrastructure, End Point and Application Protection.

The first one is Darktrace, a U.K.-based cybersecurity company founded in 2013 by personnel from British Intelligence (GCHQ) agencies teaming up with mathematicians at Cambridge University. Rather than the traditional approach of gathering information on attacks and monitoring hackers, Darktrace developed over 200 algorithms and machine learning to monitor a company’s own network and to detect low-level anomalies that might indicate an attack.

Darktrace calls their approach “The Enterprise Immune System”. Just like our bodies’ immune systems, this technology is very adept at early warnings and sensing that something is not quite right. Like DNA, modern cyber-attacks constantly evolve and mutate, and therefore, often avoid detection. Fortunately, our human immune systems are cleverly continuously learning and on the lookout on our behalf. Similarly, the Darktrace EIS platform uses advanced machine learning to learn the unique pattern of life for every user and every device in the organization, and with advanced pattern analysis, can detect anomalies and deviations in real-time and determine if the potential threat is serious enough to require immediate response.

For example, rapid encryption of file systems would represent a significant deviation from a firm’s normal pattern of life. Ransomware is capable of encrypting an entire network in a matter of minutes, making it almost impossible for human security teams to gain control over these kinds of fast-moving attacks. The Darktrace platform can take autonomous response in seconds. In one documented case, the Darktrace Antigena product neutralized the threat 33 seconds after malicious activity began, by interrupting attempts to write encrypted files to network shares.

One amusing account, only because the hack was prevented, was reported in July about how hackers attempted to steal data from a casino through a smart fish tank that was connected to the internet. By using the fish tank to get into the network, the attackers scanned and found other vulnerabilities and moved laterally to other places in the network. The fish tank was just one of nine unusual threats that were identified on the corporate network. For more information on this story, here is the link to the July 19, 2017 article in CNN Tech:

In summary, the Darktrace Enterprise Immune System represents new thinking and a fresh approach that has the potential to transform the security landscape and allow business to take back control over their intellectual property and corporate information assets. The old model clearly does not work. Darktrace’s immune system approach takes a more pragmatic approach to closing the gap between attack and defense by recognizing that the attack surface is too big and/or that phishing scams will eventually catch the unsuspecting or novice user clicking on a malicious link. A better approach is to assuming that the perimeter will be breached and compromised, and instead to concentrate on the tools to react and defend quickly.

If you want more information on Darktrace or to get a free copy of the Darktrace Global Threat Report 2017 Selected Case Studies, let us know at