#ISSEconf: Shifting to Self-learning, Self-defending Networks

Written by

Speaking at ISSE Conference 2016 in Paris today, Emily Orton, director of Darktrace, argued that traditional security approaches alone are simply now not enough to defend against evolving cyber-threats, instead advocating the use of machine-based learning to aid in the battle against cybercrime.

“The legacy approach to security, certainly in the last 10 to 15 years, has been around the integrity of the perimeter; keeping the border strong with the idea that you can keep the bad guys out.”

However, whilst Orton was quick to point out that basic security approaches like firewalls that aim to minimize risk at the boundary level are still necessary, on their own they will only go so far to protecting against ever-changing threats.

“The threat landscape is evolving very quickly,” she said. “We read in the media a lot of about databases being breached, personal details being sold on the dark web, websites being defaced, but actually the landscape has moved on a lot. Those attacks are still happening, but they’re having less effect. We’re moving into this new era where we’re seeing more of what we call ‘trust attacks’, where the integrity of the data itself is what’s at risk.

“If you’re a healthcare company [for example] and you’ve got patient data and a subset of that data is changed, that’s not just a financial hit you’re going to take, that’s a reputation issue.”

What’s more, she added, whilst external attackers are always evolving, the insider threat is always there too, and it’s the hardest to find because most circumstances of insider threat are not a result of malicious intent but rather accidental slip ups by staff.

The learning here, continued Orton, is that “you can’t expect your employees or insiders to make the right decision every time, that’s not going to happen. You can’t possibly be expected to track and secure every part of the network” either - you need a machine to help with the heavy lifting.

Instead, she urged companies to adopt a machine-based learning approach that works in such a way it mirrors the mechanism of the human immune system. 

“It’s a similar concept,” she explained, “the actual problem of finding abnormal activity continually, all the time, and making sure availability is still up and running and you’re still productive is what our human bodies do all the time. The clever thing about the immune system is the ability to know what’s in us, know the self and know what’s normal.”

This idea of a self-learning technology that’s going to be on the inside, understanding, constantly refining it’s grasp on what is normal is going to be critical in facing the challenge.

Further, machine-based learning technology with the immune system approach is now so advanced that it is not limited to defense, it actually has the potential to help in response; a machine taking action in real-time based on the threat or anomalous behavior it sees.

“The important thing about this,” Orton concluded, “is because the unsupervised machine-learning has such an accurate understanding of normal activity, what we’re able to do with that knowledge is be really precise and targeted in the way that response happens.”

What’s hot on Infosecurity Magazine?