Darktrace takes its machine learning technology to the next level, with an innovative extension of their core solution which entirely automates the process so that threats are destroyed as well as identified and slowed down.
British-headquartered Darktrace set up shop in 2013, with founders from the British intelligence community and mathematics faculties at the University of Cambridge. Their technology blended their approaches, combining machine learning algorithms to detect changes in network activity with mathematical modelling on top to reduce false positives. They grew rapidly upon hitting the market, but that initial solution still left it to the IT teams to actually eliminate the threats. Now they have extended that with Darktrace Antigena, which autonomously acts to destroy the threats as well as detect them and slow them down. It has been released into general availability.
“Antigena is the next step for us, which closes the loop,” said David Masson, Darktrace’s country manager in Canada. “Our approach to cybersecurity is fundamentally unique, combining machine learning and mathematics to detect threats in real time. It lets us understand the pattern of life for everything on the network, and in real time, so we can see things that deviate from that pattern.
“Because Darktrace knows the pattern of life on the network, it is able to enforce that pattern of life by identifying things that deviate from it,” Masson continued. “It slows them down, and stops their communication. Until now, however, while we detected these things, we didn’t actually remove them. That was done by security teams, who had the threats identified and slowed down for them. The next step, however, is the machines taking autonomous actions to defend against attacks, and that is what Antigena does. Not only does it identify them, it can deal with them.”
Antigena was actually launched into limited release last year to about 20 customers worldwide.
“We worked with them to evaluate Antigena over the year, and saw that it was consistently responding to stop attacks — without disrupting the business,” Masson said. “It enforces the pattern of life but doesn’t shut everything down. It only deals specifically with what the anomaly is, while allowing everything else to proceed.”
Masson cited an example which occurred in the testing last year, which involved an insider threat. The individual was trying to get his hands on an organization’s strategic documents about their Brexit strategy. He had been accessing files he wouldn’t access normally, and had been uploading a large amount of data. Antigena judged it was anomalous and blocked the movement of this specific data. It didn’t lock down the machine entirely though. Normal business was allowed.
Darktrace sells primarily to enterprises, but their market isn’t exclusive to that, and they sell into a broad range of verticals, not just the large financials who are obvious candidates for this type of offering. Masson thinks, however, that Antigena can significantly expand Darktrace’s Total Addressable Market.
“When we give presentations, we are constantly being asked, ‘can you fix the problem? Can you fix the problem?’ he said. “With Antigena, we can fix the problem. We think that this will really open up the market for us.”
Darktrace sells both direct and through partners. They have nine partners in Canada today – although Masson made a point of saying that they are always looking for more. For partners, Antigena is a simple add, with no additional training required.
“There’s nothing extra to learn, because this is already on the Darktrace box,” he said. “It just has to be activated. There will be some training for Antigena available for partners, but it’s more around explaining to customers what it does.”