Darktrace – it sounds like the code name for a special op run by Harry Pearce and the team from Spooks.
It’s actually a young Cambridge company which became Mike Lynch’s first investment through his Invoke Capital fund and which is already making a global impact with its cyber security technology.
Based on early successes around the world Darktrace looks odds-on to become Cambridge’s next $billion business. But given the potential for exponential growth in the cyber security market the sky is the limit.
The Spooks analogy only holds so far. Darktrace CEO Andrew France is ex-GCHQ, which came under far from friendly fire from Edward Snowden who leaked 1.7 million sensitive documents from the National Security Agency (NSA) a year ago.
Whatever your moral stance on Snowden, The Voice of Russia this week quoted senior intelligence sources as saying that a quarter of the criminals being tracked by GCHQ had fallen off the radar since the Snowden leak and claimed that hundreds of drug lords and people traffickers had gone to ground after being alerted to methods of detection used by GCHQ.
Darktrace also has Sir Jonathan Evans, former Director General of MI5, as a director while the company was founded by Stephen Huxter, another ex-MI5 man.
France said that Darktrace’s technology could have stopped the Snowden leaks – but the weapon here in terms of detection and prevention is down to Cambridge University mathematics rather than waterboarding or any other gruesome interrogation techniques favoured in Spooks and 24.
It may not be as sexy as the TV persona but just as GCHQ and MI5 protect the UK from a range of established and emerging threats which challenge the nation’s security and interests, so Darktrace’s technology helps governments and corporations close the gap between attack and defence.
Andrew France says these organisations are finally starting to get the message that hackers will thrive by feeding off old-fashioned approaches to cyber security.
The Darktrace proposition starts from a completely different – and frankly scary – premise: That your system has probably been hacked already. But if you sit Darktrace software at the heart of your networks it can stop the danger spreading fatally.
The key is for an organisation to keep pace with the speed and sophistication of today’s uber-slick attackers, says France. The analogy he uses is the human immune system. “We can never guarantee that you won’t catch a cold but we will stop it turning into pneumonia, which might kill you.”
Darktrace provides an appliance that sits in the network and profiles not possible attack vectors, but the network itself, as well as the devices that connect to the network and the network’s users. It uses the Cambridge University derived Bayesian algorithms to learn the expected behaviour in all these three layers and spot when something is amiss. And, as France points out, sometimes the enemy can come from within – a disgruntled employee rifling payroll or other data that should be private and publishing it for malicious reasons; as in the recent experience of grocery chain Wm Morrison.
As a matter of course, Darktrace detects the threat from external hackers probing networks for weak spots. If the software detects illicit intrusion it alerts administrators to any abnormal pattern of behaviour and seeks instructions for action. It is intended to reinforce the role of firewalls rather than replace them. France said that’s the crux of the whole cyber security issue – the need to change attitudes towards the increasing threat.
“Using old world thinking and trying to protect your networks by building walled cities is playing into the hands of the cyber criminals. And anyway they have probably already broken in, so the challenge is to understand that and stop the threat from spreading.
“Start from the standpoint that we are all at risk but where are we most at risk? From the feedback we are receiving and new business that we are winning it seems that the message is starting to get through.”
France believes Darktrace has advantages beyond technology capability. The senior management team has a combined 70 years’ experience in cyber operations. France says: “That means our team has unique insights into the defense of critical national infrastructure, both digital and physical, and has been foremost in proactively countering the cyber-attacks against the nation’s most valuable information assets.”
Another huge advantage, he believes, is having Mike Lynch as major backer. Alan Turing was France’s childhood hero and endeavoured to match advancements with human-driven processes, laying the foundations for the thinking behind Lynch’s Autonomy venture and now Darktrace – not least in the recognition that computers don’t attack networks but people attack networks.
France said: “Our progress to date has far exceeded our initial aspirations. It is tremendously helpful to the business to have Mike Lynch – a tekkie geek if you like – behind us rather than some sophisticated VC company that doesn’t really understand the technology or its capabilities. Mike gets excited about the opportunities in cyber security. We are benefiting from drawing on a great set of academic brains and world-class Cambridge mathematics.
“Add to that a set of guys in management who come from the intelligence world and understand the technology and are able to explain its capabilities to world governments and corporations and it is little wonder we are doing so well.”
From a standing start Darktrace has already risen to 65 people and France “suspects that by Christmas we’ll be up to 100.” The company has operations in Cambridge and London in the UK and elsewhere in Europe (eg Italy, France, Germany and the Nordic countries) – and on the West Coast of the US.
“It has literally gone like a rocket,” says France. “and we have managed to stay pretty lean. The cyber security sector has become a very hot environment and our credentials are proving compelling to some pretty powerful governments and multinationals. The credibility factor means that people are coming to us for help and we are not having to go our chasing that many deals.”
Hiring senior management from the intelligence world cognoscenti was another masterstroke by Lynch who did much the same thing when he persuaded White House adviser Richard Perle to become a non-executive director.
The homeland security contracts Autonomy won after Perle’s appointment were not coincidence.
France said he quit GCHQ for the private sector because he wanted to help people manage the risk inherent in their systems in a much more realistic and mature way. “I got frustrated in government and felt sometimes that I was a professional undertaker. With Darktrace I am able to transform the way governments and businesses approach cyber security and generating better habits could prove transformational and save millions of people a lot of misery and money.”
You just have to look at Facebook, Google, Twitter and social media sites generally to realise the amount of passwords floating around in cyberspace which all represent opportunities for cyber criminals. Then add in the information held by governments, NHS trusts, businesses in every sector and all shapes and sizes and you get a feel for the scale of the global problem Darktrace is addressing.
France believes that the “massive payback from cyber crime as opposed to traditional crime” would have become evident to millions around the world since the eBay debacle.
The recent cyber attack on eBay meant that 145 million customers’ personal details were stolen by hackers. France says there are so many areas of vulnerability opened up by the global data deluge – access to financial details and personal ID data that clever cyber criminals could monetise. Organisations had to realise the treasure they held in this data.
“What we are preaching is an ‘eyes wide open’ approach in business and government,” he says. “You wouldn’t walk up to a complete stranger in the street and hand them your wallet. Yet this is effectively what sloppy organisations are doing by not recognising the threat.
“Organisations also need to drive good habits right through their often international supply chains.”
France says that Darktrace “understands the human traces behind every attack.” Its solutions are anchored in enterprise immune systems technology, which detects subtle indicators of compromise and threatening behaviours – even when those behaviours are brand new, complex and constantly changing.
“The age of surrounding your information with higher and higher walled cities is over. Legacy approaches permanently leave you a step behind. Darktrace moves at the same speed as the threat, automatically learning from an organisation’s ongoing activity in real time to detect threat behaviours as they emerge.
“Our technologists are world experts in signal processing and machine learning and have experience deploying some of the world’s largest software systems, dealing with highly sensitive data while complying with changing standards.”
Drilling down to the bottom line, Darktrace has the best of both worlds in terms of bridging that gap between attack and defence in cyberspace. It can clean up the acts – and the systems – of those sloppy companies who thought they were failsafe and have been badly hit. And it can save thousands of organisations worldwide from ever having to suffer the same fate.
Harry Pearce would raise a glass or two of mature malt to toast that kind of result.