Security

Former spy launches startup aimed at building an 'immune system' for networks

Former GCHQ spy and Darktrace chief Andrew France

Above: Former GCHQ spy and Darktrace chief Andrew France

Image Credit: Courtesy Darktrace

Former British spy Andrew France has emerged from the shadows and wants to crawl inside your network.

His firm, Darktrace, has a novel virtual security solution based on Bayesian probability theory, a complex mathematical concept developed at Cambridge University two and a half centuries ago.

France, a no-nonsense Englishman, recently left Britain’s spy agency, GCHQ, after a distinguished 30-year career. He was the agency’s deputy director for cyber defense operations. That gave him a ringside seat to the most complex and deadly hack attacks on the planet. He’s now the chief executive of Darktrace.

At the heart of Darktrace is its Cyber Intelligence Platform (DCIP), a software program that sits inside the network. France calls his security solution, honed by years of understanding and fighting against cyber attacks, an “Enterprise Immune System.”

Indeed, France and his 65 member team liken viruses and malware to physical human bodies attempting to stave off viruses like the common cold. Darktrace’s approach to network security says there’s no way to avoid being hit, so you have to fight the attack from within.

dcip

The bespectacled France scorns those who believe their networks are impervious to violent intrusion.

“Traditional approaches to the problem of breaches [are] a practical impossibility. The next generation of cyber breaches [has] arrived,” he told VentureBeat.

“Occasionally I’m going to catch a cold. But the cold won’t kill me. You have to realize these things are going to happen to you.”

Darktrace’s approach doesn’t perform like a firewall or, as France said, a moat standing outside the network attempting to thwart against assault. Rather it sits inside, looking for anomalies. When it locates them, it works to neutralize the threat. Quickly.

Darktrace explains the solution this way:

DCIP is uniquely capable of identifying human and machine behaviors that represent threat with a high degree of accuracy — and without a deluge of false positives. Powered by revolutionary Bayesian mathematics, it has a unique inside view of an organization’s entire network activity at the deepest level and is able to automatically learn from all information that flows through the network.

Polymorphic viruses these days are smarter than ever and have evolved to the point where they’re able to think and adapt once inside your networks, France said. To avoid detection, they may steal only a fraction of the available data at any one time — a credit card, a date of birth, or a phone number — and then move on.

“You’re never, ever going to keep up with the evolving threats. That’s a fool’s errand,” he said, pointing to the brutally efficient breaches launched against American retail giant Target, Neiman Marcus, and last week, eBay. Nearly 150 million user accounts were compromised in the eBay attack.

France emphasized that network security has had to play catch-up to the threats prevalent today. That’s because, as France pointed out, the Internet was never designed to be secure.

The process of attribution, that is, locating perpetrators, is a very difficult science, France said. Net users need to move away from the fixation on where a threat is coming from and instead focus on solutions for neutralizing the threat.

“Data is a weapon,” he said.

Asked how Darktrace is doing market-wise, France had a ready answer. “It’s going like a rocket.”