Cybersecurity agencies generally focus on preventing hackers from getting inside systems instead of stopping them from leaking information out. Now a new cybersecurity company called Darktrace is acting on this idea.
They have developed a tool, in collaboration with mathematicians from the University of Cambridge, that uses machine learning to catch internal breaches.
Majority of machine-learning applications rely on supervised learning which involves feeding a machine with huge amounts of data for recognizing patterns. This method works well if you are fighting a threat the system has faced before — which also becomes its limitation. Therefore, unknown threats are still capable of sneaking under the radar.
So instead of training on datasets that contain examples of previous attacks, Darktrace developed an algorithm that recognizes new instances of unusual behavior.
This machine-learning technique is based on unsupervised learning, which doesn’t require humans to specify what to look for. The system works like the human body’s immune system.
“It has this innate sense of what’s self and not-self,” says Darktrace co-CEO Nicole Eagan. Whenever the algorithm finds something that doesn’t belong to its system, it exhibits “an extremely precise and rapid response.”
In cybersecurity data, threatening behavior generally lies buried beneath an overwhelming amount of normal behavior. This is where unsupervised learning gains advantage over a supervised one by spotting behavior that doesn’t follow the usual pattern.
Darkface uses this software in combination with “physical and digital sensors around the client’s network to map out its activity.” Data collected from the system is then directed to over 60 different unsupervised-learning algorithms that work relentlessly to find anomalous behavior.
On detection of such behavior, the system quarantines the breach by cutting off all external communication from the infected device — until it’s resolved.
While all of that is effective, unsupervised training isn’t a cure for everything because cybersecurity is like the whack-a-mole game. And at the end of the day, the whole system is as secure as its weakest link.