It’s no secret that there’s a constant game of cat and mouse playing out between hackers and security experts, with both sides working their hardest to stay ahead of the other. While hackers and assorted cyberattackers are always on the lookout for new vulnerabilities to exploit, however, unfortunately security systems can be a bit backwards looking in their approach — relying on digging back in the archives to try and see how future hacks may play out.
That’s what Antigena, a machine learning security system developed by British cybersecurity startup DarkTrace is trying to change.
“Digital defenses are often based on the idea that if we could just understand yesterday’s attacks then we’ll be able to stop them when they get repeated,” Dave Palmer, DarkTrace’s director of technology, told Digital Trends. “That makes a bit of sense because it’s useful to have protection that knows what went wrong in the past. But it doesn’t do you any good at all if you’re faced with a type of attack you haven’t seen enough examples of to reverse-engineer a solution. That’s a problem when you look at the massive number of indiscriminate, wide-scale attacks which are launched every single day, looking for any kind of foothold they could get. We wanted to do something about that.”
Antigena’s “digital antibodies,” on the other hand, use the latest machine learning technology to work out when an attack is taking place — even if it’s unlike any attack that’s happened before. They then warn their operators so something can be proactively done about it.
Palmer compares an obvious threat like ransomware (“which, from a mathematical perspective, looks like a bomb going off in your network”) to a cleverer cyberattack willing to bide its time by acting subtle. This might mean doing a bit of reconnaissance one day, and then a week later trying a set of passwords it’s learned on a different server. Such a strategy may fool a system designed to look for ransomware, but won’t stump Antigena.
“The aim is to know your system well enough that, if something strange happens, we can detect it because of its strangeness — not because we’re looking out for well understood, previously seen attack techniques,” he said.
Such a tool makes Antigena a valuable tool not just for the big banks and hedge funds which use it, but also smaller, more bespoke businesses without a track record of being hacked.
“I’m absolutely fascinated by security systems for places like chocolate factories,” Palmer said. “They often have completely bespoke infrastructures, industrial environments, and production systems. In those cases there’s no real concept of being able to use rule-and-signature-based security, because there are no rules and signatures for what an attack on a chocolate factory might look like. As a result, they’re much more open to using machine learning technologies to investigate strange goings-on.”