The Industrial Immune System
Pioneered by Darktrace, and inspired by the human immune system, the Industrial Immune System uses advanced machine learning and artificial intelligence algorithms to deliver the world’s first cyber defense platform capable of identifying novel and emerging threats on industrial networks.
The traditional approach to cyber defense relies on the predefinition of threat – determining in advance the possible methods of attack against IT and OT networks. This strategy has proved itself incapable of defending today’s converged and dynamic networks from ever more sophisticated and targeted forms of attack. Tackling the novelty of modern attacks amid the growing complexity of our networks, requires an approach to threat detection that does not rely on prior knowledge of historical threats or definitions of what ‘malicious’ looks like.
The human immune system has evolved to deal with a similar challenge, by learning ‘self’ and continually adapting to new environments and novel threats. Indeed, the immune system is able to detect and defend against pathogens without having to have encountered them before.
Darktrace applies the same principles to defend industrial environments from cyber-attack, using machine learning and AI algorithms. Darktrace continually learns and develops an evolving understanding of ‘self’ for your organization. Every user, device on the network, controller on the factory floor, and field device has a unique ‘pattern of life’. By building unique mathematical models for every networked device across the organization, Darktrace is able to understand the normal functioning of ICS environments, and detect the subtle deviations and changes that occur during an attack, which would otherwise go unnoticed.
Like the human immune system, Darktrace Industrial Immune System does not rely on knowledge of previous attacks, or manual specification of what ‘normal’ looks like for a particular control environment. It works automatically to map, understand, and learn how different networks function and interact, and begins working from day one to identify threating behaviors in real time.
Machine learning can be thought of as the third and most recent machine revolution. The first was the replacement of muscle by machine in the industrial revolution. The second involved computers taking over repetitive tasks that had originally been done by people. Machine learning represents computers being able to undertake complex, thoughtful tasks.
The fundamental technology underlying Darktrace is powered by advanced, unsupervised machine learning, which is capable of learning what is normal and what is abnormal inside a network on an evolving basis, without using training data or customized models. This allows it to detect cyber-attacks that may not have been observed before, the ‘unknown unknowns’.
Legacy approaches to cyber security embody the second revolution: people describe what an attack looks like and then ask the computer to look for a match to that description. Darktrace turns this paradigm on its head, embodying the third machine revolution: the computer autonomously finds anomalous areas within large data sets, and makes intelligent judgements accordingly. This self-learning capability is transformative, allowing organizations to embrace interconnected networks, while defending their critical data and reputation.
Defending Industrial Networks
Industrial networks come in many forms, whether controlling batch manufacturing on the factory floor, overseeing a vast power grid, or monitoring the smart cities of the future, our control systems are becoming increasingly complex and interconnected. As OT and IT networks converge, the threat to critical infrastructure is growing and the need to understand and secure industrial networks has become unavoidable.
Modern industrial networks are highly complex systems involving the interaction of diverse and bespoke devices – legacy products, proprietary protocols, and custom solutions often work side by side with corporate IT technologies and the new generation of Internet of Things devices. This complexity can outstrip and overwhelm the ability of security teams to monitor and defend against cyber-attack and operational risk. In environments where availability and safety are key, this lack of visibility and understanding is a direct threat to the business.
Darktrace’s immune system approach is designed to learn ‘self’ for all forms of networked devices. Regardless of protocol or vendor, whether the device is a PLC or cloud database, Darktrace Industrial learns the unique ‘pattern of life’ for every entity on the industrial network. By learning without assumptions, Darktrace’s understanding of self is unique to each ICS that it is deployed within, and makes no distinction between IT, OT or IoT environments.
The founders of Darktrace include senior members of the US and UK governments’ cyber communities, from the NSA, CIA, MI5 and GCHQ.
Our expert team have had experience on the frontline of cyber defense, and have been responsible for the protection of critical national assets – people, public services, and core intellectual property – from some of the most insidious threats in operation, including both sophisticated insider attacks and large-scale, state-sponsored espionage groups.