Apr 28, 2017
#IPExpo 2017’s Most Memorable.
Big Hitters descend on Manchester Central to showcase new offers. One company stands out, for the second year running.
As IPExpo concluded this week, Ethar Alali looks back on another memorable event and considers his choice for stand out vendor. It may come as a surprise.
Ethar Alali: NEW DarkTrace Antigena
Well, they did it again!
Last year I made my way to the loos and was collared by the DarkTrace team. For an inconvenient moment on the way to the conveniences, this was the stand out event at the 2016 show.
This time round, I made a point of going there myself. DarkTrace impressed my inner old math geek last time, so I was keen to see what he company was doing, perhaps to evolve to the next logical stage I picked up on last year.
Well, they did it again.
For those who are not familiar with DarkTrace, the Cambridge based, UK company built a product utilising Bayesian Inference, a statistical machie learning technique often used to adaptively “learn” about a set of input signals and make and crucially, improve their predictive power. DarkTrace looks for outliers in normal behaviour of several hundred signals on an enterprise network and alerts production teams to these anomalies.
What was missing for me last year, was the ability to act on that information. As someone who’s a regular cloud user, especially of AWS, the ability to act, scale, terminate or otherwise self-heal an application platform, including it’s technology architecture, is pretty standard practise and I felt DarkTrace lacked that.
Enter Antigena
I approached the stand and spoke to one of the chaps. He introduces DarkTrace, not as well as the chap from last year. I raised the point from last year about self-healing, then the chap said something very very interesting!
DarkTrace Antigena was put on general released at the beginning of April. The last day of the last financial year, to be exact. The platform now acts against threats detected by DarkTrace, which fights against in-progress, internal and/or external cyber-attacks. Catching anomalous event as they happen and acting accordingly.
For those of us with a sufficient statistics background, a few things immediately become pertinent.
- What is the probability DarkTrace misses a key cyber attack (False Positives)?
- What is the probability DarkTrace reacts to a fake/non-existent threat (False Negatives)?
Both of these are important, since the first allows compromise, the second impacts productivity. However, this has to be compared with a comparative human behaviour which, as Kevin Mitnick highlighted in the keynote on day 1, is the weakest part of every enterprise.
It doesn’t have to be better, simply no-worse
According to the rep, DarkTrace Antigena takes 3 months to learn about its environment. During that time, an enterprise platform runs exactly the same as it did before. Thus, the risk is similarly, exactly the same as it was before. If you need to pull DarkTrace out for any reason, it’ll just be your old network.
This naturally means that during that 3 month period, you can train your staff to manage DarkTrace alerts, as well as react to Antigena action. This means there isn’t an excessive increase in risk, if any at all, across people and systems.
Antigena will return its investment through less emergency action (read, cost savings), penalty savings,shareholder value and reputational damage, freeing production teams to work on other tasks, of which there are plenty, in turn affording greater agility to enterprises. This addresses the impacts of the two statistical errors as follows:
- If DarkTrace misses a cyber-attack, it has to be compared against a human missing a cyber-attack
- If DarkTrace quarantines a particular user by accident, it has to be compared against human quarantine
In reality, if done well, DarkTrace Antigena will be no worse than human interactions and in most cases, will be better and always cheaper to run longer term. Cutting down overtime, on-call and emergency action. Antigena holds a lot of promise and I for one and excited to see where it goes.
Were you at IPEXPO this year? If so, what did you like about it? Tell us your story below!
