If it takes a thief to catch a thief, in cybersecurity plenty of them are making a go of it. Through the industry’s brief history black hat hackers have frequently decided to become one of the good guys – often prompted by a spell inside a prison cell.
Until recently former spooks have not switched sides with the regularity of their opponents, or at least have remained characteristically quiet about it. Yet last year this pattern was broken with the emergence of Darktrace, a security company quartered in leafy Cambridge that recruited heavily from GCHQ and NSA.
The idea of those from the intelligence community taking on enterprise security has understandably caused a stir in the industry, not least among members of the press eager to meet a few spies. Despite the hype, Darktrace takes the view that it cybersecurity is a hot topic now, and the team it has assembled is merely fit for the job.
Spooks turned private sector
"Obviously there’s a number of very high profile security breaches that are influencing every workplace," said Nicole Eagan, chief executive of Darktrace. "One of the reasons for the interest [in Darktrace] is we have tremendous talent team of experts. These are people who have a long-term experience."
Darktrace’s big product is called Enterprise Immune System, it mirrors the human capacity for learning from viruses and adapting to them. As Eagan puts it, the approach is "not new or novel" in cybersecurity, but she believes her firm is rare in getting it to work in a real-time deployment.
If the approach is not original it is currently causing a stir in the cybersecurity industry. McAfee, currently rebranding as Intel Security, put its own Threat Intelligence Exchange, at the centre of its annual Focus event in Las Vegas, amid a general background noise in software around integration and analytics.
Darktrace brings this all together under its Cyber Intelligence Platform (DCIP), combining behavioural analytics, network data and other threat information into its Threat Visualizer, a kind of dashboard. As Dave Palmer, director of technology at the firm, put it, this allows you to "ask pretty much any question you want of the data", and get a response in as much depth as you like.
In physical terms the product comes as a box that sits on the network as a passive device, installing in less than an hour. Every week the company also produces a threat intelligence report from the data, with the machine learning improving the longer the product is used. All data in the box is encrypted, with the user holding the key, and by default the box cannot talk back at the network, but only listen.
Techies and spies on board
All the above has been bankrolled by Mike Lynch, a technology entrepreneur best known for selling his software company Autonomy to Hewlett-Packard.
As the founder of Invoke Capital, an investment firm, Lynch is estimated to have invested between £630,000 and £1.3m in Darktrace back in September 2013.
Vanessa Colomar, partner and head of communications at Invoke said the group prefers to keep a small portfolio of investments, allowing it to take on managerial roles if needs be. Eagan added that Lynch’s experience in growing start-ups had been of particular value for Darktrace, where he currently sits on the advisory board.
The other significant figure in Darktrace’s short history is Andrew France, former deputy director for cyber defence operations at GCHQ. After joining Darktrace in January he departed after only eight months to start his own consulting firm, claiming the firm needed someone else to oversee its expansion around the world.
"He brought a lot of value in terms of helping our development team understand an intelligence led approach," Eagan said, adding that he still has involvement in some of the company’s UK projects as part of his role on the advisory board.
The future of the firm
France’s departure in September seems not to have dented Darktrace’s ambitions, at least. With 50 employees, the firm is overseeing 65-60 deployments in various stages across the globe. These companies range in size from 100 workers to 100,000, mainly distributed across finance, transport, manufacturing, hospitals and universities.
The company hopes to have a greater focus on small and medium enterprises in the future, and will push into the Asia-Pacific region from next year. It is also particularly interested in industrial control systems (ICSs) and products at the enterprise end of the Internet of Things (IoT), both recent obsessions of the cybersecurity industry.
"[Our aim] first and foremost is to expand additional uptake of the Darktrace platform" Eagan said, adding that the firm would also "continue to create more awareness around this idea of using an enterprise immune system type of approach to help companies secure their environment".
For those now out of the shadows, it could be a busy year.