Sign up for our newsletter
Technology / Cybersecurity

Does Darktrace’s cybersecurity tech live up to the hype?

Can the company, which is about to IPO, become a standard-bearer for British tech in the post-Brexit era?

Hailed as a shining light of UK tech, cybersecurity business Darktrace is currently preparing for what could be a bumper IPO. A lot is riding on the success of the flotation, which many hope will provide evidence of the post-Brexit UK’s ability to attract capital and build globally significant tech businesses. But as the company targets a valuation of up to £3bn, does its AI-driven system live up to the hype?

What is Darktrace?
Darktrace’s enterprise immune system helps businesses fight off cyberattacks. (Photo by Piotr Swat/Shutterstock)

Darktrace confirmed last week that it intends to float on the London stock market, with chief executive Poppy Gustafsson describing it as “an historic day for the UK’s thriving technology sector”. News of the long-awaited flotation was welcomed by leading industry figures, with Tech Nation CEO Stephen Kelly stating: “Darktrace has all the hallmarks of a great UK-based tech business, AI specifically is a strong area in British technology and with companies like Darktrace we are increasingly leading the way globally.”

Prime minister Boris Johnson is one of those to have taken an interest in the company’s success, having reportedly met with executives from Darktrace, and other high-growth tech firms, in December to encourage them to list in London rather than New York or elsewhere. Johnson’s involvement is an indication of how high the hopes are that Darktrace’s IPO will prove the UK’s credentials as a source of technology innovation and a destination for investment.

What is Darktrace anyway?

Founded in 2013, Darktrace uses unsupervised AI to map its customers’ systems and build up a picture of normal behaviour within those systems, which evolves over time as the company changes. This allows its software, which it dubs the Enterprise Immune System, to spot anomalies and detect and respond to cyberattacks as they happen. For example, it says it was able to respond to the 2017 WannaCry attack within seconds, “protecting customer networks from inestimable damage”.

White papers from our partners

It now serves 4,700 customers around the world, including high-profile organisations such as Rolls-Royce and the NHS, and its IPO filing shows that in the financial year to the end of June 2020 it brought in $199.1m in revenue. Revenue for the six months to December 2020 was $126.6m, suggesting 2021’s full-year figure could surpass that, and in the past three years it has enjoyed rapid growth in the US market.

Jointly headquartered in Cambridge and San Francisco, Darktrace has doubled its headcount over the past two years to 1,800, with the majority of employees based in Europe and Asia.

Does Darktrace’s technology stack up?

Darktrace’s technology has its roots in the signal processing and communications laboratory at Cambridge University, which is home to some of the world’s leading authorities on Bayesian probabilistic theory and its application in machine learning.

“Basic machine learning doesn’t incorporate any uncertainty about the problem you’re trying to solve,” explains Professor Simon Godsill, professor of statistical signal processing at the university. “Bayesian theory is good at teasing out that uncertainty by giving you a distribution of answers. It will look at a picture and say there’s a 0.8 probability it’s a dog and 0.2 probability it’s a cat, rather than hedging its bets one way or the other.”

Professor Godsill’s PhD supervisor was Professor Peter Rayner, founder of the signal processing lab, which has been central to the development of recursive Bayesian estimations, or Bayes filters, calculations which can speed up the process of analysing data and coming up with probable answers. Bayes filters are thought to play a central role in Darktrace’s system. Also studying under Professor Rayner at the time was a certain Mike Lynch, who would go on to become one of Britain’s best-known technology entrepreneurs after founding Autonomy, an enterprise search engine based on Bayesian principles. He has been a driving force behind Darktrace’s rise to prominence, and several of the company’s co-founders are former Autonomy employees.

When Darktrace started out it was very innovative, but I think the competition has closed the gap.
Joel Stradling, IDC

While Darktrace’s AI prowess gave it the edge in 2013, when many companies were still concerned with “perimeter” security – building an impregnable wall around their systems – the landscape has altered radically since then and deploying AI is becoming the norm. “When Darktrace started out it was very innovative, but I think the competition has closed the gap,” says Joel Stradling, research director for European security at IDC. “Its system is sophisticated and it has a compelling message, but it’s becoming increasingly difficult for the company to differentiate based on that.”

Indeed, in recent years the company seems to have focused on rapid growth rather than product development. In the year to June 2020 it spent $12m on R&D and $163m on sales and marketing, according to its IPO filing. “I don’t think anyone would question Darktrace’s technology or its capabilities,” says David Bicknell, principal analyst in thematic analysis at Global Data, who covers the cybersecurity sector. “It has a good market offering and a good customer base, and appears to be going places. With the people it has on board, it is able to make the most of its technical capabilities, even if there are other companies in the market with similar capabilities.”

The view from the security community

Indeed, Darktrace has been adding to its executive team in recent months with a number of high-profile appointees. Its board of directors includes Sir Peter Bonfield, the ex BT CEO, and former science minister Sir David Willetts, while its advisory council comprises the likes of former MI5 director-general Lord Evans, Alan Wade, who had a 35-year career in the CIA, and ex-home secretary Amber Rudd.

Several of Darktrace’s founders are also former GCHQ staffers, and CEO Gustafsson advises the government on cybersecurity matters. But despite these close links to the intelligence services, a security community source told Tech Monitor that the company keeps its distance from the spooks. “It has ex-GCHQ people but it’s not hanging around at Cheltenham all the time, and it’s not like some of the American companies you hear about working closely with the CIA,” they said. “I say that positively because it has stood on its own two feet from day one; it has a good business model and has employed good technologists, some of whom happen to be ex-GCHQ because that’s a reliable source of cybersecurity analysts. It’s not a company I would describe as particularly close to the government.”

The source added that Darktrace’s product is generally viewed positively by the wider cybersecurity community, but that its technology is not considered revolutionary. “If a critical infrastructure company were to say we’ve got Darktrace, my reaction would be that they’ve made a very sensible decision, but don’t expect it to change the world and solve all your problems,” they added.

The Mike Lynch factor

Darktrace’s forthcoming IPO is unlikely to be blighted by the issues that caused Deliveroo’s to flop. But the involvement of Lynch, who was Darktrace’s first backer through his VC fund Invoke Capital Partners, has cast a shadow over the flotation.

The entrepreneur stands accused of perpetrating an accounting fraud by inflating the valuation of Autonomy before selling to Hewlett Packard for $11.1bn in 2011. Within months of the purchase, HP wrote down the value of Autonomy by $8.8bn, and has since been pursuing Lynch and other former Autonomy executives through the courts. A verdict is due imminently from a high court trial which concluded last year where HP is attempting to sue Lynch and former Autonomy CFO Sushovan Hussain (himself a former Darktrace non-executive director) for $5bn. Lynch denies any wrongdoing and is counter-suing HP for up to $125m in damages, but he also faces potential extradition to the US to face criminal charges relating to the deal, with Hussain having already been found guilty by a US court of perpetrating wire fraud in relation to the takeover, a conviction which earned him a five-year prison sentence.

Darktrace has been distancing itself from Lynch and Invoke, with which it previously shared several back-office functions, in recent months, but he retains a 19% stake in the company and sits on a newly created science and technology committee, having resigned his place on the company’s advisory board. In its IPO filing, Darktrace says it considers the likelihood of it becoming involved in any indictments issued to Lynch, Hussain or Steve Chamberlain, Darktrace’s former CFO who is also involved in the Autonomy dispute, as low.

Global Data’s Bicknell says the IPO will be a good test of the “value institutional investors put on governance”. “The Mike Lynch stuff muddies the waters a bit,” he says. “If governance is really important, this IPO might be affected. But if people don’t see governance as important, then it’s likely to fly on the back of the technology.”

What does the future hold for Darktrace?

While Darktrace will be hoping its IPO can propel it to greater heights as an independent company, IDC’s Stradling says it could become the target for an acquisition by one of tech’s bigger names. “Companies like Microsoft and Google have come a long way with their own security offerings, and obviously have a much bigger scale than Darktrace has,” he says. “You don’t have to try and compete with [Big Tech] because you play at the fringes and find a niche, but I would see Darktrace as a company that might get swept up by one of the bigger guys.”

Stradling says the company’s customers and team would both be attractive to potential suitors. “If a company wanted to expand into the UK or one of the other markets where Darktrace has a good footprint, they would be a very attractive proposition,” he says. “And it’s well documented that it’s hard to hire people in cybersecurity, so getting access to their staff and proprietary technology would be attractive too. I would question whether Darktrace would be around for that long before someone snaps it up.”

Matthew Gooding

News editor

Matthew Gooding is news editor for Tech Monitor.