How AI empowers Asia CSOs to be proactive to business

Nicole Eagan, CEO of DarktraceAsk any CSO in Asia and they will tell you their biggest headache is dealing with the overwhelming amount of security alerts flooding their inbox every day. With the maturity (and buzz) of machine learning technology, more CSOs are turning toward this technology to ease that job. But according to Nicole Eagan, CEO of Darktrace, the technology is not meant to analyze and filter alerts. It is expected to drive cybersecurity experts from being reactive to proactive towards managing an organization’s risks.

“[Security teams] are always chasing yesterday’s attack and they are always behind in patching attacks. What we need to get security to do is to look forward,” Eagan told Computerworld Hong Kong in her recent visit to the city. The company, founded by machine learning specialists from University of Cambridge and intelligence experts from GCHQ and MI5, provides threat detection and protection using machine learning.

“The security space is very similar to the IT industry 20 years ago, when IT managers were always reactive to business needs,” she said.

Instead of spending time to study the alerts and patching vulnerabilities, Eagan said cybersecurity teams should focus on developing cyber risk strategies that align with business development. She said it is more important for the cybersecurity team to be involved in the due diligent process when a company goes through M&As.

“The reality these days is that you are also acquiring the cyber risks with that acquisition,” she said. “You are acquiring their past, current and future cyber risks. So the cybersecurity team should be working on that.”

The only way for the cybersecurity team to proactively control cyber risks, according to Eagan, is through machine learning to develop autonomous responses. It allows the organization to“free up the human security team to be forward looking and make a real difference long term to the business.”

She added that many security teams are wasting much time studying security incidents and alerts. This was also observed by a study from IBM, which found enterprise security teams on average sift through more than 200,000 security events per day, leading to over 20,000 hours of wasted time annually chasing false positives.

“[Security teams] are spending more time doing that than finding real threats in the network. It’s a real challenge, as the attacks are coming so fast,” she said.

Building an immune system with machine learning

One way machine learning can help to handle massive volumes of security alerts is by developing a threat detection and classification system similar to the human immune system.

According to Eagan, Darktrace’s machine learning engine studies the organization’s traffic pattern to identify normal and anomalous behaviors unique to the organization, then it applies probability on the anomalous patterns to decide if they are threatening.

“The immune system has a sense of what is ‘self’ and ‘not self’,” she said. “Our machine learning system is about learning what’s ‘self’ and what’s ‘not self’.”

She added that it is a self-learning engine simply by monitoring the organization’s traffic in five to seven days, without prior knowledge or data.

“We don’t rely on any historical data,” she said. “You use machine learning to look at past malware to predict future malware. But the attacks are dangerous because they are unknown. Even looking at historical data isn’t always useful.”

Antibodies with autonomous response

But the detection is just the beginning. Eagan said Darktrace’s key offering Antigena develops “antibodies” for its customers to provide precise and autonomous responses toward threats.

“It is a digital form of antibodies,” she said. “It not only detects threats, but also automatically responds to the threat using AI.”