Company: Darktrace, San Francisco, CA
Company Description: Darktrace is a world-leading cyber-threat defense company. Its Enterprise Immune System technology automatically detects and responds to emerging threats, powered by machine learning and mathematics developed at the University of Cambridge. Darktrace models the ‘pattern of life’ of every device, user, and network in an organization, identifying and mitigating cyber-threats before damage is done.
Nomination Category: Company / Organization Categories
Nomination Sub Category: Technical Innovation of the Year - At Organizations With Up to 1,000 Employees
Nomination Title: Darktrace Antigena
Tell the story about this nominated innovation since January 1, 2016 (up to 650 words). Describe how the innovation was discovered, developed, refined and/or deployed. Provide an assessment of how the innovation has impacted or will impact your organization, your industry, markets or society.TEXT REDACTED FOR PUBLICATION
One of the biggest challenges of cyber security is responding at the right speed. Most organizations are reliant on human specialists who, even with the best detection tools, can only move so fast. Ransomware is a good example of an attack that continually outpaces us – humans simply cannot intervene quickly enough to avoid serious damage. Legacy approaches to security cannot keep up with the next generation of cyber warfare, which itself relies on AI technologies. Rules and signatures are not sufficient on their own to combat these evolving attacks. Darktrace recognized that to keep up with today’s threats, defenders must be equipped with self-learning technologies too. Antigena, the world’s first autonomous response technology, is putting companies at an advantage in the cyber arms race.
Having applied unsupervised machine learning to the challenge of threat detection, the Darktrace R&D team saw that similar technologies would be instrumental for autonomous network defense. Antigena extends Darktrace’s proprietary mathematics to the realm of self-defense. This makes it possible for networks to defend themselves by automatically selecting and executing the most effective action to take at the first sign of threat.
Antigena thus allows organizations to confront increasingly automated attacks without disrupting business. Its precise and proportionate actions help security teams gain back the time advantage that is so crucial when it comes to mitigating damage. But it will take time to develop public trust in automated technologies.
We have already seen this play out with automated, self-driving cars—the technology is in place, but human motorists do not trust its safety, preferring instead to take driving into their own hands.
Consequently, Darktrace thought it was important to allow our customers to experience Antigena in ‘human confirmation mode.’ During this recommendation period, we give security teams the opportunity to see and validate the decisions that Antigena would make. Once customers feel confident in Antigena’s choices, they can choose to allow it to carry out those actions without waiting on human approval. We believe that as customers become more comfortable with a machine-led defense, cyber security and response will become fully automated.
Part of Darktrace’s core detection technology, the Enterprise Immune System, Antigena functions as a ‘digital antibody,’ completing the end-to-end functionality of the Enterprise Immune System by intelligently neutralizing threats.
Antigena’s layer of intelligent decision-making and response stems from an understanding of the ‘pattern of life’ of an enterprise. The Enterprise Immune System self-learns what is normal for a network, allowing it to detect subtle changes in behavior that indicate anomalous activity. Antigena then takes proportionate, measured actions to respond to the identified threats, making exact choices that will return an anomalous user or device back to its normal behavior profile. Its methodology ensures that normal working activity is permitted and malicious actions are prevented, effectively eliminating false positives.
Antigena is also self-improving. It monitors the actions that it produces to better understand an organization’s threat surface area. Determined attackers or insider elements will not stop at the first attempt—malicious software often has many fallback routines to run in the event that it is prevented from functioning.
Antigena and its modules will send the results of these failed attack attempts back into the Darktrace Enterprise Immune System, producing further insight into anomalous activity. It enables Darktrace to learn not just from normal activity but also from activity that has already been prevented. In this way, undesirable behavior learned in one part of the network can better inform the choices made across the entirety of the network.
The future of security must be automatic – just as we will see driverless cars on the roads, we will also rely on self-defending networks. As today’s cyber-attacks become increasingly swift and sophisticated, Darktrace is committed to bringing our customers the leading technologies in threat defense. Self-defending networks are a crucial next-step in protecting against next-generation cyber-attacks. Antigena reduces response time, mitigates risks, and liberates people to focus on what matters.
In bullet-list form, briefly summarize up to ten (10) chief characteristics or benefits of the nominated innovation.
• Antigena is the first truly autonomous, self-defending cyber security system
• Responds to threats faster than any security team can
• Takes autonomous, measured, and targeted action
• Does not rely on outdated rules and signatures
• Acts without disrupting day-to-day business
• Frees up resources and people
• Fully configurable, allowing for the degree of automation that best suits an organization’s needs • Understands the difference between benign anomalies and genuinely suspicious events
• Acts in real time, generating a response customized to the severity of the incident
• Self-defends and self-improves
• Puts organizations at an advantage in the cyber arms race, allowing them to proactively defend against today’s highly sophisticated threat landscape