2020 track the enterprise immune system
TRANSCRIPT
The Enterprise Immune SystemA New Approach to Cyber Defense
Nicole Eagan, CEO, Darktrace
Cyber Security In The Legal Sector – Challenges & Opportunities
• Law firms / legal professionals manage extremely
sensitive client information
– protected witnesses
– patent applications
– mergers and acquisitions
– financial negotiations
– pending litigations
• Potential new source of differentiation and revenue
– Advise clients on legal, compliance & case law
regarding data privacy and cyber security
Why Invest In Cyber
• Customers increasingly demand that the firm they work
with can demonstrate resilient cyber defense
• Staying ahead of regulation around data protection
• All but three states in the US have mandatory disclosure
policies
• Disruption to the day-to-day work of the firm
– financial and productivity costs,
– affects delivery of service to customers
– reputational damage
Fundamental Principles
It is impossible to keep
rules & signatures up
to date 24/7
It is impossible to
fully secure your
enterprise network
Sophisticated
threats will always
find a way in
Insider threat is as
important as
external
Importance Of Network Visibility
• Threat is not only external – insider threat is on the
rise
• Understanding normal behavior helps detect
suspicious incidents
• Insider can be anyone – an employee, an intern, a
third-party contractor or supplier
• Malicious and non-malicious insider activity
• Machine learning will expose what is going on in the
company – manage potentially damaging situations
early
An Innovative Approach to Cyber Defense
World-leading Mathematics Government Intelligence Experts Enterprise Immune System
Why is the Enterprise Immune System unique?
Unsupervised machine learning
Develops mathematical models of normal
behavior
Inside-out view
Complete analysis and visibility of 100% network
traffic
Correlation & behavioral analysis
For every individual user, device and network
Real time & long-running
Analyses events over long periods of time, with
playback capability
Visualization and investigation
Auto-classification of threats, supporting workflow
and collaboration
Machine Learning & Mathematics
• Advanced Bayesian mathematics pioneered at
Cambridge University
• Recursive Bayesian Estimation detects subtle changes
within data series in real time and adaptively iterates its
models
• Numerous approaches used to classify the probability of
an action based on previous and emerging behaviors
• No ‘a priori’ assumptions about good or bad –
mathematical models are unique to your organization
• Distribution is built from a complex set of low-level host,
network and traffic observations or ‘features’
Darktrace in your Security Stack
What We Have Found
• Targeted attack against a major law firm working on a case involving prominent nationals
• A sophisticated attack against the firm to gain an in-depth understanding of all the documents and communications of the legal team working on the case
• Malicious code piggybacked on the lawyers’ user privileges to access other documents
Misbehavior by Insiders
• Oversight in a security lockdown allowed a
staff member to read CEO’s emails
• Use of ‘Tor’ anonymizing network against
company policy – could have allowed the
employee to secretly leak company data
without being detected
• Anomalous internal file transfers – one
machine downloaded an unusually large
amount of data in one day from shared
company folders
Case Study: Irwin Mitchell LLC
Challenge
• Keeping up to date with rules & signatures
• Protecting against potential threats, including APTs and cyber security
• Safeguard client data and confidentiality
Benefits
• Total network visibility
• Assistance with root cause analysis
• Ability to investigate incidents in real time and ‘replay’ them
• Take control of evolving situations
“With Darktrace, we can see threats earlier or as they are happening –this allows us to take control of a situation.”
Mark Vivian, Head of IT Security at Irwin Mitchell
Demo: Threat Visualizer
Conclusion
Next generation of cyber defence is based on understanding
what is happening in the network, and detecting threats
before they turn into a crisis
Q & A