The Enterprise Immune SystemA New Approach to Cyber Defense

Nicole Eagan, CEO, Darktrace

Cyber Security In The Legal Sector – Challenges & Opportunities

• Law firms / legal professionals manage extremely

sensitive client information

– protected witnesses

– patent applications

– mergers and acquisitions

– financial negotiations

– pending litigations

• Potential new source of differentiation and revenue

– Advise clients on legal, compliance & case law

regarding data privacy and cyber security

Why Invest In Cyber

• Customers increasingly demand that the firm they work

with can demonstrate resilient cyber defense

• Staying ahead of regulation around data protection

• All but three states in the US have mandatory disclosure

policies

• Disruption to the day-to-day work of the firm

– financial and productivity costs,

– affects delivery of service to customers

– reputational damage

Fundamental Principles

It is impossible to keep

rules & signatures up

to date 24/7

It is impossible to

fully secure your

enterprise network

Sophisticated

threats will always

find a way in

Insider threat is as

important as

external

Importance Of Network Visibility

• Threat is not only external – insider threat is on the

rise

• Understanding normal behavior helps detect

suspicious incidents

• Insider can be anyone – an employee, an intern, a

third-party contractor or supplier

• Malicious and non-malicious insider activity

• Machine learning will expose what is going on in the

company – manage potentially damaging situations

early

An Innovative Approach to Cyber Defense

World-leading Mathematics Government Intelligence Experts Enterprise Immune System

Why is the Enterprise Immune System unique?

Unsupervised machine learning

Develops mathematical models of normal

behavior

Inside-out view

Complete analysis and visibility of 100% network

traffic

Correlation & behavioral analysis

For every individual user, device and network

Real time & long-running

Analyses events over long periods of time, with

playback capability

Visualization and investigation

Auto-classification of threats, supporting workflow

and collaboration

Machine Learning & Mathematics

• Advanced Bayesian mathematics pioneered at

Cambridge University

• Recursive Bayesian Estimation detects subtle changes

within data series in real time and adaptively iterates its

models

• Numerous approaches used to classify the probability of

an action based on previous and emerging behaviors

• No ‘a priori’ assumptions about good or bad –

mathematical models are unique to your organization

• Distribution is built from a complex set of low-level host,

network and traffic observations or ‘features’

Darktrace in your Security Stack

What We Have Found

• Targeted attack against a major law firm working on a case involving prominent nationals

• A sophisticated attack against the firm to gain an in-depth understanding of all the documents and communications of the legal team working on the case

• Malicious code piggybacked on the lawyers’ user privileges to access other documents

Misbehavior by Insiders

• Oversight in a security lockdown allowed a

staff member to read CEO’s emails

• Use of ‘Tor’ anonymizing network against

company policy – could have allowed the

employee to secretly leak company data

without being detected

• Anomalous internal file transfers – one

machine downloaded an unusually large

amount of data in one day from shared

company folders

Case Study: Irwin Mitchell LLC

Challenge

• Keeping up to date with rules & signatures

• Protecting against potential threats, including APTs and cyber security

• Safeguard client data and confidentiality

Benefits

• Total network visibility

• Assistance with root cause analysis

• Ability to investigate incidents in real time and ‘replay’ them

• Take control of evolving situations

“With Darktrace, we can see threats earlier or as they are happening –this allows us to take control of a situation.”

Mark Vivian, Head of IT Security at Irwin Mitchell

Demo: Threat Visualizer

Conclusion

Next generation of cyber defence is based on understanding

what is happening in the network, and detecting threats

before they turn into a crisis

Q & A