A New Era of Cyber Threats: The Shift to Self-Learning ...€¦ · Insider Threat Data Exfiltration...
Transcript of A New Era of Cyber Threats: The Shift to Self-Learning ...€¦ · Insider Threat Data Exfiltration...
A New Era of Cyber Threats: The Shift to Self-Learning, Self-Defending Networks
Andrew Barrie
Senior Cyber Security Manager
Company Background
World-leading artificial intelligence
for cyber defence
Founded by mathematicians
in Cambridge
Headquartered in San Francisco
and Cambridge, UK
8,000+ deployments worldwide
35+ global offices
750+ employees
$1.6 billion valuation
Compromise of Biometric ScannerIndustry: Manufacturing
Point of Entry: Fingerprint scanner
Apparent Objective: Alter biometric access keys
GLOBAL THREAT CASE STUDY
Attacker successfully exploited
known software vulnerabilities
in fingerprint scanner
Able to control information
sent to and from the fingerprint
scanner
Went unnoticed by traditional
anti-malware solutions
Darktrace detected unusual
connections to and from the
biometric scanner
If undetected, malicious actors
would have gained access to
physical machinery
Video Conferencing Camera Hack
Video conferencing camera
was transmitting data outside
the network
Camera had been
compromised by a remote
attacker
Attacker was aiming to either:
Steal corporate information
Take remote control of the device to
launch a DDoS attack on another
network
Would not have been detected
through signature-based
defenses – the activity was not
inherently malicious
Industry: Legal
Point of Entry: Video conference camera
Apparent Objective: New attack vector,
information theft
GLOBAL THREAT CASE STUDY
Insider Threat
Data Exfiltration
Ransomware
Zero-Day
Data Manipulation
Sophisticated Threat Landscape
Trust Attacks
‘Trust attacks’ seek to undermine data integrity
Characterized by stealth and sophistication
Seek to manipulate rather than exfiltrate
Threat to reputation and stability
Next Step in Automation: Self-Defending Network
Automatically produces real-time
active responses to potential threats
Does not rely on predefined
signatures or prior knowledge
Slows down or stops the progress of
novel threats within the network
Gives security team critical time to
catch up
Conclusion
Stealth and sophistication of threats are increasing
Machine learning technologies will be fundamental
Network and traffic understanding is a key pillar to recognising problems