Marcus Fowler from Darktrace puts light on why it is important to use AI effectively in cyber defense & how martech companies are hypersensitive when it comes to Automation
“Companies are hyper-sensitive to the use of AI/ML as marketing buzzwords, despite proven success and applications of things like narrow AI”
1. Tell us about your role at Darktrace?
As the Director of Strategic Threat, I focus on current and emerging threats from nation state actors and non-nation state actors, as well as our Immune System technology’s capability to detect, investigate, and disrupt those attacks.
2. Can you tell us about your journey in this industry?
Security has always been present in my professional interests and career. Prior to joining Darktrace in June 2019, I spent 15 years at the Central Intelligence Agency developing global cyber operations and technical strategies. I had the privilege of leading cyber efforts with various US Intelligence Community elements and global partners, as well as advising senior leaders on cyber strategy. It was during my early days at the CIA that I started to gravitate towards mission areas that allowed me to run teams focused on developing and deploying emerging technologies, specifically around cyber and big data, to maximize mission impact. I wouldn’t trade a moment of my CIA time for anything, the men and women who serve there are incredible, dedicated Americans. As I pivoted to the private sector, I was drawn to Darktrace’s innovation within artificial intelligence and machine learning as applied to the critical cybersecurity mission, coupled with the opportunity to work closely with an amazing group of subject matter experts.
3. How do you think AI is impacting cyber threat activities?
Attackers are moving towards the use of AI. It will be on both sides of cyber warfare. Moving forward, it will be machine versus machine. Darktrace employs AI to provide the most granular analysis, deepest understanding, and most complete visibility into digital environments, super charging human teams with autonomous capabilities to better investigate and fight threats. AI driven actions in autonomous response stops attacks in the earliest instance—in mere seconds. As for cyber criminals, elements of AI and machine learning are increasingly being used to scale-up and advance attacks However, the use of AI for malicious objectives is more nascent, but once it becomes more mature, we will be seeing fully realized Offensive AI attacks, the signatures of which will be impossible to predict.
4. How according to you are defense models beings empowered by advanced ML?
As noted in question 3,
artificial intelligence and machine learning are changing the positions of strength from the attacker to the defender and has become crucial in protecting IT and OT infrastructure at large.
It is worth noting that it will depend how the AI is deployed.
In applying AI for defense, the position of strength is in understanding normal business and digital operations and then enforcing normal. Not as an understanding of normal as a single snapshot, baseline or fingerprint, but rather a dynamic, real-time situational awareness that understands the difference in changes in normal, even extreme ones such as the recent move by companies to work from home.
I have seen other AI applications focused on predicting the threat actor or attack, this is much more problematic and with current AI limitations will never have the same levels of consistency and certainty than AI is having in understanding and enforcing what is normal for a companies or governments digital pattern of life.
5. What is the significance of Autonomous Response Technology when it comes to combating jeopardizing data systems?
With autonomous response technology, the power of Darktrace AI-powered threat detection reaches its full capabilities. Detection is important, but without autonomous response, there is no hope in catching machine-speed attacks and stopping them in their tracks before damage can be done. Today, AI is a critical part of the security response to elevated cyber-threat. The reason AI is necessary to stop fast-acting attacks like ransomware is that the malware moves at computer-speed, and therefore outpaces the human’s ability to respond. AI not only identifies never-before-seen attacks, but also AI interrupts the malicious activity with precision, without disrupting normal business practices, faster and more accurately than humans can.
6. In what way can understanding the dynamic individual behind every alias prove to be crucial when fighting email attacks?
The power of Darktrace is in its ability to detect attacks no matter where the threat came from. It does not matter to our technology from how or where an attack emerges – Darktrace AI picks up on anomalous behavior. If a device or user is acting in a way it never has before, Darktrace has the ability to understand this according to every customer’s unique environments.
7. Can you explain to us in detail about the working methods and attributes of Cyber AI Analyst?
With the Cyber AI Analyst, our team really wanted to emulate how a human analyst triages alerting. So, to create this technology, we looked at our own team of analysts and how they function across many locations when they are hunting threats and working with our clients on real-world attacks. Darktrace asked the question, “can we take AI and redevelop how those expert humans operate and deliver that back out to our customers?” The Cyber AI Analyst was really the brainchild of that experiment.
Cyber AI Analyst combines human analyst intuition with the speed and scale of AI Twitter Using supervised machine learning, Cyber AI Analyst creates hypotheses about emerging incidents as a human would, which it then tests against its understanding of the entire digital enterprise, functionally “thinking” to arrive at actionable conclusions in machine speeds.
Now Cyber AI Analyst has been operating for our customers for over a year and AI has proved it can do a lot of the heavy lifting. We have seen a 92% reduction time in terms of triaging raw alerting, which means human resources become freed up and more available to spend time doing other things. Cyber AI is able to do the human processes involved in fighting cyber-threats 9 times faster than a human could, and it is now investigating over 1 million security events per week.
8. How would you say your Threat Visualizer enhances the investigation process?
I think the true power of the Threat Visualizer comes from how intuitive it is to use. It’s basically an interface that allows security teams to see everything they need in one place and gives them real-time visibility across their entire business. You can also set your preferences to exactly your liking, so if you only want to see the most pressing alerts you can. We also created an app so security teams can see real-time threats from their phones.
9. What according to you are the key distinguishers of Enterprise Immune System and Industrial Immune System from other competitors in the market?
No other companies use AI the way we do. We can protect and secure entire digital businesses, including Cloud, IoT devices, industrial control systems, and email. What really sets us apart is Darktrace’s ability to understand normal behavior for every device on a network and detect and respond to abnormal behavior.
10. What advice would you like to give tech start-ups in the AI space?
Be honest with how much AI/ML you are leveraging in your solution.
Companies are hyper-sensitive to the use of AI/ML as marketing buzzwords, despite proven success and applications of things like narrow AI.
The AI solution can’t be a black box, trust and transparency to ensure user can validate performance. With Darktrace’s application of supervised learning in developing our Cyber AI analyst, a user can easily see the investigative steps taken to reach the fully triaged incident reporting.
11. How can enterprises prepare for AI-driven business processes?
Companies should not be embracing AI just because it is AI. Learn the problems you are looking to solve and ask yourself whether applying an AI-driven business process makes the most sense and brings the most business operations value and efficiency.
12. Can you tell us about your team and how it supports you?
I am actually supported by a number of amazing Darktrace teams across my different roles. As the Director of Strategic Threat, I serve an internal role leaning on and learning from our other Subject Matters Experts who are able to share insights from a range of backgrounds including senior threats analysts, former white hat hackers/pen-testers, industry analysts/consultants, former CISOs, and former US and UK intelligence and security professionals. I also serve an external thought leadership role engaging media and industry groups regarding the threat landscape and trends where I rely heavily on our PR and marketing team. Finally, I serve as an Executive Sponsor to strategic customers and accounts working closely with the business development, sales, and customer success sides of the house to ensure we are able to translate capability to strategic value at the highest leadership levels.
13. Can you give us a glimpse of some of the apps on your phone?
The latest two apps I put on my phone were the McLaren app and the Formula 1 app. Recently Darktrace partnered with McLaren both as a customer securing critical data and operations, as well as a sponsor. I had never really been into F1 racing, but since the McLaren car looked so cool with the Darktrace logo on the rear-wing, I thought I should at least watch the first race of the year with my son and daughter. I even had the opportunity to interview McLaren’s CIO for a Darktrace event and it really is amazing how much of a technology company they are – they even use AI/ML as well.
Ever since watching that first race of the season, my family and I are hooked. We have been watching every race and following the latest drivers and updates.