Talking to the spy: interview with Dave Palmer (Darktrace)

Targeting data integrity criminals erode the faith we have in organizations, causing long term damage

Dave Palmer, you are an expert in information security, could you please tell us more about you, your technical background and your motivations?
I have over thirteen years’ experience at the forefront of government intelligence operations, including UK intelligence agencies GCHQ and MI5. There I delivered mission-critical infrastructure services, including the replacement and security of entire global networks, the development of operational internet capabilities and the management of critical disaster recovery incidents.

darktrace

Can you tell me something about your work at Darktrace?

At Darktrace, I oversee the mathematics and engineering teams and product strategy. Darktrace’s Enterprise Immune System technology automatically detects and responds to emerging threats, powered by machine learning and mathematics developed by specialists from the University of Cambridge.

We work hard to ensure our machine learning works in all types of networks in different size companies, to help them defend against the most challenging cyber-attacks.

According to you, what are the major risks connected to the use of the Internet?

Today every organization is vulnerable to cyber-attack. An employee can easily click on a legitimate-looking online advert or email attachment and infect the corporate network with malware. Ransomware in particular, is a major risk. Once inside the network, it can encrypt important files and demand huge payments to restore access.
What are the 4 tools that cannot be missed to protect Internet?
No one can fully protect their network from being hacked. Ultimately, organizations have to assume that the threat has already infiltrated their systems.

  1. Self-learning technology: by modelling the ‘pattern of life’ of every user, device and network as a whole, companies can detect unsual behaviors and mitigate threats before they escalate.
  2. Network visibility: today everything from coffee machines to air conditioning units are becoming connected to the corporate network. Oversight of all digital activity is vital in spotting behavioral anomalies indicative of threat.
  3. An ‘immune system’ approach: whether a savvy hacker penetrates network borders, or an employee accidentally infects the network with malware, modern businesses will be compromised. Monitoring for threats from the inside out is key in keeping-up with novel threats.
  4. Standard security tools: antiviruses and firewalls lay the foundation of a comprehensive cyber defense system. However, we should not rely on these tools alone. Only the latest machine learning technology can detect previously unidentified threats, capable of slipping past border controls.

Do you think that more awareness and education could help the people and the industry to better protect their assets?

In the near future, we will see sophisticated phishing attacks con unwitting employees into opening malicious emails, download malware and extort businesses. So, whilst education and training is important, it is not enough to fully defend against these fast-evolving threats, capable of catching-out even the most security-aware employees.

What the most dangerous menace behind cyber attack? State sponsored hackers, hacktivist, rogue states? and why?

We see cyber-attacks from all kinds of people whether they be criminal gangs or nation states, both in the news and across our own customer networks. A trend developing in the recent high-profile attacks, such as those on Yahoo! and the Democratic National Committee, show that today’s attackers are looking to do more than financial damage. The biggest threats are targeting data integrity. We call these ‘trust attacks’ because they erode the faith we have in organizations, causing long term damage.

We often hear about cyber weapons and cyber attacks against critical infrastructure. Do you believe it is real the risk of a major and lethal cyber attack against a critical infrastructure?

From nuclear power plants, to trains and hospitals – today much of our basic critical national infrastructure is being targeted. Physical machinery is being moved online making it vulnerable to the same cyber-attacks we see on traditional IT networks. Darktrace is deployed across industrial organizations and sees daily attacks.
Although a real risk, machine learning provides a fast and targeted way of mitigating risks, before a crisis occurs.