Cyber Security threats are a dime a dozen today. Within the last two years everything from Presidential Elections to state governments has been at the mercy of hacking, malware and ransomware. Humans cannot keep up with the speed of these attacks The attacks are too frequent and harder to spot. AI-based programs are neccessary. These programs handle the attackes as they come in and optimize the system for threats in a way that acts as an automated defense system.
This approach is being adopted by various AI based cyber security firms. They aim to provide companies and governments with the best security possible. Darktrace and Blue Vector are two companies that are pushing the boundaries when it comes AI-based security programs. They are lending their talents to power plants and tech companies that are in desperate need of an update when it comes to cyber security.
The organization was formed around 10 years ago in 2008 by a number of security researchers and data scientists. They applied machine learning to a huge database of benign and malicious software. They taught their software to identify malware and separate it from benign software so that it could apply the same logic to differentiate between several other threats that could emerge.
Though much younger than Blue Vector, Darktrace has made its mark in the world of cyber security. The company was founded in 2013 by a number of mathematicians from Cambridge University and a number of ex-spies and cyber intelligence experts from the US and the UK. Their software is called the Enterprise Immune System.
Detecting and Classifying Threats
Both Darktrace and Blue Vector boast impressive features that detect and analyze threats continuously without manual prompting. They begin working as soon as they’re installed and monitor usual activity in the system to separate the anomalies.
For Darktrace, the process is automatic. It takes only an hour in deployment. And, as soon as it is installed in the system it gets familiarized with what is normal and what is unusual. It adapts to new environments and user behavior and business trends so it doesn’t require any manual tuning at all. The system responded to the 2017 WannaCry attack “within seconds”.
Blue Vector acts in much the same way but boasts a large list of malware detections months in advance. It claims to take only half an hour to deploy. Blue Vector claims that it has the ability to detect threats at an average of 13 months in advance which is unmatched in the AI based cyber security industry. It detected the WannaCry attacks 5 months in advance and the Emotet attacks, 7 months in advance. It also claims to have a 400% increase in productivity and an average 5:1 FTE ratio. Hence, the return on investment for firms can potentially be huge; this is especially important for small businesses and companies that can’t serve up as much cash as global conglomerates to deal with large hacks.
Darktrace allows for great optimization in threat detection throughout the entire system. It allows for monitoring logins and various other activities of employees to compare if they login at unusual times or execute a program or perform an operation that isn’t in line with their designation or is completely out of character for them.
This data collection is passive and hence doesn’t disturb the workings of a complex industrial plant or a power plant per se. It rapidly produces meaningful results and provides visibility across industrial and enterprise networks.
Blue Vector however, goes a step further and offers the only coverage in the market across the kill chain. The kill chain is a series of events that led up to the attack itself. This information can be gleaned from the historical record being kept by the software.
Lightweight software sensors are deployed within the system to detect all communication. The communication is contextualized within the parameters of a threat that already exists outside the system. Of course, Blue Vector also prepares for anomalies just like Darktrace does.
Integration with Cloud Services
Blue Vector offers active tuning and integration with various third party services upon request. They have automated device management that allows different software to be up and running on a system without wasting any time. The company provides state of the art product features to its clients, making sure they stay ahead of the curve and can stand any threat that comes their way.
Darktrace however, comes with a much larger suite of services that include cloud services such as Microsoft Azure, Amazon Web Services, Google Cloud and Rackspace. The cloud features help eliminate blind spots in the system. This includes identifying any mis-configurations in the system and allowing organizations to see all or selected cloud traffic without requiring access to the hypervisor.
The process also entails little to no performance impact, leaving systems running smoothly even when cloud traffic is being monitored.
Due to its integration with various cloud services, Darktrace also can monitor threats on G Suite, Microsoft Office 365, Salesforce, Box, Dropbox and AWS. This allows Darktrace to work with the largest cloud platforms on the planet and not require any manual tuning or configuration that takes too much time. It also doesn’t need to be done with customer requests as partnerships with these platforms already exist.
Both platforms allow their clients to see exactly what is happening 24/7, allowing basic transparency across the platform.
Are you finding it harder to locate the good technical and IT talent? Many companies find them selves in the same situation. There are some better ways to locate and attract the right it and technical people to your company. Contact us to learn more.