Organizations can say what should - or should not - happen on their network, but what is the best way to know what is actually happening?
For London-based behavioral learning firm Darktrace, the answer is lies in part in using more advanced machine learning to baseline normal behavior, then spot deviations from that baseline.
"You can't know what you don't know by asking more clever and clever questions of your data," says David Palmer, director of technology at Darktrace. "You need to turn that round and get the data and the network to tell you about what's strange. Because we've got plenty of systems that will say, 'I know what bad looks like, or policy looks like, this shouldn't happen.' As we turn it round, [there are] loads of surprises, and that's why it's so exciting."
In an interview recorded at Infosecurity Europe, Palmer also details:
- How organizations are applying behavioral learning to safeguard networks;
- Using behavior learning to better secure critical infrastructure and industrial control systems environments;
- The nuances of being a British-based high-technology firm, including close ties to University of Cambridge mathematics department.
Palmer is director of technology at Darktrace. A cybersecurity expert, he has worked across UK intelligence agencies GCHQ and MI5, where he delivered mission-critical infrastructure services, including the replacement and security of entire global networks, the development of operational Internet capabilities and the management of critical disaster recovery incidents.