WASHINGTON, D.C.—It was impossible to escape the feeling as I joined the folks from DarkTrace for lunch at the Blue Duck Tavern here in Washington, D.C., that I was seated next to George Smiley, author John LeCarre's legendary spymaster.
While Andrew France, formerly of the UK's Government Communications Headquarters (GCHQ), doesn't claim to be a spymaster, he was awarded the Order of the British Empire for his work with British Intelligence and the Ministry of Defence in 2005.
We discussed some of the IT security challenges that I've written about many times and that he's confronted on a daily basis for decades. Security, he pointed out, is an impossible task. The Bad Guys keep trying to break into networks by outguessing your antivirus, anti-malware and intrusion detection systems.
However, the problem is warding off all network intrusion attempts requires you to correctly out-guess every would-be intruder. The intruder only needs to be right once.
And that fact underscores the difficulty of enterprise security. It's made worse because it's not just the Bad Guys who threaten your networks. It's also the Good Guys, whether it’s employees who write their passwords on Post-It notes stuck to monitors, or the person who downloads credit card info to his iPad, there are many times that insiders present the biggest threat to an organization.
These factors don't even take into account the insiders who steal data for their own nefarious purposes, whether it's to sell it to criminals or to feather their nest at the next job.
Also sitting next to me was another person who has many years experience working with IT security. Jasper Graham, who left the National Security Agency to join DarkTrace, spent his working life tracking how the Bad Guys penetrate networks. Now he's using that knowledge to help create a new approach to protecting your organization's data—an enterprise immune system.
The idea of an immune system for the enterprise is something new. Since you can't keep out every hacker, every piece of malware, every insider looking to make a buck or every member of the Chinese Army trying to steal trade secrets, how about if you simply kept them from getting information if they manage to penetrate your network defenses?
That's the idea behind DarkTrace. The company's security appliance works by developing a mathematical model of the complete enterprise network and then monitors changes.
As time goes on, the appliance fills in the details about the enterprise and in the process develops an enterprise immune system. But when it sees significant changes, the system sends out an alert to the security staff so they can check it out.