Cyber-defence boss joins security company, warns: 'You can't keep a determined adversary out'
Security company Darktrace had hired a former cyber-defence chief from GCHQ as its CEO.
Darktrace uses Bayesian mathematics developed at Cambridge University to model the behaviour of a network, as well as the devices and individuals on it, to spot unusual activity that might suggest an intruder.
Last September, Mike Lynch, founder of UK software firm Autonomy (bought by Hewlett-Packard two years ago for £7.1bn), invested between $10m and $20m in Darktrace.
The company has now hired Andrew France as its CEO. France joins Darktrace from the UK government surveillance agency GCHQ, where he was deputy director for cyber-defence operations with responsibilities including formulating the UK's national cyber-defence strategy, policy and operational delivery.
France said in his time there he had become increasingly frustrated with the offerings of the security industry and their inability to keep up with hackers intent on stealing data from firms.
"I became a bit of a cynic in terms of the capabilities that are out there because every day there was a new zero day or new attack vector or change in behaviour there would be a lag," he said. "The industry would take a finite amount of time to catch up and by the time you've got a capability to deal with the latest generation of attacks, the attackers have already morphed."
Darktrace uses a set of Bayesian mathematical models which learn the standard behaviour on a network and then uses this to try to spot unusual and therefore potentially malicious activity while it is happening, rather than afterwards. By spotting unusual activity rather than looking out for particular virus or other malware, the company claims it is better equipped to deal with so-called zero day exploits — previously unseen attacks for which no fix exists.
"What we are saying to people is that its nearly a physical impossibility to fully secure a network in 2014, and anyone that tells you they can, if they work for you, you should sack them," France told ZDNet.
"You can't keep a determined adversary out it, it's just madness to try to do that." Instead, he said, organisations should build layers of security and invest in tools to ensure they can detect what attackers are doing to stop them getting too far.
"We've got to get away from thinking about putting a bubble around a network and somehow making that network perfect. You could do that if it doesn't connect to anything but what's the point of that? There's a lot of intrinsic benefit from the internet it's a fantastic environment but it's the Wild West," he said.