This article was published on March 7, 2023

Darktrace’s plan to protect critical infrastructure: think like an attacker

The secret sauce is self-learning AI


Darktrace’s plan to protect critical infrastructure: think like an attacker

Cyber attacks on critical infrastructure have become a growing concern since war broke out in Ukraine.

After the 2014 annexation of Crimea, a sustained barrage by Russian-linked groups pummelled infrastructure in Ukraine. The next year, the country endured the first confirmed hack to take down a power grid.

The attacks have continued since Russia’s full-scale invasion began in February 2022. According to a recent report from Google’s Threat Analysis Group, Russia’s military intelligence agency has repeatedly used destructive malware to degrade Ukrainian civilian infrastructure.

Analysts are now increasingly worried about the threats spreading across the globe. In November, a general who commanded US Army forces in Europe from 2014 until 2017, said cyber protection had become as important as missile defence systems in the defence of German ports.

The EU is also expressing growing alarm. Last month, a watchdog for the bloc warned members to improve their defences due to heightened risks of hacks by foreign states.

To mitigate the threats, cybersecurity firms are experimenting with various defensive methods. Darktrace, one of the UK’s biggest tech companies, has elected to apply AI to a natural mindset: thinking like an attacker.

This approach is embedded in Prevent/OT, a new product that identifies routes adversaries take to target critical infrastructure.

The software visualises potential pathways to the assets. Defenders can then harden their environments to prevent attacks before they can happen. 

“A lot of industry folks lose sight of what they need to do on a day-to-day basis.

A crucial component of the product is Darktrace’s self-learning AI, which detects deviations in assets that point to cyber-threats. The company says the software allows overstretched staff to prioritise the needs of their unique environments.

“It’s really maximising the value of their time and implementing controls,” Jeffrey Macre, Industrial Security Solutions Architect at Darktrace, told TNW.

A lot of folks in the industry are so focused on what the next major attack will be that they lose sight of what they need to do on a day-to-day basis to implement really good cybersecurity.”

The new capability is part of Darktrace’s operational technology (OT) product family. According to the firm, the solutions are already used by hundreds of critical infrastructure companies.

Those numbers were recently bolstered by several new deals. Darktrace said these include the business’ largest contract to date with a critical infrastructure organisation.

The announcements arrive during a challenging period for the FTSE 250 firm. The company recently cut its revenue forecasts amid declining customer growth, and had to deny a short-seller’s allegations of fraudulent accounting.

There are signs, however, that the new product is already improving Darktrace’s business. Analysts at investment bank Jefferies said the firm is now making progress despite the short-seller’s attack — and that the launch of Prevent/OT has helped attract new business.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with