Home Tags Darktrace

Tag: Darktrace

Prepare now for the quantum computing revolution in encryption

Whether quantum computing is 10 years away or is already here, it promises to make current encryption methods obsolete, so enterprises need to start laying the groundwork for new encryption methods. A quantum computer uses qubits instead of bits.

A bit can be a zero or a one, but a qubit can be both simultaneously, which is weird and hard to program, but once folks get it working, it has the potential to be significantly more powerful than any of today's computers. And it will make many of today's public key algorithms obsolete, said Kevin Curran, IEEE senior member and a professor at the University of Ulster, where he heads up the Ambient Intelligence Research Group. That includes today's most popular algorithms, he said.

For example, one common encryption method is based on the fact that it is extremely difficult to find the factors of very large numbers. "All of these problems can be solved on a powerful quantum computer," he said. He added that the problems are mostly like with public key systems, where the information is encoded and decoded by different people.
Symmetric algorithms, commonly used to encrypt local files and databases, don't have the same weaknesses and will survive a bit longer.

And increasing the length of the encryption keys will make those algorithms more secure. For public key encryption, such as that used for online communications and financial transactions, possible post-quantum alternatives include lattice-based, hash-based, and multivariate cryptographic algorithms as well as those that update today's Diffie-Hellman algorithm with supersingular elliptic curves. Google is already experimenting with some of these, Curran said. "Google is working with the Lattice-based public-key New Hope algorithm," he said. "They are deploying it in Chrome where a small fraction of connections between desktop Chrome and Google's servers will use a post-quantum key-exchange algorithm.

By adding a post-quantum algorithm on top of the existing one, they are able to experiment without affecting user security." Flexibility is key Some future-proof encryption algorithms have already been developed and are now being tested, but enterprises need to start checking now whether their systems, both those that they have developed themselves and those provided by vendors, are flexible enough to allow old, obsolete algorithms to be early replaced by new ones. Fortunately, according to Curran, there are already algorithms out there that seem to be workable replacements and that can run on existing computers. One company that is paying very close attention to this is Echoworx, which provides on-premises and cloud-based enterprise encryption software. Quantum computing will break all of today's commonly used encryption algorithms, said Sam Elsharif, vice president of software development at Echoworx.

Encryption that today's most sophisticated computer can break only after thousands of years of work will be beaten by a quantum computer in minutes. "This is obviously very troubling, since it's the core of our business," he said. "Echoworx will be in trouble -- but so will all of today's infrastructure." Since longer keys won't work for public key encryption and companies will need to replace their algorithms, the encryption technology needs to be modular. "It's called cryptographic agility," he said. "It means that you don't hard-wire encryption algorithms into your software, but make them more like pluggable modules.

This is how software should be designed, and this is what we do at Echoworx ." Once post-quantum algorithms have been tested and become standards, Echoworx will be able swap out the old ones with the new ones, he said. "You will still have a problem with old data," he said. "That data will either have to be destroyed or re-encrypted." Hardware-based encryption appliances will also need to be replaced if they can't be upgraded, he said. Don't worry, it's still a long way off How soon is this going to be needed? Not right away, some experts say. "The threat is real," said Elsharif. "The theory is proven, it's just a matter of engineering." But that engineering could take 10, 15 or 20 years, he said. Ulster University's Curran says that quantum computers need to have at least 500 qubits before they can start breaking current encryption, and the biggest current quantum computer has less than 15 qubits. "So there is no immediate worry," said Curran. However, research organizations should be working on the problem now, he said. "We may very well find that we do not actually need post-quantum cryptography but that risk is perhaps too large to take and if we do not conduct the research now, then we may lose years of critical research in this area." Meanwhile, there's no reason for an attacker to try to break encryption by brute force if they can simply hack into users' email accounts or use stolen credentials to access databases and key files. Companies still have lots of work to do on improving authentication, fixing bugs, and patching outdated, vulnerable software. "Many steps need to be taken to tighten up a company’s vulnerability footprint before even discussing encryption," said Justin Fier, director of cyber intelligence and analysis at Darktrace. In addition, when attackers are able to bypass encryption, they usually do it because the technology is not implemented correctly, or uses weak algorithms. "We still have not employed proper protection of our data using current cryptography, let alone a future form," he said. "Quantum computing is still very much theoretical," he added. "Additionally, even if a prototype had been designed, the sheer cost required to build and operate the device within the extreme temperature constraints would make it difficult to immediately enter the mainstream marketplace." No, go right ahead and panic Sure, the typical criminal gang might not have a quantum computer right now with which to do encryption. But that's not necessarily true for all attackers, Mike Stute, chief scientist at security firm Masergy Communications. There have already been public announcements from China about breakthroughs in both quantum computing and in unbreakable quantum communications. "It's probably safe to say that nation states are not on the first generation of the technology but are probably on the second," he said. There are even some signs that nation states are able to break encryption, Stute added.
It might not be a fast process, but it's usable. "They have to focus on what they really want," he said. "And bigger quantum computer will do more." That means that companies with particularly sensitive data might want to start looking at upgrading their encryption algorithms sooner rather than later. Plus, there are already some quantum computers already on the market, he added. The first commercial quantum computer was released by D-Wave Systems more than a year ago, and Google was one of its first customers. "Most everyone was skeptical, but they seem to have passed the test," said Stute. The D-Wave computer claims to have 1,000 qubits -- and the company has announced a 2,000-qubit computer that will be coming out in 2017. But they're talking about a different kind of qubit, Stute said.
It has a very limited set of uses, he said, unlike a general-purpose quantum computer like IBM's which would be well suited for cracking encryption. IBM's quantum computer has five qubits, and is commercially available. "You can pay them to do your calculations," he said. "I was able to do some testing, and it all seems on the up and up.
It's coming faster than we think." Related video: This story, "Prepare now for the quantum computing revolution in encryption" was originally published by CSO.

5 Things Security Pros Need To Know About Machine Learning

Experts share best practices for data integrity, pattern recognition and computing power to help enterprises get the most out of machine learning-based technology for cybersecurity. 1 of 6 The concept of machine learning has been around for decades. Machine Learning (ML) is a type of artificial intelligence (AI) that provides computers with the ability to learn without being explicitly programmed. Industries and government agencies working with large amounts of data are using machine learning technology to glean insights from this data in real time.

Financial institutions use the technology to identify investment opportunities and fraud. Utility companies use the technology to analyze sensor data to increase efficiency and save money. Healthcare practitioners are using the technology to identify trends that could improve diagnoses and patient treatment. And, cybersecurity experts, inundated by reams of data generated by multiple information technology systems, security tools, networks, and other devices are deploying machine learning technology to detect and thwart internal and external cyber-attacks and threats. “Machine learning helps humans be more efficient by [aggregating and analyzing] vast amounts of data.
It’s not just the volume, but also the scope of data; more data at the same time and more facets of data at the same time,” says Sven Krasser, chief scientist at Crowdstrike, a developer of machine learning-based endpoint security tools. “One of the big game changers is the emergence of cloud computing,” he says.  By using cloud-based infrastructures, security experts can aggregate more data from vast amounts of resources than ever before.” Traditional techniques where analysts sift through data in some manual fashion to generate rule sets doesn’t work well in today’s dynamically-changing threat environment, Krasser says. System, sensors, and other networked-devices are generating so much data that it is increasingly difficult for human analysts to find those tidbits – the abnormalities and or patterns – that might give them the insights needed to identify an attack or potential threat, says Matt Wolff, chief data scientist with Cylance, a developer of endpoint security tools based on machine learning technology. “So, machine learning is an excellent tool and the right approach to take when you have a data intensive problem that you want to solve,” Wolff says. Industry executives and government agency officials are looking for ways to combat sophisticated attacks and relentless cyber adversaries while coping with a shortage of talented information security professionals. Machine learning-based security tools are yet another technology that they can add to their cyber arsenal. DarkReading spoke with cybersecurity experts from CrowdStrike, Cylance, Darktrace, and IDC security researcher Peter Lindstrom to get a better sense of what organizations need to know about applying machine learning-based technology for cybersecurity in their organizations. Rutrell Yasin has more than 30 years of experience writing about the application of information technology in business and government.
View Full Bio 1 of 6 More Insights

Security Blockbuster: Optiv Security Acquired By Private Equity Firm KKR

Security solution provider giant Optiv Security is changing private equity hands, announcing Tuesday that KKR & Co intends to acquire the Denver-based company.

Terms of the deal were not disclosed.

Under the terms of the deal, KKR will own a majority stake in Optiv, adding it to an $18 billion portfolio that includes a number of information security companies, including Darktrace, Ping Identity and Cylance.

[Related: The 10 Biggest Channel Stories Of 2016]

Optiv is currently primarily owned by private equity firm Blackstone Group, which will maintain a minority interest in Optiv, the company said. While Blackstone has proved critical to establish the company's strategy and wide breadth of offerings, Optiv CEO Dan Burns said the move to KKR will "enable our company to better help global clients address their full range of cyber risk and security needs in a customized and integrated fashion."

“More and more organizations are seeking an end-to-end cybersecurity solutions provider at scale that has awareness over every domain of cybersecurity and the ability to execute a comprehensive security strategy,” Burns said in a statement. “We are excited about this agreement and look forward to working with KKR to become the world’s most advanced, most comprehensive and most trusted partner for cybersecurity solutions.”

Optiv has played an influential role in the security market since early 2015, when it closed the merger between security powerhouses Accuvant and FishNet Security.

Accuvant had been owned by Blackstone.

The combined companies created a $1.5 billion security behemoth, which assumed the name Optiv in April 2015.

Optiv has continued to expand since the merger, unveiling the acquisitions of identity and access management company Advancive in April, third-party risk application company Evantix in May, and New England security solution provider Adaptive Communications in June.

In November, Optiv filed for its initial public offering of stock, looking to raise $100 million.

At that time, Optiv reported revenues of $947 million for 2015.
It's not clear how the changing of private equity control will affect Optiv's planned IPO, the proceeds from which it said it would put toward general corporate purposes and to pay down its significant debt, which totaled $651.8 million at the end of September.

William Hill website under siege from DDoS attacks

Life's a lottery, even with Darktrace supporting your online services... William Hill is currently on the receiving end of a Distributed Denial of Service attack. Many of the bookie's sites went down on Tuesday and have remained unable to provide much better than intermittent service into Wednesday due to an ongoing cyberattack. The outage occurred despite the company's work with the "world leader in Enterprise Immune System technology for cyber security" Darktrace, which advertises its support of William Hill in a brochure (PDF) on its site. We apologise as our site is still down. We appreciate this isn't ideal but we're working hard on a fix.

Thanks for your patience. — William Hill Betting (@WillHillBet) November 1, 2016 A spokesman for William Hill confirmed the attack to The Register, stating: "The online services of William Hill were intermittently impacted during the course of yesterday following Distributed Denial of Service (DDoS) activity by third parties." "This follows a significant increase in DDoS activity experienced by a number of online companies over recent weeks," the spokesperson continued, presumably referring to the Mirai botnet incident. It's been a long night. We've got some services back but we're still not at 100%.Thanks for patiently letting us get back on our feet. — William Hill Betting (@WillHillBet) November 2, 2016 "While the attempt at disruption is ongoing our technical teams were able to restore services last night," the spokesperson added, although complaints to The Register continued into this afternoon. William Hill said it apologised for any inconvenience caused to customers. Considering the company's H1 revenue of £814m (PDF), the 24-hour outage could have cost the publicly-listed company roughly £4.4m, although the true figure is likely to be less as the outage affected only its online services and did not strike during any notable sports events. ®

UK Rail Hit By Four Cyberattacks In One Year

No disruption to rail network caused, hackers appear to be nation-states, says cybersecurity firm Darktrace. UK’s rail network was hacked at least four times in the past one year, reports The Telegraph, quoting Darktrace, which handles security for the rail network.

Appearing to be cyberespionage activity conducted by nation-states, the attacks were exploratory in nature and did not disrupt the rail system, Darktrace said. Kaspersky Lab believes that at the moment, state-sponsored attackers were very active without doing much, but hackers could cause chaos if they managed to enter the rail network system. Network Rail has said cybersecurity would play an important part in their plan to introduce digital train control technology. “Safety is our top priority, which is why we work closely with government, the security services, our partners and suppliers in the rail industry and security specialists to combat cyber threats,” added a spokesperson. For more on this, click here. Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events.

For more information from the original source of the news item, please follow the link provided in this article.
View Full Bio More Insights

UK Security Firm Builds Network Immune Systems to Prevent Data Loss

NEWS ANALYSIS: A UK security company has developed a new approach to enterprise security modeled on the immune system that promises faster, more effective responses to network threats. WASHINGTON, D.C.—It was impossible to escape the feeling as I joined the folks from DarkTrace for lunch at the Blue Duck Tavern here in Washington, D.C., that I was seated next to George Smiley, author John LeCarre's legendary spymaster. While Andrew France, formerly of the UK's Government Communications Headquarters (GCHQ), doesn't claim to be a spymaster, he was awarded the Order of the British Empire for his work with British Intelligence and the Ministry of Defence in 2005. We discussed some of the IT security challenges that I've written about many times and that he's confronted on a daily basis for decades. Security, he pointed out, is an impossible task. The Bad Guys keep trying to break into networks by outguessing your antivirus, anti-malware and intrusion detection systems. However, the problem is warding off all network intrusion attempts requires you to correctly out-guess every would-be intruder. The intruder only needs to be right once. And that fact underscores the difficulty of enterprise security. It's made worse because it's not just the Bad Guys who threaten your networks. It's also the Good Guys, whether it’s employees who write their passwords on Post-It notes stuck to monitors, or the person who downloads credit card info to his iPad, there are many times that insiders present the biggest threat to an organization. These factors don't even take into account the insiders who steal data for their own nefarious purposes, whether it's to sell it to criminals or to feather their nest at the next job. Also sitting next to me was another person who has many years experience working with IT security. Jasper Graham, who left the National Security Agency to join DarkTrace, spent his working life tracking how the Bad Guys penetrate networks. Now he's using that knowledge to help create a new approach to protecting your organization's data—an enterprise immune system. The idea of an immune system for the enterprise is something new. Since you can't keep out every hacker, every piece of malware, every insider looking to make a buck or every member of the Chinese Army trying to steal trade secrets, how about if you simply kept them from getting information if they manage to penetrate your network defenses? That's the idea behind DarkTrace. The company's security appliance works by developing a mathematical model of the complete enterprise network and then monitors changes. As time goes on, the appliance fills in the details about the enterprise and in the process develops an enterprise immune system. But when it sees significant changes, the system sends out an alert to the security staff so they can check it out.