Cambridge-founded Darktrace is reinventing enterprise security by taking a fundamentally different approach. Darktrace’s technology leverages the principles of the human immune system to autonomously defend organisations from cyber-attacks, insider threats and AI warfare. As organisations reset the way they work, remote or decentralised work and digital transformation projects are shifting critical data from data centres to everywhere.
Darktrace was founded in 2013 by Poppy Gustafsson, Dave Palmer, Emily Orton, Jack Stockdale and Nicole Eagan. The founders were leading a team of a world-class team of mathematicians from the University of Cambridge and AI experts, who were working on some ground-breaking applications of AI, experimenting with giving machines a sense of self.
Achieving unicorn status in 2018, in 2020 Darktrace has offices across Europe, North America, the Middle East, Asia and Latin America. CEO Poppy Gustafsson and CTO Jack Stockdale were appointed were appointed OBEs in the Birthday Honours 2019, in recognition of their services to cyber security. Talis Capital led the company’s Series A in 2015.
We sat down with Poppy to take a look at the journey so far, looking back at the company’s biggest milestones, as well as discussing leadership advice and Darktrace’s vision for the coming years.
DARKTRACE HAS OBVIOUSLY HAD HUGE TRACTION GLOBALLY AND IS WIDELY ACCLAIMED AS ONE OF THE UK’S BIGGEST TECH SUCCESSES. TELL US ABOUT YOUR VISION FOR DARKTRACE IN THE COMING YEARS.
Since Darktrace’s inception 7 years ago, we have made leaps and bounds in the advancement of cyber AI.
Over 4,000 organisations around the world already rely on our AI technology today but with attackers getting more sophisticated against the backdrop of accelerated digital transformation, we expect this technology to go mainstream.
We are already used to the idea of AI recommending what to watch on Netflix based on our personal preferences — in security, it will become completely commonplace for AI to be recommending what action to take in response to its own investigations into a cyber-attack. In many cases, the action will be taken without the human in the loop. Time is rarely on your side when dealing with computer-driven attacks, and action usually needs to be instantaneous to prevent the breach or damage.
For us this is just scratching the surface — we see a future where even higher level thought processes like red teaming and cyber risk analysis could be executed by AI. The sky is the limit!
LET’S TALK A LITTLE ABOUT THE EARLY DAYS. WHAT GAVE YOU THE IDEA FOR THE ORIGINAL DARKTRACE PROPOSITION — AND CAN YOU TALK A LITTLE ABOUT HOW THAT HAS CHANGED OVER THE YEARS?
At its heart, Darktrace is a company that uses advanced mathematics to solve real world problems.
Back in 2013, a world-class team of mathematicians from the University of Cambridge and AI experts were working on some ground-breaking applications of AI, experimenting with giving machines a sense of self.
They joined forces with cyber experts from GCHQ, who were frustrated with legacy approaches to security. They saw that cyber-attackers were winning too many battles and the industry was looking at the problem the wrong way around: working to know the ever-changing attacker was futile and instead organisations should learn self. From that normal pattern of life, organisations can then spot deviations that signal threatening activity.
That undertaking is impossible for security analysts to do alone. Organisations are fast-changing — the number of devices, the software platforms and tools being used, the behaviour of users — all of these are variables, they are never static. It was clear we needed technology capable of doing this on behalf of humans.
Today, that philosophy remains more pertinent than ever. Hackers methods may have evolved but the key to fighting back remains the same: with advanced technology that is capable of spotting novel and sophisticated attacks wherever and whenever they emerge across the digital business. Darktrace’s offering has been extended since then with our autonomous response technology, capable of fighting back against attacks at computer-speed on behalf of humans. Most recently, our world-class R&D team have made it possible for our AI to interrogate its own findings. In other words, instead of human beings looking at the outputs of the AI and applying their human understanding, AI is now taking care of this too.
Our latest AI innovations have focused on mitigating the risk of decentralised work and accelerated digital transformation — delivering security from the cloud and to the cloud.
WHAT CRITICAL AREAS DID YOU FOCUS ON IN THE EARLY DAYS FOR THE DARKTRACE TO BECOME THE SUCCESS IT IS TODAY?
It was very important to us that we created a technology which could defend any kind of digital infrastructure, from power grids to global banks all the way to 10 person charities, as well as any kind of technology.
We achieved this because our first ever customer was actually Drax, one of the country’s major power stations.
In terms of the business, we had our sights set on being global from day one, setting up dual headquarters in Cambridge as well as in San Francisco. The UK is brilliant at technology and science and building start-ups into mid-size companies, but we always wanted to go further and break the glass ceiling.
LET’S TALK ABOUT YOUR TEAM. HIRING IN THE EARLY DAYS IS OFTEN ONE OF THE BIGGEST CHALLENGES FOR STARTUPS AND FINDING TALENT CAN BE TOUGH. HOW DID YOU GO ABOUT BUILDING YOUR TEAM AT THE START?
We had the leading mathematicians from Cambridge University and an amazing product from the very beginning, as well as cyber intelligence experts, but we knew that was not a scalable hiring model against the backdrop of a well-documented global cyber skills shortage.
So, as well as looking for those with relevant experience, we began an active graduate programme — not just for computer science and mathematics graduates but for anyone from linguists to philosophers because of their curious and inquisitive minds.
Our technology was designed to be intuitive — anyone from deeply technical security analysts to a non-technical member of the c-suite can understand the findings of our AI — so we are able to train these graduates in house relatively simply.
WHAT HAVE BEEN THE BIGGEST MILESTONE MOMENTS FOR YOU IN YOUR TIME AT DARKTRACE?
Bringing out world-firsts are always huge milestones for us.
In 2016, we invented and launched the only AI in the world capable of fighting back against fast moving attacks at computer speed. A few months after its launch, this Autonomous Response technology fought back against WannaCry at several NHS trusts.
Just last year, we brought out another world first, the Cyber AI Analyst — an AI technology which applies contextual understanding to launch a full-blown investigation into a security incident. Today, that AI is detecting the most sophisticated attacks out there including those from the sophisticated Chinese cyber espionage group known as APT41 and even the alleged Russian ransomware gang EvilCorp.
To see our innovations working in the real world and keeping business as well as critical infrastructure safe from attack is truly incredible.
HOW HAVE YOU SEEN THE BROADER SECURITY LANDSCAPE CHANGE THROUGHOUT YOUR CAREER IN THE SECTOR?
The professionalisation of the industry is notable — both on the side of the criminal and the defender.
The stereotypical hooded hacker in their bedroom certainly still exists but cybercrime has become a big business as virtually every organisation runs on software and internet connectivity. More often than not organisations are up against full-blown professional cybercrime companies that employ everyone from customer service reps to graphic designers. And that means cyber-attacks are becoming more sophisticated, effective and greater in number — more increasingly, attacks move far too quickly for human teams to contain. That’s why we’ve seen adoption of AI defences soar over the years — attacks that move at computer speed necessitate a machine speed response, and this is rapidly becoming the de facto way to fend off hackers.
This evolution has also catapulted cyber security into the public eye with stories continually in the media about security breaches. Cyber security is now one of the greatest challenges facing our age: universities and local councils being hit makes it a societal issue and the rising threat from nation states has re-emphasised its importance to national security.
With that, the defenders have too professionalized; there are now schemes for people to become certified cyber professionals and technology like AI has come on leaps and bounds in fighting back against the heightened threat.
WHAT IS YOUR BEST LEADERSHIP ADVICE?
Work out, at any given time, which projects across your business are going to move the needle for your plan. Push those projects hard and perhaps think about parking the other, still worthwhile, projects. As your organisation gets bigger it is very easy to be distracted by all the different ambitions running concurrently. Step away from your inbox, work out the most important problem and activate the right people to tackle it.