Interview – Mariana Pereira – Darktrace
Interview Mariana Pereira
DAN ASSOR [00:00:03] Okay, so we’re gonna try that again. I’m joined by Mariana Pereira from DarkTrace. Good morning, Mariana.
MARIANA PEREIRA [00:00:13] Good morning, Andrew. Hello, everyone.
DAN ASSOR [00:00:15] Mariana it’s a Dan here and it’d be great if you give us a sense and tell us a bit about DarkTrace just to start off with.
MARIANA PEREIRA [00:00:28] Thanks, Dan. So, yes, DarkTrace is a cyber A.I company, and we’re founded on the principle that we need to be able to detect attacks also once the attackersy are inside your organisation. And for that, we’ve developed this approach of A.I. that is based loosely on the concepts of the immune system and in the way that the human immune system can understand what is part of oneself and what is potentially foreign or threatening and responds to that threat to neutralise it before it can escalate into a full crisis. And that’s also what we’ve done with technologies such as our autonomous response technology, which with that in mind, thinking of email, which is of course, the area that I mostly focus in. It’s all about detecting those initial and unusual signs of compromise to neutralise the threat of the email born attack, which, of course, makes up for 94% of cyber attacks.
DAN ASSOR [00:01:24] Sure and I right in saying that you are global organisation, correct?
MARIANA PEREIRA [00:01:31] Correct. We have dual headquarters in the U.K. and in the U.S., but we used to say we had 44 offices around the world. Now, I really say that we have 1200 offices because that’s everyones homes. So we are truly global.
DAN ASSOR [00:01:44] And Mariana, can you tell us how you believe email attacks are evolving currently?
MARIANA PEREIRA [00:01:52] So email is an interesting one because we have seen so many different types and we’ve attempted to classify them in different ways. Right. From spam emails that are just an annoyance to spoofing emails or imporsonation emails that are trying to pretend that there is something, a brand or someone, a person that they’re not. And what we’ve seen is that attackers have responded to trends online by creating emails and campaigns that really are feeding into our fears and insecurities and doubts. And so these fearware attacks, sending information or pretending to be information from the CDC or the NHS, the WHO, and telling people, hey, click here for the latest information about COVID, for instance. And then, of course, somebody driven by that curiosity clicks on an email and that actually is some malware or it’s a website to steal their password and from then there are different steps and different things that can be done from stealing your access, encrypting your files and all sorts of other secondary consequences.
DAN ASSOR [00:03:01] Sure and would the assumption be correct that during this period, given more and more people have been working remotely, those email attacks have increased significantly?
MARIANA PEREIRA [00:03:12] Yes, unfortunately, that is a assumption that we’ve also seen in our data. Not only have the email attacks increased, we’ve also seen that there types have shifted. So in the beginning of the pandemic, we started seeing an increase of just COVID related topics in the emails. Then we started seeing a trend to target, according to the geography’s so different email campaigns with different subjects and then that changed again to switch away from these wide spray and prey attacks to very specific spoofing attacks. And so the incidence of spoofing has increased dramatically. We’ve published a couple of blog articles also on brands being spoofed. And these are incredibly difficult for the user to then be able to distinguish what is real, what is not real. So A.I. can really help us there.
DAN ASSOR [00:04:01] Okay. That’s interesting. It’d be great if you can maybe expand all the A.I. capabilities in that area.
MARIANA PEREIRA [00:04:07] Of course, so much like the as I was using the analogy of the immune system earlier, the A.I. is able to sort of learn and adapt based on the pattern. What we call the pattern of life and the pattern of life is a simple phrase to really encapsulate a very rich context. It’s all of those interactions that we have within the digital ecosystem. But if we look at each individual user as well, we all have different ways with which we communicate, with which we interact with the systems and with each other. So A.I. has this incredible ability to understand in detail and looking at enormous amounts of information to get the big picture. And because it can understand the big picture and all of those relationships, it can understand when something changes and deviates from the norm. So the way that we look for attacks in the way that we look for anomalies in email isn’t necessarily by trying to identify the email is good or bad, but rather we have the A.I. ask, does it belong? And it goes through more or less the same questions that we would go through. Does it make sense to receive this? But we can do that on then many more metrics. Does it make sense, given what we know, given the pattern of links, given the time of day? And of course, we tend to oversimplify and think on an if then basis, but very rarely are we actually effective in stopping attack on an if then rules because attackers can get around those rules. So the A.I. can look at really very small indicators of anomalies and understand, for instance, when Dan, if you were to know if you and I were to be corresponding and then suddenly your evil twin gets a hold of your email accounts and sends me something unusual. Well, the A.I., just like a human gut instinct, can understand the what is unusual about that? Because you’ll leave markers or your evil twin will leave markers.
DAN ASSOR [00:05:59] Sure. Thank you for that. For the record, I don’t have an evil twin.
MARIANA PEREIRA [00:06:03] Good to know. Neither do I.
DAN ASSOR [00:06:10] Unless I don’t know. Mariana, thank you. Could you explain what feaware is, why you think it’s been so successful.
MARIANA PEREIRA [00:06:18] Fearwarer is an interesting one because it’s these are campaigns and emails that are based on the concept of unfortunately, fear, and that is one of the as the attackers have seen, one of the fastest and easiest ways to get the response. So another type of example would be if you receive an alert saying, hey, check that this bank statement is correct or did you spend money on this thing? And it can be anything. The moment you see, oh my God, this this is wrong. You click and you try to stop that and it’s the same thing with you know, has your account been compromised or if it’s there has been an attack in your neighbourhood or there’s been a surge of infections in your neighbourhood, that sense of urgency, fear, doubt that drives you to want to get more information and sometimes at the cost of thinking through whether or not something is legitimate. And that is a much faster response and unfortunately, they prey well on the psychology of the human fallacies. That’s an easier that’s a faster response than say, hey, here’s 50% off of your next iPhone, for instance, which still can work by the way,. And it’s still a legitimate campaign used by attackers. But what we’ve seen is this increase in the fear mongering in the negative feelings associated to fear and the attackers have been leveraging that in the past months.
DAN ASSOR [00:07:43] Sure. Okay and we are just about wrapping it up. But just the last question. How do you think A.I. worked for email security? I know you touched upon A.I. previously.
MARIANA PEREIRA [00:07:55] Yeah. So we, of course, believe that it works very effectively. It is a good way to augment the security teams and our defenders who already stretched so thin to be able to respond autonomously to the threats by neutralising it and buying time for them to be able to carry out those maybe it’s a revision of policy, maybe an investigation of the incident. Since January, we’ve seen a 400% increase and of course, signed by anyone who’s thinking of using A.I. to try it within their environments to really get value from the get go. A.I. can only be helpful if it’s delivering value straight away and not 2, 3 years in implementing or months and configuring. And so that would be the challenge that I’d put to any vendor as well as ours is really to test the technology, test the claims and see it with your own eyes in your own environment. The benefits that it can give you.
DAN ASSOR [00:08:47] Absolutely. So thank you very much, Mariana. Unfortunately that’s all we have time for this particular episode. So that’s Mariana Pereira over at DarkTrace. We are going to a quick break and then afterwards I will be speaking to Paul Hague at BlackDice.