1. Tell us about your role at Darktrace. What are the cyber threat issues you work on in a typical day?
As SVP of Strategic Engagements and Threats, I speak with senior and C-suite leaders daily about what matters most to their businesses and operations and help outline risk and cybersecurity strategies to strengthen business resilience. I focus on explaining current threat trends and emerging and next-generation threats, working closely with the Darktrace Subject Matter Experts team.
Today, one of my main projects is growing and maturing Darktrace’s Federal Division, which launched earlier this month. I am very excited to be bringing AI-based cyber defense capabilities to the U.S. government.
I also engage with the broader security leadership community through Executive Roundtables by participating or moderating. Last week, I led a webinar discussing the cyber impacts of the Ukraine-Russia conflict moving forward, including what the everyday CISO needs to consider and what our customers most need to know.
2. You are a former CIA Operations Chief. Let us in on what you have learned from that experience of yours.
The most critical lesson I learned at the CIA is how to work and collaborate as a team. I learned the importance of communications across an organization, both north-south and east-west. I have always been drawn to applying next-generation technologies to maximize business potential, not just creating the next cool, shiny thing. However, to be successful in this, as a public or private sector technology leader, you need to be able to serve as a liaison between the teams developing emerging technologies and national security leaders – translating more technical language to higher-level mission needs, bridging the understanding gap, and allowing tech teams to think more about business impact.
3. Can you describe a few examples of use cases for Darktrace’s services in general business terms?
Darktrace helps organizations maintain normal business operations and ensures business resilience. Darktrace uses AI to think about security differently – it moves away from focusing on the attacker to the focus on understanding and enforcing normal behaviors based on its knowledge of the business. Using AI as an enterprise’s immune system, Darktrace learns what behaviors are ‘normal’ – which is unique to each organization – and fights back against attacks with precise autonomous response technology. Using AI to augment a company’s human security team allows them to be vastly more efficient and preserve critical human resources while accelerating their investigation process and response times.
4. Recently in the month of February, Darktrace acquired Cybersprint. How do you see this acquisition to shape the future of Darktrace in the world of cybersecurity?
Cybersprint impressed us with the quality of their technology. Their technology adheres to the same design principles we value at Darktrace – reduce complexity, augment human teams, and underpin all of this with AI. Cybersprint has unparalleled access to attack surface data – across the whole internet. Having access to this data and intelligently analyzing it is a huge benefit.
At Darktrace, we already offer our customers the ability to have complete visibility over their internal data – their email environment, SaaS data, operational technology, IoT, network, zero trust, and other coverage areas. Cybersprint’s ability to understand the outside-in level of risk via attack surface understanding complements Darktrace’s new Prevent efforts to understand attack path vulnerability. Combining those data sets with Cybersprint and deriving its insights will accelerate and drive breakthrough innovation.
5. Regarding Darktrace Prevent, a Continuous Cyber AI Loop component, can you elaborate its relevance to businesses in layman’s terms? How is the testing stage going so far?
You cannot protect what you do not know. Our Self-Learning AI helps businesses understand their normal activity, creating a complete picture of “self” for that organization. We are already experts in knowing yourself. The next phase focuses on knowing your enemy. You cannot prevent future attacks without understanding the routes your attacker will take to steal from or hold the business hostage.AI-based Attack Path Modelling (APM) allows the security team to assess risk, identify vulnerabilities, and protect your most valuable assets or business operations pipelines. APM will enable organizations to simulate the potential paths a bad actor might take. Before an attack, companies can identify vulnerable areas and proactively harden defenses around their environment’s most susceptible attack pathways.
This mindset is a significant departure from traditional defenses. All this occurs in the “Continuous AI Loop,” where Darktrace’s four areas—attack prevention, detection, response, and healing—actually strengthen and improve one another. There is a strong appetite for this across industries. We have customers in beta mode and a long waiting list of customers hoping to test the capability.
6. Can you give us an example of a recent cyber-attack incident and how Darktrace’s unique Self-learning AI tackled it?
Groupement Hospitalier Territorial de Dordogne (GHTD) installed Darktrace in May 2021. A few weeks later, the ransomware attack began. Before the attack, the health system only used Darktrace’s ‘Enterprise Immune System’ detection technology. During the attack, GHTD turned on Darktrace’s autonomous response technology, Antigena, because the malicious activity was moving too fast for the security team to contain it alone. Darktrace stopped the malicious activity by enforcing normal business operations. These actions meant there was no disruption and no ransom demanded.
Without Antigena, attackers would have encrypted the hospital’s data, and it would have lost functionality for days or weeks. That would have caused financial and reputational damage, but it also has the potential to impact patient care. GHTD could continue working, connecting to the internet, and caring for patients even while under attack. Downtime is not tolerable for the healthcare sector.
The algorithms quarantine only the affected devices and investigate the compromise without business disruption. Those not immediately involved would not have known anything was wrong. That’s how intelligent this AI can be.
As more employees moved to a hybrid working model, GHTD had to extend VPN access to more users than the equipment could support. The health system also had to permit VPN connections on personal machines, presenting new cybersecurity risks and prompting GHTD to expand Darktrace’s autonomous response to cover these devices. Antigena Endpoint can detect anomalous activity and make micro-decisions based on unusual activity, such as out-of-the-ordinary initial file downloads and data exfiltration attempts, command and control traffic, or lateral movement indicative of a cyber-threat.
The AI immediately detects suspicious requests from external equipment through the VPN and stops when the request seems malicious, or the behavior is abnormal. The technology is clever enough to know the difference between unusual behavior that is harmless – like an employee working from a café in the morning – and a malicious attack.
Since the health system started using Self-Learning AI to protect patients, it can be sure there will be no abnormal traffic or behavior without knowing about it, and its security team can finetune the technology to be more protective and more sensitive when it comes to more mission-critical systems. That’s the future of cybersecurity.
7. What do you think about the Russia-Ukraine crisis? Will it lead to global cyber warfare?
The cyber chapter of this crisis is yet to be written. However, I might argue that we have been in a global cyber low-intensity conflict for many years. Nation-state use of cyber to leverage geopolitical and national security pressure has been constantly on the rise; the Russia-Ukraine crisis and international economic disruption targeted at Russia could trigger greater use of cyber. Though it is worth noting we have not seen it yet, one can’t but feel that for everyone outside of Ukraine, this is the calm before the storm.
Hacktivism and non-state actors’ participation is concerning because their actions may be wrongly attributed to another nation and lead to escalation of conflict because of misattribution.That is what keeps me up at night. One of my biggest concerns would be a non-state actor attack, like on Colonial Pipeline, against Russian infrastructure that causes an unintentional escalation of the conflict or gives Putin enough justification to strike more forcefully outside Ukraine. It is impossible to control the actions of hacktivists, vigilantes, and cyber-criminal groups. If these non-state actors impact Russian infrastructure, these attacks may be misattributed as U.S. government actions.
8. Cybersecurity resembles a continuous process of building high-tech armors for warfare. What is your idea of cybersecurity and the most exciting part of your job as SVP of Strategic threats at Darktrace?
To me, cybersecurity is about protecting sensitive personal and company data, securing national security information and critical infrastructure, and ensuring public and private sector operations. The most exciting part of my job across all these components is working closely with senior security leaders.
I enjoy learning about our customers’ experiences and helping them improve their defenses. I like talking about how advanced technologies, like AI and ML, allow security to develop new and more effective security strategies. Cybersecurity is not just about building perimeter defenses or relying on threat intelligence anymore. Defenses are not just focused on trying and likely failing to be left of the breach constantly. Now, you need to have defensives to the right of the breach… as long as they’re still to the left of business disruption.
9. What is your advice to the tech professionals who want to choose cybersecurity as their career path?
There is a range of roles within the cybersecurity space for many different people, from highly technical to less technically minded. There are many great voices and mentors out there, offering great advice and working to bring in new talent; use them. If curated appropriately, the social media infosec community is so active, and there is so much that you can learn online and teach yourself without getting a degree in cybersecurity.
10. What is your life’s motto that has stayed with you throughout your professional career?
I don’t think I get to claim this as my motto, but it was one I often heard at the CIA, and it resonates with me and is very relevant to security leaders: “Mission First, People Always.” We need to be constantly focused on the security mission as we often hear, “We have to be right every minute of every day while attackers only need a moment.” However, we can’t forget our people and the stress it puts on them. As leaders, we need to be looking out for them.
For more such updates and perspectives around Digital Innovation, IoT, Data Infrastructure, AI & Cybersecurity, go to AI-Techpark.com.
Marcus Fowler
SVP, Strategic Engagements, and Threats at Darktrace
Marcus Fowler spent 15 years at the Central Intelligence Agency developing global cyber operations and technical strategies, until joining Darktrace in 2019. He has led cyber efforts with various US Intelligence Community elements and global partners and has extensive experience advising senior leaders on cyber efforts. He is recognized as a leader in developing and deploying innovative cyber solutions. Prior to serving at the CIA, Marcus was an officer in the United States Marine Corps. Marcus has an engineering degree from the United States Naval Academy and a Masters’ Degree in International Security Studies from The Fletcher School. He also completed Harvard Business School’s Executive Education Advanced Management Program.