Where Darktrace bills itself as different is in the philosophical approach it takes to protect corporate networks, informed by the government background of its team. The company's software was designed to get ahead of an attack instead of cleaning up quickly after the fact, said Jim Penrose, a 17-year NSA veteran and Darktrace's executive vice president of cyber intelligence.
"From the time I started at NSA, I had it drilled into my head - you need to give the action takers enough time so that they can avoid the crisis entirely," he said. "The best work I've ever been involved in never became news."
Human immune system
Darktrace's flagship product is the Enterprise Immune System, so named because it mimics the behaviour of the human immune system using algorithms developed by Cambridge mathematicians.
Here's how it works: When the software is installed by a company, it acts as a sponge, learning the typical behaviour of all the users in a network to establish a sense of 'self.'
The software paints a picture of the company's routine operations - what time of day employees usually come into work, the files they work with, and whether they're using their mobile devices or workstations.
Once a baseline has been established, the software looks for anything out of the ordinary - a device that's trying to access a lot of data, or trying to connect with too many external devices, for example. When a combination of activities looks fishy, it triggers alerts for the company's IT department.
The idea is simple, and some US companies such as Columbia, Maryland-based Sourcefire (now part of Cisco Systems) and Georgia-based Lancope have similar offerings.
Proactive approach
But this spot-the-anomaly approach is somewhat of a departure from the model of cybersecurity in the private sector, experts say.
The prevailing method is to detect an intrusion and then match it to a list of known malware out in the rest of the world - a database of bad guys, if you will.
Companies are still a long way off from being proactive about cybersecurity, said Gary Miliefsky, chief executive of SnoopWall, a mobile counter intelligence software company.
For time and cost reasons, the cybersecurity industry's goal is to make the matching process as fast and efficient as possible, so that companies can quickly identify malware and minimise their damages.
But what to do when a sophisticated attacker develops a new strain of malware targeted at your business? (This was the case with both the Sony and Anthem hacks, experts say.)
"The industry paradigm is cleaning up well," Penrose said. "We want to convince folks that it's worth investing the effort in getting ahead."
Darktrace has seen a spike in business since the Sony attack, said Nicole Eagan, the company's chief executive, who also worked at Autonomy.
Most of Darktrace's business is still Europe-centric, with 50 clients across the pond and less than half that number in the US. The two-year-old company hasn't turned a profit yet.
But Eagan said the American market promised more opportunity. That's why she was part of a contingent of cybersecurity executives accompanying British Prime Minister David Cameron on his recent trip to Washington, where the two countries announced the launch of a joint cyber-sharing initiative.
