Blog
/

Thought Leadership

McLaren

/
May 2, 2022

Cyber Security Insights from Zak Brown at McLaren

Default blog imageDefault blog imageDefault blog imageDefault blog imageDefault blog imageDefault blog image
02
May 2022
Learn from two leaders in their fields about cyber risks in Formula 1 and McLaren's unique approach. Explore cyber risks and strategies that set McLaren apart.

Nicole Eagan, Darktrace’s Chief Strategy Officer and AI Officer, catches up with Zak Brown, CEO at McLaren Racing, on innovation, cyber-attacks, and what sets McLaren apart.

Nicole: Thanks for joining us, Zak. I’d like to start this off by speaking about innovation. As you know, the pace of change is very rapid in both cyber security and Formula 1. At Darktrace, our aim is to outpace the attackers, which we do by heavily investing in our R&D and our AI specifically. As the CEO of McLaren Racing, how important is innovation?

Zak: Innovation is our life blood. To give you an idea: if you took the car that qualified first in the first race of the season, and you didn’t touch it throughout the year, it would come last in the final race of the season. We’re developing a new part for our race car about every 15 minutes, 365 days a year. These facts illustrate the pace of development here at McLaren. As we say in motor racing – if you’re sitting still, you’re actually going backwards.

Nicole: Talk about pace of innovation! We’ve observed at Darktrace that in any industry, no two organizations operate the same way. In fact, the closer you get, the more you realize how different they are. This is one of the reasons we think taking a self-learning approach to security is so important. In your view, what sets McLaren apart from other teams?

Zak: Whilst all teams are pushing for a similar outcome – to be the fastest racing team in the world –we go about it in different ways. At McLaren, it’s all about the people, as well as understanding and leaning into our technology and technology partners.

Nicole: As you know, cyber-attacks can trickle over into business disruption – and sometimes even effect physical operations. What impact can a cyber-attack have for McLaren Racing?

Zak: There are so many ways a cyber-attack could disrupt our racing and our business. Wherever we’re racing around the world, it all starts back at our factory in the UK. Everything is real time, and if a cyber-attack were to shut down our technology, we wouldn’t be able to go onto the track. We also need to protect our Intellectual Property and our supply chain, as a lot of critical information is being passed back and forth between us and our suppliers.

A real-life incident I can recall happened in 1998, well before we became partners with Darktrace. Someone tapped into our radio communications as our driver at the time, Mika Häkkinen, was leading the Australian Grand Prix. The attacker told Mika to pit, and he did! It almost cost him the race. These actions have consequences that can cost us on track performance which in turn, can lead to much bigger business implications.

Nicole: That’s an amazing story, and really shows how extreme the disruption can be. As a high-profile target, I’m aware that you also received a personal attack at the Italian Grand Prix last season. Can you share the story of this attack with us?

Zak: I get about 300 emails a day, and I’m constantly on the run. Fortunately, Darktrace stopped the attack before it even hit my desk. When I’m going at 100 miles an hour and receive such a large volume of emails daily, these attacks are extremely well disguised. You have to rely on technology to catch the bad guys.

Nicole: I absolutely agree. And that’s exactly where our Autonomous Response technology comes in. It’s constantly working in the background, not needing human action, and stopping attackers from even hitting your desktop. Which leads us on to my next question: what are some of the cyber security tips you would share with other high-level executives?

Zak: I take security very seriously – I’ve seen it and experienced it. During the course of the pandemic, the digital landscape has expanded and opened up more opportunities for the bad guys to try and get in. In my opinion, it’s only going to get worse, and so I’d say that a priority for me is to make sure other high-level executives are fully aware that we’re staying cutting edge with Darktrace.

Nicole: Well, with the pace of innovation at McLaren, the level of IP you have and the risk of physical disruption a cyber-attack could cause, it’s great to hear how seriously you take cyber security.

So in wrapping up, I know there’s huge excitement building for the race in Miami this weekend. How important will this new race be in garnering excitement about Formula 1 across the US?

Zak: Formula 1 has really taken off now across North America and this weekend is going to be huge: tickets have sold out, the track looks amazing… it’s the hottest ticket in Formula 1 right now. Netflix has worked wonders for Formula 1 around the world, especially in the US, and broadcast numbers are growing rapidly. With all these factors working together, I think Formula 1 has successfully penetrated North America and is going to go from strength to strength.

Nicole: Well, thank you for your time today Zak and best of luck to you and the whole McLaren team this weekend…

Zak: Thanks Nicole, and my pleasure.

Inside the SOC
Darktrace cyber analysts are world-class experts in threat intelligence, threat hunting and incident response, and provide 24/7 SOC support to thousands of Darktrace customers around the globe. Inside the SOC is exclusively authored by these experts, providing analysis of cyber incidents and threat trends, based on real-world experience in the field.
Author
Nicole Eagan
Chief Strategy Officer, AI Officer

Nicole Eagan, Chief Strategy Officer and AI Officer for Darktrace, reports to the CEO and has responsibility for understanding, formulating and documenting corporate, product and partnership strategy. Both a leader and a doer, Nicole has an advisory role that ensures that strategic initiatives align with product direction set by the CTO and go-to-market goals set by the CRO. Given the foundational importance of AI within Darktrace, Ms. Eagan is involved in the governance aspects of responsible, ethical use of AI in its products and compliance with its policies. 

Prior to Darktrace, Nicole’s extensive career in technology spans 30 years working in large technology corporations including Oracle and HP and working with early-stage startups and venture capital.

Zak Brown
CEO, McLaren Racing

As Chief Executive Officer of McLaren Racing, Zak Brown has overall responsibility for the business, including strategic direction, operational performance, marketing and commercial development. In his role, Zak leads McLaren’s direction and involvement in professional motorsport, spearheaded by the McLaren Formula 1 team. Operating at the pinnacle of global motorsport, McLaren uses the white heat of competition to drive innovation and develop synergies across the group.

Book a 1-1 meeting with one of our experts
Share this article

More in this series

No items found.

Blog

/

October 3, 2024

/

Cloud

Introducing real-time multi-cloud detection & response powered by AI

Default blog imageDefault blog image

We are delighted to announce the general availability of Microsoft Azure support for Darktrace / CLOUD, enabling real-time cloud detection and response across dynamic multi-cloud environments. Built on Self-Learning AI, Darktrace / CLOUD leverages Microsoft’s new virtual network flow logs (VNet flow) to offer an agentless-first approach that dramatically simplifies detection and response within Azure, unifying cloud-native security with Darktrace’s innovative ActiveAI Security Platform.

As organizations increasingly adopt multi-cloud architectures, the need for advanced, real-time threat detection and response is critical to keep pace with evolving cloud threats. Security teams face significant challenges, including increased complexity, limited visibility, and siloed tools. The dynamic nature of multi-cloud environments introduces ever-changing blind spots, while traditional security tools struggle to provide real-time insights, often offering static snapshots of risk. Additionally, cloud security teams frequently operate in isolation from SOC teams, leading to fragmented visibility and delayed responses. This lack of coordination, especially in hybrid environments, hinders effective threat detection and response. Compounding these challenges, current security solutions are split between agent-based and agentless approaches, with agentless solutions often lacking real-time awareness and agent-based options adding complexity and scalability concerns. Darktrace / CLOUD helps to solve these challenges with real-time detection and response designed specifically for dynamic cloud environments like Azure and AWS.

Pioneering AI-led real-time cloud detection & response

Darktrace has been at the forefront of real-time detection and response for over a decade, continually pushing the boundaries of AI-driven cybersecurity. Our Self-Learning AI uniquely positions Darktrace with the ability to automatically understand and instantly adapt to changing cloud environments. This is critical in today’s landscape, where cloud infrastructures are highly dynamic and ever-changing.  

Built on years of market-leading network visibility, Darktrace / CLOUD understands ‘normal’ for your unique business across clouds and networks to instantly reveal known, unknown, and novel cloud threats with confidence. Darktrace Self-Learning AI continuously monitors activity across cloud assets, containers, and users, and correlates it with detailed identity and network context to rapidly detect malicious activity. Platform-native identity and network monitoring capabilities allow Darktrace / CLOUD to deeply understand normal patterns of life for every user and device, enabling instant, precise and proportionate response to abnormal behavior - without business disruption.

Leveraging platform-native Autonomous Response, AI-driven behavioral containment neutralizes malicious activity with surgical accuracy while preventing disruption to cloud infrastructure or services. As malicious behavior escalates, Darktrace correlates thousands of data points to identify and instantly respond to unusual activity by blocking specific connections and enforcing normal behavior.

Figure 1: AI-driven behavioral containment neutralizes malicious activity with surgical accuracy while preventing disruption to cloud infrastructure or services.

Unparalleled agentless visibility into Azure

As a long-term trusted partner of Microsoft, Darktrace leverages Azure VNet flow logs to provide agentless, high-fidelity visibility into cloud environments, ensuring comprehensive monitoring without disrupting workflows. By integrating seamlessly with Azure, Darktrace / CLOUD continues to push the envelope of innovation in cloud security. Our Self-learning AI not only improves the detection of traditional and novel threats, but also enhances real-time response capabilities and demonstrates our commitment to delivering cutting-edge, AI-powered multi-cloud security solutions.

  • Integration with Microsoft Virtual network flow logs for enhanced visibility
    Darktrace / CLOUD integrates seamlessly with Azure to provide agentless, high-fidelity visibility into cloud environments. VNet flow logs capture critical network traffic data, allowing Darktrace to monitor Azure workloads in real time without disrupting existing workflows. This integration significantly reduces deployment time by 95%1 and cloud security operational costs by up to 80%2 compared to traditional agent-based solutions. Organizations benefit from enhanced visibility across dynamic cloud infrastructures, scaling security measures effortlessly while minimizing blind spots, particularly in ephemeral resources or serverless functions.
  • High-fidelity agentless deployment
    Agentless deployment allows security teams to monitor and secure cloud environments without installing software agents on individual workloads. By using cloud-native APIs like AWS VPC flow logs or Azure VNet flow logs, security teams can quickly deploy and scale security measures across dynamic, multi-cloud environments without the complexity and performance overhead of agents. This approach delivers real-time insights, improving incident detection and response while reducing disruptions. For organizations, agentless visibility simplifies cloud security management, lowers operational costs, and minimizes blind spots, especially in ephemeral resources or serverless functions.
  • Real-time visibility into cloud assets and architectures
    With real-time Cloud Asset Enumeration and Dynamic Architecture Modeling, Darktrace / CLOUD generates up-to-date architecture diagrams, giving SecOps and DevOps teams a unified view of cloud infrastructures. This shared context enhances collaboration and accelerates threat detection and response, especially in complex environments like Kubernetes. Additionally, Cyber AI Analyst automates the investigation process, correlating data across networks, identities, and cloud assets to save security teams valuable time, ensuring continuous protection and efficient cloud migrations.
Figure 2: Real-time visibility into Azure assets and architectures built from network, configuration and identity and access roles.

Unified multi-cloud security at scale

As organizations increasingly adopt multi-cloud strategies, the complexity of managing security across different cloud providers introduces gaps in visibility. Darktrace / CLOUD simplifies this by offering agentless, real-time monitoring across multi-cloud environments. Building on our innovative approach to securing AWS environments, our customers can now take full advantage of robust real-time detection and response capabilities for Azure. Darktrace is one of the first vendors to leverage Microsoft’s virtual network flow logs to provide agentless deployment in Azure, enabling unparalleled visibility without the need for installing agents. In addition, Darktrace / CLOUD offers automated Cloud Security Posture Management (CSPM) that continuously assesses cloud configurations against industry standards.  Security teams can identify and prioritize misconfigurations, vulnerabilities, and policy violations in real-time. These capabilities give security teams a complete, live understanding of their cloud environments and help them focus their limited time and resources where they are needed most.

This approach offers seamless integration into existing workflows, reducing configuration efforts and enabling fast, flexible deployment across cloud environments. By extending its capabilities across multiple clouds, Darktrace / CLOUD ensures that no blind spots are left uncovered, providing holistic, multi-cloud security that scales effortlessly with your cloud infrastructure. diagrams, visualizes cloud assets, and prioritizes risks across cloud environments.

Figure 3: Unified view of AWS and Azure cloud posture and compliance over time.

The future of cloud security: Real-time defense in an unpredictable world

Darktrace / CLOUD’s support for Microsoft Azure, powered by Self-Learning AI and agentless deployment, sets a new standard in multi-cloud security. With real-time detection and autonomous response, organizations can confidently secure their Azure environments, leveraging innovation to stay ahead of the constantly evolving threat landscape. By combining Azure VNet flow logs with Darktrace’s AI-driven platform, we can provide customers with a unified, intelligent solution that transforms how security is managed across the cloud.

Learn More:

References

1. Based on internal research and customer data

2. Based on internal research

Continue reading
About the author
Adam Stevens
Director of Product, Cloud Security

Blog

/

September 30, 2024

/

Email

Business Email Compromise (BEC) in the Age of AI

Default blog imageDefault blog image

As people continue to be the weak link in most organizations’ cybersecurity practices, the growing use of generative AI tools in cyber-attacks makes email, their primary communications channel, a more compelling target than ever. The risk associated with Business Email Compromise (BEC) in particular continues to rise as generative AI tools equip attackers to build and launch social engineering and phishing campaigns with greater speed, scale, and sophistication.

What is BEC?

BEC is defined in different ways, but generally refers to cyber-attacks in which attackers abuse email — and users’ trust — to trick employees into transferring funds or divulging sensitive company data.

Unlike generic phishing emails, most BEC attacks do not rely on “spray and pray” dissemination or on users’ clicking bogus links or downloading malicious attachments. Instead, modern BEC campaigns use a technique called “pretexting.”

What is pretexting?

Pretexting is a more specific form of phishing that describes an urgent but false situation — the pretext — that requires the transfer of funds or revelation of confidential data.  

This type of attack, and therefore BEC, is dominating the email threat landscape. As reported in Verizon’s 2024 Data Breach Investigation Report, recently there has been a “clear overtaking of pretexting as a more likely social action than phishing.” The data shows pretexting, “continues to be the leading cause of cybersecurity incidents (accounting for 73% of breaches)” and one of “the most successful ways of monetizing a breach.”

Pretexting and BEC work so well because they exploit humans’ natural inclination to trust the people and companies they know. AI compounds the risk by making it easier for attackers to mimic known entities and harder for security tools and teams – let alone unsuspecting recipients of routine emails – to tell the difference.

BEC attacks now incorporate AI

With the growing use of AI by threat actors, trends point to BEC gaining momentum as a threat vector and becoming harder to detect. By adding ingenuity, machine speed, and scale, generative AI tools like OpenAI’s ChatGPT give threat actors the ability to create more personalized, targeted, and convincing emails at scale.

In 2023, Darktrace researchers observed a 135% rise in ‘novel social engineering attacks’ across Darktrace / EMAIL customers, corresponding with the widespread adoption of ChatGPT.

Large Language Models (LLMs) like ChatGPT can draft believable messages that feel like emails that target recipients expect to receive. For example, generative AI tools can be used to send fake invoices from vendors known to be involved with well-publicized construction projects. These messages also prove harder to detect as AI automatically:

  • Avoids misspellings and grammatical errors
  • Creates multiple variations of email text  
  • Translates messages that read well in multiple languages
  • And accomplishes additional, more targeted tactics

AI creates a force multiplier that allows primitive mass-mail campaigns to evolve into sophisticated automated attacks. Instead of spending weeks studying the target to craft an effective email, cybercriminals might only spend an hour or two and achieve a better result.  

Challenges of detecting AI-powered BEC attacks

Rules-based detections miss unknown attacks

One major challenge comes from the fact that rules based on known attacks have no basis to deny new threats. While native email security tools defend against known attacks, many modern BEC attacks use entirely novel language and can omit payloads altogether. Instead, they rely on pure social engineering or bide their time until security tools recognize the new sender as a legitimate contact.  

Most defensive AI can’t keep pace with attacker innovation

Security tools might focus on the meaning of an email’s text in trying to recognize a BEC attack, but defenders still end up in a rules and signature rat race. Some newer Integrated Cloud Email Security (ICES) vendors attempt to use AI defensively to improve the flawed approach of only looking for exact matches. Employing data augmentation to identify similar-looking emails helps to a point but not enough to outpace novel attacks built with generative AI.

What tools can stop BEC?

A modern defense-in-depth strategy must use AI to counter the impact of AI in the hands of attackers. As found in our 2024 State of AI Cybersecurity Report, 96% of survey participants believe AI-driven security solutions are a must have for countering AI-powered threats.

However, not all AI tools are the same. Since BEC attacks continue to change, defensive AI-powered tools should focus less on learning what attacks look like, and more on learning normal behavior for the business. By understanding expected behavior on the company’s side, the security solution will be able to recognize anomalous and therefore suspicious activity, regardless of the word choice or payload type.  

To combat the speed and scale of new attacks, an AI-led BEC defense should spot novel threats.

Darktrace / EMAIL™ can do that.  

Self-Learning AI builds profiles for every email user, including their relationships, tone and sentiment, content, and link sharing patterns. Rich context helps in understanding how people communicate and identifying deviations from the normal routine to determine what does and does not belong in an individual’s inbox and outbox.  

Other email security vendors may claim to use behavioral AI and unsupervised machine learning in their products, but their AI are still pre-trained with historical data or signatures to recognize malicious activity, rather than demonstrating a true learning process. Darktrace’s Self Learning-AI truly learns from the organization in which it is installed, allowing it to detect unknown and novel vectors that other security tools are not yet trained on.

Because Darktrace understands the human behind email communications rather than knowledge of past attacks, Darktrace / EMAIL can stop the most sophisticated and evolving email security risks. It enhances your native email security by leveraging business-centric behavioral anomaly detection across inbound, outbound, and lateral messages in both email and Teams.

This unique approach quickly identifies sophisticated threats like BEC, ransomware, phishing, and supply chain attacks without duplicating existing capabilities or relying on traditional rules, signatures, and payload analysis.  

The power of Darktrace’s AI can be seen in its speed and adaptability: Darktrace / EMAIL blocks the most novel threats up to 13 days faster than traditional security tools.

Learn more about AI-led BEC threats, how these threats extend beyond the inbox, and how organizations can adopt defensive AI to outpace attacker innovation in the white paper “Beyond the Inbox: A Guide to Preventing Business Email Compromise.”

Continue reading
About the author
Carlos Gray
Product Manager
Your data. Our AI.
Elevate your network security with Darktrace AI