Machine learning wards off threats at TV studio Bunim Murray
When the world locked down in the spring of 2020 and millions of people all over the world suddenly had pivot to a culture of semi-permanent remote working, security teams and IT professionals were forced to contend with an equally sudden pivot among cyber criminals to exploiting the pandemic, and the gaping holes many businesses left open in the rush to maintain a semblance of normalcy.
But for California-based television studio Bunim Murray, fears that stressed remote workers would become unwitting victims to cyber threats were allayed thanks to a multi-year partnership with British cyber security wunderkind Darktrace, and the recent adoption of its Antigena Email product – described as a “self-defending” inbox.
While its name is probably little-known to most viewers, Bunim Murray is kind of a big deal in TV. Founded in the late 1980s when two TV producers were flung together to produce a so-called ‘unscripted soap opera’ for the MTV network, the resulting show, The Real World, was instrumental in establishing the reality TV genre. The new company went on to develop global hits including Keeping Up With The Kardashians, Project Runway and The Simple Life.
Bunim Murray’s CTO Gabe Cortina arrived at the firm with the infamous 2014 hack on Sony Pictures weighing on his mind. This incident centred on the release of The Interview, a comedy starring Seth Rogen and James Franco which depicted the fictionalised assassination of North Korean dictator Kim Jong-Un. Likely perpetrated by groups with links to the North Korean state, the large-scale leak of data from the studio caused great embarrassment for many high-profile individuals.
From the get-go, Cortina understood that a similar kind of breach could be seriously damaging to Bunim Murray. “We’ve been in business for 30 years. We have a strong brand and we’re known for delivering high-quality shows,” he tells Computer Weekly.
“We’re always thinking about this because it’s not just about losing control of intellectual property. If there is disruption to the business, a lot of the time we’re basically delivering shows [to networks] the same day they air. So if we have an incident and it takes us three days to recover, that would mean we’re delivering late.”
Within a few weeks of taking up his post, Cortina found himself faced with a cyber security incident. “That was a wake-up-call for our CEO and CFO to do something about security,” he says. “It turned out that we were able to handle the intrusion and it wasn’t a big deal for us, but it could have been more serious.
“At that point, our journey started, and it started with some of the basics of security, just having good policies, good practices and making sure our infrastructure was up to date,” he says. “And as I was starting to progressively build out our security, I heard about machine learning being used more and more in intrusion detection, and Darktrace, believe it or not, cold called me.”
A new security team
Cortina arranged a meeting with Darktrace’s sales team, although he concedes he was still a sceptic when it came to realising the benefits of machine learning in security.
“I said, ‘What I’d like to do is go through a bake-off with several different products – I’d like to include yours, is it possible I could try it?’. Within a week, we had the Darktrace Immune System inside our datacentre,” he says.
“When it turned on it was the first time I’d ever actually seen everything on our network, and over the course of a week and a half it baselined all the activity of all of our users. It was amazing.” Cortina cancelled the bake-off and bought it.
“It wasn’t like we just got an appliance or a service, we got the benefit of their entire team. They did a really good job of making sure it was up and running, and because every environment is different the Darktrace team helped us tune the machine learning with models that helped reduce false positives and so forth – so immediately we started getting benefits.
“We also use it like a feedback system – as we saw different threat vectors come in, it would give us information on what we needed to do. So not only was it stopping threats, but it was alerting us to potential threats that we could shore up against across our entire platform.
“Instead of having to spend a lot of time on security and keep up with everything, it’s just like having a big security team. Darktrace is now our security team, really.
“Plus there’s the fact that Darktrace’s machines are actually learning for every installation they do. When they add another customer and other threat factors come in there, Darktrace is basically learning everything that’s going on, so we’re getting the benefit of group knowledge in close to real-time.”
But it is since the advent of the Covid-19 pandemic that the relationship has kicked up a notch. Most of Bunim Murray’s applications are SaaS-based, hosted in the cloud, so switching over to remote working was never going to be as big of a challenge as it would have been for an on-premise devotee. But nevertheless, says Cortina, the presence of an automated security service helped ease the process a little bit more.
“We’ve built our infrastructure around flexibility and usability, and Darktrace fits right into that sweet spot,” he says. “During that transition, when we were so focused on everybody having the right equipment at home and there was a lot of chaos going on, it was nice not to have to worry about security.”
With phishing attacks proving particularly effective at reeling in victims during the pandemic, Darktrace’s Antigena Email solution has proved a vital new element in the security arsenal for Bunim Murray, on top of the enterprise service.
More widely, Darktrace reckons that usage of Antigena has more than doubled this year. At the beginning of lockdown in March, it saw a fourfold increase in requests for free trials of the product, and for good reason – in April 2020 alone, it says that 60% of all the spear phishing attacks it stopped related to Covid-19.
In light of this, Antigena’s ability to distinguish a malicious phishing email from a genuine business communication has probably never been more critical. The technology works by building an understanding of normal activity for corporate email environments and the individual users, and using that understanding to detect incoming novel or targeted attacks that traditional email security tools might inadvertently let through.
Cortina had been using software to train and test end-users on how to spot phishing attacks – and had actually had some success at reducing the number of people who fell for them during a test scenario, down from 43% at first to low-single digit percentage. The firm was also using Microsoft’s Advanced Threat Protection (ATP) service.
“We had ATP turned on and we were using that when we turned on Antigena, and it just removed all the phishing issues. In fact, we decided we should probably stop the end-user training and turn off ATP because it was confusing,” says Cortina. “So now we’ve removed all that and we just have Antigena.”
When Cortina first turned it on, he says he at first felt a little overwhelmed by phishing alerts, but explains that this was because he had never before realised the scale of the problem as the combination of ATP and user training was simply not catching enough.
He worked through the initial bout of alert fatigue with Darktrace’s assistance, fine tuning the machine learning models to establish what was serious and what was not. The number of alerts quickly began to drop again, and now all he receives are significant, direct phishing attempts – the Darktrace platform just bats away the slower balls.
This has been a game changer in several ways, not least because it has made life much easier for the average Bunim Murray user.
“Quite frankly, people don’t want to learn about security. They don’t want to have to learn to look at an email and try to figure out if it’s a phish or not. The best thing is to never have to look at it, right?” says Cortina.
“Occasionally we will still get folks who will say they got an email and it looks suspicious and we’ll go through it with them, but we used to have to do that on a daily basis. Now it’s fairly infrequent that we have to actually go through and respond to a user who’s suspicious of a phish. It’s just catching them inside the system.”
Had a malicious email reached its target, Cortina says he could easily have found himself in a situation where a well-intentioned user clicked on a link thinking they were getting accurate and up-to-date information on Bunim Murray’s Covid-19 response, not recognising that they were opening themselves up to compromise with malware, ransomware, or worse. For him, Antigena has removed this worry altogether.