Image of a digital cloud over a nightime cityscape

Extending intelligent security into the cloud

How The Server Labs helped Genomics England extend their Darktrace cybersecurity solution from on-prem into the cloud

Genomics England runs much of its world-leading genomics research processing in the cloud. GEL analyses vast quantities of highly sensitive data so cloud security is a high priority. When they decided to extend their Darktrace protection from on-premise to the cloud, they turned to cloud security experts The Server Labs.

Value at a glance

  • Protecting terabytes of sensitive data in the cloud
  • Extending Darktrace cybersecurity from on-prem to the cloud
  • Creating a single cybersecurity environment
  • Harnessing the power of machine-learning for cybersecurity

Image of a cloud outline with a padlock inside it, over a network of lights

Genomic research in the cloud

The security imperative

Genomics England Limited (GEL) carries out genomic research and analysis to create advanced healthcare outcomes. It stores, processes and analyses enormous quantities of genomic and other clinical data to advance knowledge of the human genome and how its power can be harnessed by medicine.
In order to better manage the processing of their complex research data environments, GEL migrated many of their systems to the AWS cloud.

The data that GEL processes is highly sensitive – including individual medical information as well as long-term studies and research findings. They need to protect that data from bad actors at all costs.
Within their on-premise systems, GEL were using Darktrace, and so decided that the logical step was to extend the protective shield that Darktrace offers into their cloud environment.

Darktrace - an immune approach to cyber security

Darktrace threat detection software is based on machine learning and inspired by the way living organisms fight infection. It offers a unique approach to cyber security, based on three key principles:

  • Security must be specific to each organisation, and not
    reliant on historical attack data.
  • The recognition that cybersecurity is no longer a human-
    scale solution.
  • The need for a continuous AI loop and security ecosystem.
Image of a network of lights, attached to multiple brains

Darktrace - learning each network

Turning to a trusted partner

The idea behind Darktrace is that each organisation’s network has its own unique identity: individual traffic patterns, applications, hardware, browsing patterns, and user behaviour. Darktrace learns these patterns so that it can detect any deviations.


Unlike traditional security solutions, the Enterprise Immune System does not rely on policies or threat signatures – instead, it uses Recursive Bayesian Estimation (RBE) theory to learn about the ‘normal’ state of the network, and identify anomalies which do not fit that pattern. This approach can help detect attackers that have already breached the network perimeter, and do this in real-time.

When it came to designing and implementing the Darktrace environment for the cloud, Genomics England approached The Server Labs (TSL). TSL are cloud architects and experts in cloud security.


GEL already had a physical Darktrace appliance managing their on-premise environment, so the approach was to install Darktrace in the cloud, and to network the cloud deployment back to the appliance.

The solution

The Server Labs designed a security architecture based on the Darktrace ‘vSensor’ - a virtual appliance that can be deployed alongside virtualized switches with a minimum impact on hardware performance. The key elements of the solution include:

VPC

Amazon Virtual Private Cloud (VPC) traffic mirrors copies traffic from Amazon Elastic Compute Cloud (Amazon EC2) instances and each VPC has its own vSensor.

S3

Traffic from each VPC is directed to an S3 bucket.

VSensors

Data is sent to vSensors from Darktrace osSensors on virtual machines, containerised applications, and legacy EC2 instance types that do not support traffic mirroring.

CI/CD

As a deployment approach automation is used to get workloads configured, deployed and setup using Terraform, Ansible and CI/CD pipeline.

A secure enterprise-wide shield

With The Server Labs’ help, Genomics England is confident that they have a single, highly protective shield around their entire operation. Their data is protected, allowing them to focus on data analysis and their ground-breaking research.

Get in touch
image of a globe attached to multiple computer screens, with code in the background

Darktrace was helping to secure GEL’s on-premise data and we were able to extend that protection to their cloud infrastructure. GEL now has a single security system across all its platforms.

Paul Parsons

CTO, The Server Labs