Darktrace Transforms Security Operations and
Improves Cyber Resilience with Launch of Darktrace ActiveAI
Security Platform™
Cambridge, UK
April 9, 2024
· New innovations in Darktrace
ActiveAI Security Platform provide more complete visibility across
the enterprise to eliminate alert fatigue and illuminate security
gaps freeing security teams' to proactively improve cyber
resilience.
· Platform launches in an era
of increasing AI-augmented threats, with new research finding that
74% of security professionals believe these threats are already
having an impact, but 60% report their organization is
unprepared.
Darktrace, a global leader
in cybersecurity
AI, today introduced the
Darktrace
ActiveAI Security Platform™. The
platform includes Darktrace's existing best-in-class
security products supplemented by a set
of new industry-first innovations and features, including for email
and operational technology (OT). The platform uses AI to transform
security operations from reactive to proactive and improve cyber
resilience. To uplift human security analysts, the platform
identifies weaknesses in security controls and processes before
they are exploited, detects and responds to unknown, known, and
novel threats, and automates the investigation of every alert to
completion to reduce the manual triage process. Core to the
platform is the ability to visualize, correlate, and investigate
security incidents across cloud, email, network, endpoint,
identity, and OT, as well as third-party tools and
applications.
"At Capital Brands, we have a small
team so maximizing our technology investments is crucial to ensure
we are operating as efficiently and effectively as possible," said
Peter Huh, CIO & CTO, Capital Brands, which develops and sells
domestic appliances with a focus on wellness nutrition to
households in over 100 markets worldwide. "Darktrace's platform
acts as a force multiplier for us, allowing our team to move away
from the purely reactive nature of cybersecurity - which often
leaves security teams one step behind - to a more proactive state.
We gain a deep understanding of our environment that helps us
prioritize in a way we haven't been able to in the past. We can
automatically identify vulnerabilities so we can quickly remediate
the things that matter and deprioritize the things that
don't."
"Security teams are reaching a
breaking point, forced into a reactive state by too many alerts,
too little time, and a fragmented security stack," said Max
Heinemeyer, Chief Product Officer, Darktrace. "Building on a decade
of experience applying AI to transform security operations for
thousands of customers, the Darktrace ActiveAI Security Platform
takes a unique approach from the rest of the industry. It
correlates incidents across the digital environment and automates
investigations to uplift security teams and free them from the
manual, time-intensive alert triage process so they can focus their
time on building proactive cyber resilience."
New
Report Finds Lack of Cyber Preparedness in an AI-Threatened
World
AI is beginning to amplify the
already complex threats faced by cyber security professionals.
The
rise of offensive AI combined with automation and
cybercrime-as-a-service is increasing
the speed, sophistication, and success of cyber security attacks.
Multi-stage and multi-domain attacks are now widely used by
adversaries, who take advantage of a lack of visibility and siloes
to move undetected between systems.
A new Darktrace-commissioned report
released today underscores the challenges facing businesses in this
rapidly evolving cyber-threat landscape. Darktrace's
State of AI
Cybersecurity 2024 report, which
surveyed nearly 1,800 security leaders and practitioners in 14
countries, found 74 percent of respondents believe AI-augmented
cyber threats are already having a significant impact on their
organizations, yet 60 percent believe they are currently unprepared
to defend against these attacks. The report also
found:
·
Organizations face two top inhibitors to defending
against AI-augmented threats: insufficient knowledge or use of
AI-driven countermeasures[1] and insufficient
personnel to manage tools and alerts[2].
·
Security professionals surveyed believe defensive
AI will effectively counter offensive AI, with 71 percent of
respondents indicating they are confident that AI-augmented
security solutions will be able to detect and block AI-augmented
threats. However, only 26 percent fully understand which types of
AI are used in their security stack today.
·
As they prepare for these threats, security teams
want to consolidate their tools. 85 percent of those surveyed
agreed that a platform approach is more effective at stopping
threats.
Introducing the Darktrace ActiveAI Security
Platform
Against this backdrop, Darktrace is
introducing the Darktrace ActiveAI Security
Platform to help organizations
transform their security operations from a focus on reactive threat
detection to proactive cyber resilience. The platform includes
Darktrace's core detection
and autonomous
response capabilities with
pre-breach prevention,
attack simulation and recovery capabilities
in a single, holistic solution with a common AI architecture. The
platform enables teams to visualize and correlate events across a
broad set of domains including cloud, email, endpoint, identity,
network, and OT environments.
The platform is built on Darktrace's
Self-Learning AI engine, which directly applies multiple types of
Al to the data of each business so that it can continuously learn
from its unique digital environment to understand what is normal
and what is not. Darktrace's AI detects known, unknown, and novel threats in real-time and provides an
autonomous response that contains active threats without disrupting
business operations.
New features and innovations
unveiled today in the Darktrace ActiveAI Security Platform
include:
·
More explainable,
automated, and customizable investigations for all
alerts: Darktrace Cyber AI Analyst™
will now reveal the results of its investigations for every
security alert, rather than just those escalated to an incident.
This helps security analysts understand how the AI reached its
conclusion that escalation wasn't required. Cyber AI Analyst also
can now be customized to perform investigations that are tailored
to each business's unique needs. For example, it can investigate
activity surrounding a threat intelligence finding from a 3rd party
alert for evidence of a cyber incident or investigate activity
surrounding violations of a company-specific compliance policy for
evidence of an insider threat. Cyber AI Analyst was
first introduced in 2019 and uses AI
trained to mirror how human security analysts conduct
investigations. Unique in the industry, it automatically
investigates every alert to completion and identifies precise
response actions that can be taken autonomously to contain threats.
Rather than security teams triaging a small portion of alerts,
Cyber AI Analyst triages all of them. This helps to reduce alert
fatigue and free up time for security teams, who can instead focus
on proactively hardening their security controls and refining
incident handling procedures.
·
Decryption: The platform will
include new integrations with third-party network solutions to
provide decrypted traffic feeds and decryption keys. It will also
include native decryption for Microsoft Windows and Apple Mac
applications, including internet browsers.
·
New Firewall Rule
Analysis to Pre-empt Threats: Darktrace
PREVENT/End-to-End™, which provides
pre-breach preparation, now includes the ability to analyze
firewall rules, allowing it to provide a more comprehensive view of
potential unauthorized traversal points or attack paths within IT,
OT or in between, identifying risks in configuration and pre-empt
threats.
Additionally, Darktrace will release
enhancements to its best-in-class email and OT security solutions,
which can be purchased as stand-alone products based on each
organization's unique project needs.
Darktrace/Email™
will include new features that use AI to stop early-stage phishing,
spot early symptoms of account compromise across a broader range of
communications and increase SOC efficiency. The new features
include:
·
New data loss
prevention capabilities that use AI
to detect abnormal user behavior and changes to content beyond
those offered by native email providers, helping teams identify the
full spectrum of accidental and malicious data loss.
·
Coverage for
Microsoft Teams to detect and stop
novel, insider, and sophisticated early phishing threats often
missed by other solutions, especially when communications span both
collaboration and email tools.
·
New
Darktrace/DMARC creates an easy way to help protect an
organization's brand with an
industry first AI-assisted deployment of the
Domain-based Message Authentication (DMARC) email authentication
protocol to continuously stop others
spoofing and phishing from a business's domain names.
·
More robust
account takeover protection that can now prevent lateral mail
compromise with an addition to our
AI behavioral profile for each user that spots early symptoms of
account compromise and malicious insiders before a link or
attachment payload is sent and exfiltration occurs.
·
New Mailbox
Security Assistant feature helps to reduce reporting of potential
false positives by 60 percent[3], which can help the security
team save time on analysis. The feature provides end-users with a
natural language summary and context of why an email may be
malicious. This helps improve their knowledge and decrease the risk
of successful phishing attempts.
·
New behavioral
link analysis capabilities that can
reveal hidden intent within interactive and dynamic webpages to
help users and security teams detect more sophisticated malicious
phishing links.
Darktrace/OT™
will include
new capabilities that go beyond
traditional Common Vulnerability and Exposure (CVE) scoring to help
organizations identify, prioritize, mitigate, and continuously
review the risks and potential attack paths that are specific to
their OT infrastructure. In addition to identifying and
prioritizing risks more effectively, Darktrace/OT can now evaluate
each business's defenses against the tactics of Advanced Persistent
Threat (APT) Groups. Darktrace/OT maps MITRE techniques and known
threat groups tools, tactics, and procedures (TTPs) against unique
attack paths identified within the business.
Availability
New features in the
Darktrace
ActiveAI Security Platform are expected
to be available in early calendar Q2 2024.
Additional Resources
·
Tune in to the
Darktrace Virtual Innovation Launch at
1pm BST or 2pm ET. A replay of the event will be available on
demand, and you can read more about the platform on the Darktrace
blog
here.
·
Download the full Darktrace State
of AI Cybersecurity Report and
read the post on the Darktrace
blog.
·
Go deeper on the new innovations in
Darktrace/Email and
Darktrace/OT on the Darktrace
blog.
ABOUT DARKTRACE
Darktrace (DARK.L), a global leader
in cybersecurity artificial intelligence, is on a mission to free
the world from cyber disruption. Breakthrough innovations from our
R&D teams in Cambridge, UK, and The Hague, Netherlands have
resulted in over 175 patent applications filed. Rather than study
historic attacks, Darktrace's technology continuously learns and
updates its knowledge of your business data and applies that
understanding to help transform security operations to a state of
proactive cyber resilience. The Darktrace ActiveAI Security
Platform™ provides a full lifecycle approach to cyber resilience
that can autonomously spot and respond to known and unknown in
progress threats within seconds across the entire organization,
including cloud, apps, email, endpoint, network and operational
technology (OT). Darktrace, which listed on the London Stock
Exchange in 2021, employs over 2,300 people around the world and
protects over 9,200 customers globally from advanced cyber threats.
To learn more, visit http://www.darktrace.com.