Darktrace launches ActiveAI Security Platform
Image by thinkhubstudio / Copyright Shutterstock
The platform uses AI to transform security operations from reactive to proactive and improve cyber resilience. To uplift human security analysts, the platform identifies weaknesses in security controls and processes before they are exploited, detects and responds to unknown, known, and novel threats and automates the investigation of every alert to completion to reduce the manual triage process. Core to the platform is the ability to visualise, correlate and investigate security incidents across cloud, email, network, endpoint, identity and OT, as well as third-party tools and applications.
Peter Huh, CIO & CTO, Capital Brands, which develops and sells domestic appliances with a focus on wellness nutrition to households in over 100 markets worldwide, said: “At Capital Brands, we have a small team so maximising our technology investments is crucial to ensure we are operating as efficiently and effectively as possible.
“Darktrace’s platform acts as a force multiplier for us, allowing our team to move away from the purely reactive nature of cybersecurity – which often leaves security teams one step behind – to a more proactive state. We gain a deep understanding of our environment that helps us prioritise in a way we haven’t been able to in the past. We can automatically identify vulnerabilities so we can quickly remediate the things that matter and deprioritise the things that don’t.”
Max Heinemeyer, Chief Product Officer, Darktrace, said: “Security teams are reaching a breaking point, forced into a reactive state by too many alerts, too little time and a fragmented security stack.
“Building on a decade of experience applying AI to transform security operations for thousands of customers, the Darktrace ActiveAI Security Platform takes a unique approach from the rest of the industry. It correlates incidents across the digital environment and automates investigations to uplift security teams and free them from the manual, time-intensive alert triage process so they can focus their time on building proactive cyber resilience.”
AI is beginning to amplify the already complex threats faced by cyber security professionals. The rise of offensive AI combined with automation and cybercrime-as-a-service is increasing the speed, sophistication and success of cyber security attacks. Multistage and multidomain attacks are now widely used by adversaries, who take advantage of a lack of visibility and siloes to move undetected between systems.
A new Darktrace-commissioned report released earlier this week, underscores the challenges facing businesses in this rapidly evolving cyber-threat landscape. Darktrace’s State of AI Cybersecurity 2024 report, which surveyed nearly 1,800 security leaders and practitioners in 14 countries, found 74% of respondents believe AI-augmented cyber threats are already having a significant impact on their organisations, yet 60% believe they are currently unprepared to defend against these attacks. The AI Cybersecurity report also found:
- Organisations face two top inhibitors to defending against AI-augmented threats: insufficient knowledge or use of AI-driven countermeasures and insufficient personnel to manage tools and alerts.
- Security professionals surveyed believe defensive AI will effectively counter offensive AI, with 71% of respondents indicating they are confident that AI-augmented security solutions will be able to detect and block AI-augmented threats. However, only 26% fully understand which types of AI are used in their security stack today.
- As they prepare for these threats, security teams want to consolidate their tools, plus 85% of those surveyed agreed that a platform approach is more effective at stopping threats.
Against this backdrop, Darktrace is introducing the Darktrace ActiveAI Security Platform to help organisations transform their security operations from a focus on reactive threat detection to proactive cyber resilience. The platform includes Darktrace’s core detection and autonomous response capabilities with pre-breach prevention, attack simulation and recovery capabilities in a single, holistic solution with a common AI architecture. The platform enables teams to visualise and correlate events across a broad set of domains including cloud, email, endpoint, identity, network and OT environments.
The platform is built on Darktrace’s Self-Learning AI engine, which directly applies multiple types of Al to the data of each business so that it can continuously learn from its unique digital environment to understand what is normal and what is not. Darktrace’s AI detects known, unknown and novel threats in real-time and provides an autonomous response that contains active threats without disrupting business operations.
New features and innovations unveiled this week in the Darktrace ActiveAI Security Platform include:
- More explainable, automated and customisable investigations for all alerts: Darktrace Cyber AI Analyst will now reveal the results of its investigations for every security alert, rather than just those escalated to an incident. This helps security analysts understand how the AI reached its conclusion that escalation was not required. Cyber AI Analyst also can now be customised to perform investigations that are tailored to each business’s unique needs. For example, it can investigate activity surrounding a threat intelligence finding from a third party alert for evidence of a cyber incident or investigate activity surrounding violations of a company-specific compliance policy for evidence of an insider threat. Cyber AI Analyst was first introduced in 2019 and uses AI trained to mirror how human security analysts conduct investigations. Unique in the industry, it automatically investigates every alert to completion and identifies precise response actions that can be taken autonomously to contain threats. Rather than security teams triaging a small portion of alerts, Cyber AI Analyst triages all of them. This helps to reduce alert fatigue and free up time for security teams, who can instead focus on proactively hardening their security controls and refining incident handling procedures.
- Decryption: The platform will include new integrations with third-party network solutions to provide decrypted traffic feeds and decryption keys. It will also include native decryption for Microsoft Windows and Apple Mac applications, including internet browsers.
- New Firewall Rule Analysis to Pre-empt Threats: Darktrace PREVENT/End-to-End, which provides pre-breach preparation, now includes the ability to analyse firewall rules, allowing it to provide a more comprehensive view of potential unauthorised traversal points or attack paths within IT, OT or in between, identifying risks in configuration and pre-empt threats.
Above: Darktrace Cyber AI Analyst now reveals the results of its investigation for every security alert to help security analysts understand how the AI reached its conclusion and why it took specific actions. Cyber AI Analyst can visualise, correlate and investigate security incidents across all areas of the digital environment, as well as from third party tools.
Courtesy Darktrace
Additionally, Darktrace will release enhancements to its best-in-class email and OT security solutions, which can be purchased as stand-alone products based on each organisation’s unique project needs.
Darktrace/Email will include new features that use AI to stop early-stage phishing, spot early symptoms of account compromise across a broader range of communications and increase SOC efficiency. The new features include:
- New data loss prevention capabilities that use AI to detect abnormal user behaviour and changes to content beyond those offered by native email providers, helping teams identify the full spectrum of accidental and malicious data loss.
- Coverage for Microsoft Teams to detect and stop novel, insider and sophisticated early phishing threats often missed by other solutions, especially when communications span both collaboration and email tools.
- New Darktrace/DMARC creates an easy way to help protect an organisation’s brand with an industry first AI-assisted deployment of the Domain-based Message Authentication (DMARC) email authentication protocol to continuously stop others spoofing and phishing from a business’s domain names.
- More robust account takeover protection that can now prevent lateral mail compromise with an addition to our AI behavioural profile for each user that spots early symptoms of account compromise and malicious insiders before a link or attachment payload is sent and exfiltration occurs.
- New Mailbox Security Assistant feature helps to reduce reporting of potential false positives by 60%, which can help the security team save time on analysis. The feature provides end-users with a natural language summary and context of why an email may be malicious. This helps improve their knowledge and decrease the risk of successful phishing attempts.
- New behavioural link analysis capabilities that can reveal hidden intent within interactive and dynamic webpages to help users and security teams detect more sophisticated malicious phishing links.
Above: The new Mailbox Security Assistant feature in Darktrace/Email uses AI to provide end users real-time contextual feedback of each reported email. This helps to upskill end-users and reduces the time security teams spend analysing end-user reports of false positives. This image shows a user analysed email that would be reported to the security team for continued re-evaluation and learning.
Courtesy Darktrace
Above: This image shows the same email from the perspective of a security professional after it has been analysed and reported by an end-user using the new Mailbox Security Assistant feature in Darktrace/Email.
Courtesy Darktrace
Darktrace/OT will include new capabilities that go beyond traditional Common Vulnerability and Exposure (CVE) scoring to help organisations identify, prioritise, mitigate and continuously review the risks and potential attack paths that are specific to their OT infrastructure. In addition to identifying and prioritising risks more effectively, Darktrace/OT can now evaluate each business’s defences against the tactics of Advanced Persistent Threat (APT) Groups. Darktrace/OT maps MITRE techniques and known threat groups tools, tactics and procedures (TTPs) against unique attack paths identified within the business.
New features in the Darktrace ActiveAI Security Platform are expected to be available in early calendar Q2 2024.
Breakthrough innovations from Darktrace R&D teams in Cambridge, UK and The Hague, Netherlands, have resulted in over 175 patent applications filed. Rather than study historic attacks, Darktrace's technology continuously learns and updates its knowledge of business data and applies that understanding to help transform security operations to a state of proactive cyber resilience.