What’s New

Attack Path Modeling

Cross-domain, end-to-end attack path modeling technology which provides a comprehensive view of risk-prioritized attack paths, unique to your business – allowing resources and attention to be appropriately allocated to help best defend your most critical assets.

Turn the tables on your (future) adversary

The next phase of security will bring a greater focus on preventing attacker movement, making cyber-attacks much more difficult and far less likely to succeed. This can be achieved through modeling probable attack paths using real data from your environment.

In this short video, discover how Attack Path Modeling learns information from across your digital environment to determine end-to-end attack paths an adversary may take to access the key assets in your environment.

Watch the video: Attack Path Modeling

Model how an adversary would attack you

Identify and prioritize your organization’s most serious risks to provide insight into where effort and resource should be most immediately applied. Darktrace’s Attack Path Modeling gives your security team a comprehensive view of realistic, risk-prioritized attack paths so that key assets can be best defended.

As the underlying technology powering the Darktrace Prevent product family, it offers a real-time, automated, dual-aspect, multi-data-source, end-to-end capability for attack path modeling.

Calculate risks based on probability and impact

Once the target nodes are identified, the shortest attack path from all possible entry points (ingress nodes) to the target nodes is calculated. Attack paths are weighted according to their impact versus length, and their probability associated with the start node to determine the most likely and most impactful path an attacker could realistically take within your business, to target your key assets.

Run highly realistic, end-to-end simulations

The cyber security team is now armed with key outputs including lateral movement probability, impact scores and ingress probabilities, allowing attack path modeling simulation based on real data to occur. Further simulation can be run to identify how to best neutralize attack paths at the choke points, minimizing the risk of attack paths to key assets being exploited. It may also be beneficial to feed the outputs of these simulations directly to Darktrace Detect and Respond components of the Continuous Cyber AI Loop to automatically heighten sensitivity and ensure autonomous response coverage.

AI-based Attack Path Modeling gives security teams the ability to assess risk, identify vulnerabilities, and take counter measures to protect key assets, even disrupt the “disruptors.”

Based on graph theory research

Darktrace Attack Path Modeling is based upon research performed at Darktrace Cyber AI Research Centre in Cambridge. Graph theory represents organizational networks as directional, weighted graphs with nodes (where multiple lines meet) and edges (the lines that connect them). Conceptually simple, a directed, weighted graph can be used to identify the path of lowest resistance to key assets — estimating the probability that an adversary will be able to conduct successful lateral movement from node A to node B.

Read more about Darktrace research

The importance of sourcing data across domains

A skilled cyber adversary strives to exploit vulnerabilities spanning a wide variety of domains, internal and external to an organization. As a result, sourcing data across those domains is critical to creating a realistic, end-to-end model of attack paths exploited by cyber adversaries.

Those domains include, but are not limited to email, Active Directory, SaaS/cloud, endpoint, network, attack surfaces, and vulnerability scans. If one or more of these domains is overlooked, the security team will be unable to fully identify or evaluate vulnerabilities to attack. Nor will it be possible to optimize defensive resources and remediation efforts.

Darktrace Prevent, a component of the Continuous Cyber AI Loop

Attack Path Modeling powers Darktrace Prevent, a new product family* and critical component in the Continuous Cyber AI Loop, designed to give security teams a comprehensive view of realistic, risk-prioritized attack paths so that resources can be best allocated to defend key assets. This technology builds on Darktrace Self-Learning AI, an “engine” that produces continuously updated data for all assets across the entire digital domain.

* The first module of Darktrace Prevent is currently being tested by early adopter customers. General availability is expected in 2022.