Augment and uplift your security team
Human security teams often lack the resources to conduct full investigations into incidents, leading to important facets of attacks being overlooked. Intelligence Augmentation dramatically extends the reach and efficiency of in-demand and time-pressed cyber experts.
Mimicking human intuition
Over a period of three years, Darktrace developed AI that observed how expert security analysts interacted with the output of our Self-Learning AI and came to conclusions about threat scenarios and incidents.
The AI analyzed the way that analysts formulate hypotheses, ask questions, and follow leads to reveal the full scope of a security incident.
As a result of this project, Darktrace produced the first ever ‘AI Analyst’ that mimics human intuition by intelligently stitching together multiple, disparate information sources, in order to prioritize workloads, and perform fully-fledged, expert-grade threat investigations in real time.
AI and second-order effects
While Self-Learning AI makes sense of raw data from across the digital enterprise, and establishes patterns of behavior in order to pinpoint threats, Intelligence Augmentation applies a second layer of AI on top of this, using supervised machine learning to assess the output of these findings.
The result is AI-detected security events feeding into overarching incident summaries which showcase the full scope, origin and extent of the compromise.
The investigation process
- A single alert or event serves as the ‘lead’ of an investigation.
- Like a human analyst, Intelligence Augmentation starts with this lead and generates plausible hypotheses about the nature of the potential threat and the potential underlying cause.
- It then queries and analyzes data that may confirm, deny, or refine its hypotheses – using custom algorithms.
- This process is repeated continuously until it settles on a high-level description of the nature and root cause of the wider security incident.
This process of threat investigation takes a human analyst three hours on average to complete.
Intelligence Augmentation can perform multiple investigations simultaneously across your organization, at machine speed.
Reduce time to meaning by 92%
Intelligence Augmentation uses natural language processing to present its work and conclusions in a human-readable format. It can automatically produce a written report about a threat investigation in any language, which summarises key information and reduces both time to meaning and time to response for security teams.