‘Under the Radar’ Insider Threats Detected by Darktrace

Silent and Deadly Threats Uncovered By Enterprise Immune System

Cambridge, UK
Thursday March 31, 2016

Darktrace, the leader in Enterprise Immune System technology, has detected three insider threats that successfully bypassed traditional security tools, which could have resulted in serious cyber attacks and compromises.

Insider threat continues to grow in prevalence as traditional perimeter defenses fail to detect perpetrators already inside the network. As legitimate network users, insiders can furthermore cover their tracks and evade security teams more easily.

“Darktrace’s self-learning technology uncovers threats everyday across its 200-strong customer base, which go unnoticed by traditional security tools,” said Nicole Eagan, CEO at Darktrace. “Whether deliberate or not, the behaviors of employees and contractors can significantly endanger an organization. Businesses can address insider threats by using technology that proactively detects them and provides a measured response.”

It can take up to 230 days for a company to realize they have been breached and critical systems compromised.

Using machine learning and mathematics, developed by specialists from the University of Cambridge, ‘immune system’ technology spots emerging attacks that hide within noisy networks. By learning a network’s ‘pattern of life’, Darktrace’s Enterprise Immune System identifies emerging, abnormal behaviors, no matter how subtle. Unlike traditional security tools, Darktrace finds these threats without using rules or signatures.

Facebook Weapon in Data Leak Deceit

A bank in Italy, using Darktrace, experienced an insider threat, involving the large-scale exfiltration of sensitive data to a group of unidentified computers. Legitimate user credentials were used to send large volumes of data outside the organization via Facebook. The Enterprise Immune System detected anomalous behavior within three minutes, and issued a threat alert, which enabled the bank’s security team to curb the emerging threat.

Novel iMessage Abuse

An employee used iMessage to send copious information from an internal file server of a large entertainment company, outside the network. No rules or signatures could have pre-empted this attack. However, the company had complete visibility of their network using Darktrace and stopped the threat in time.

Trusted Supplier Compromises Power Plant Data

A major Australian power station detected a large-scale data transfer of sensitive information to a home router. Further investigation revealed this to be a third-party temporary contractor passing useful documentation back to his home storage device for subsequent use. Before activity was judged to be malicious or otherwise, Darktrace flagged the threat immediately, allowing the risk to be mitigated before any irreversible damage was done.

To learn more about threats detected by Darktrace’s Enterprise Immune System, visit www.darktrace.com/products.

About Darktrace

Named ‘Technology Pioneer’ by the World Economic Forum, Darktrace is one of the world’s leading cyber threat defense companies. Its Enterprise Immune System technology detects previously unidentified threats in real time, powered by machine learning and mathematics developed at the University of Cambridge, which analyze the behavior of every device, user and network within an organization. Some of the world’s largest corporations rely on Darktrace’s self-learning appliance in sectors including energy and utilities, financial services, telecommunications, healthcare, manufacturing, retail and transportation. The company was founded in 2013 by leading machine learning specialists and government intelligence experts, and is headquartered in Cambridge, UK and San Francisco, including offices in Auckland, Boston, Chicago, Dallas, London, Los Angeles, Milan, Mumbai, New York, Paris, Seoul, Singapore, Sydney, Tokyo, Toronto and Washington D.C.