Cyber AI Platform
The application of artificial intelligence to the cyber defense challenge has marked a fundamental shift in our ability to protect critical data systems and digital infrastructures. For strained security teams, it offers the possibility to keep pace with an ever-evolving threat landscape.
While rule and signature-based solutions offer some protection against pre-identified threats, the reality is that attacks consistently evade these and get inside your network. Powered by unsupervised machine learning, Cyber AI responds to these threats before they become a crisis.
Cyber AI is a self-learning technology – like the human immune system, it learns ‘on the job’, from the data and activity that it observes in situ. This means making billions of probability-based calculations in light of evolving evidence.
This self-learning ability enables Cyber AI to uncover rare and previously unseen patterns in information, amid the noise of everyday activity across an organization’s digital systems. By detecting subtle deviations from the organization’s ‘pattern of life’, it can distinguish friend from foe – and highlight true cyber-threats or attacks that would otherwise go unnoticed.
Darktrace’s Cyber AI Platform is relied on by more than 3,500 organizations worldwide.
As a new generation of cyber-threats, powered by offensive AI, emerge, Autonomous Response AI will be critical to fight back with the precision and speed necessary. These machine-speed attacks will only be countered by AI defenses that can stay one step ahead – allowing humans precious time to catch up.
Security teams are overwhelmed. Today’s threats are so fast-moving that they can take down entire datacenters in a matter of minutes. With these attacks getting more advanced by the day, and the digital business growing in scale and complexity, human security teams simply cannot respond to threats fast enough.
Darktrace’s Autonomous Response technology, Darktrace Antigena, uses Cyber AI to calculate the best action to take, in the shortest period of time, to effectively respond to a cyber-attack.
Because Darktrace’s Cyber AI learns the ‘self’ for your enterprise from scratch and has a highly evolved understanding of what’s normal, it can even respond to subtle threats that have never been seen before, but that could jeopardize key systems or data.
Like a digital antibody within the human immune system, Autonomous Response works by enforcing the ‘pattern of life’ of a threatening user or device, surgically neutralizing attacks and giving security teams critical time to catch up.
Autonomous Response AI technology by Darktrace is the first of its kind, and has been recognized by leading experts, including the Royal Academy of Engineers, as a “pioneering innovation”.
Cyber AI Analyst
Darktrace’s Cyber AI Analyst is a technology that harnesses the best expertise from world-class security analysts to automate more of the investigation process and augment security analysts.
By learning from a rich data set built up over thousands of AI deployments worldwide, the technology executes expert investigations at machine-speed, achieving significant time savings for security analysts. The Cyber AI Analyst can intelligently correlate disparate data points across the digital business, helping the security team investigate threats faster and more efficiently.
The Cyber AI Analyst conducts thorough investigations before surfacing anything to human security teams, allowing it to discard low-priority or benign events from the start, and presenting only a few high-priority incidents at any one time.
Cloud & SaaS Security
The large-scale journey to the cloud has fundamentally reshaped the digital business and the traditional paradigm of the network perimeter. Hybrid infrastructure and distributed workers are now a part of the furniture of an increasingly diverse digital estate, with multi-cloud practices introducing a new layer of complexity that most organizations are ill-equipped to address.
In the cloud, security teams not only struggle with a lack of visibility and control, but also diverse and incompatible defenses that often lead to overly relaxed permissions and simple mistakes. This traditional ‘stovepipe’ approach to security is rarely robust and unified enough to provide sufficient coverage, relying on static and siloed methods that fail to detect compromised credentials, insider threats, and critical misconfigurations.
Darktrace’s Cyber AI Platform fills these gaps with self-learning AI that understands ‘normal’ at every layer, dynamically analyzing the dispersed and unpredictable behaviors that show up in email, cloud, and the corporate network. This unified scope allows the system to spot subtle deviations indicative of a threat – from an unusual resource creation or open S3 bucket in AWS, to suspicious data movement in Salesforce, to a new inbox rule or strange login location in Microsoft 365.
Unlike policy-based controls, the immune system understands the human behind every trusted account in the cloud, providing a unified detection engine that can correlate the weak and subtle signals of an advanced attack.
Email remains one of the most dangerous attack vectors in the enterprise. By spoofing an email or hijacking a trusted account, cyber-criminals can trick users into wiring millions out of the business or triggering a ransomware attack with a single click. Yet despite email being the entry point for 94% of attacks, traditional security controls continue to fall short.
Whether native or third-party, traditional email controls work by analyzing emails in isolation and at a single point in time, correlating them against blacklists, signatures, and pre-definitions of bad. While this approach helps with spam and similarly indiscriminate ‘drive-by’ campaigns, it invariably fails to spot the weak indicators of a novel email attack.
By continuously learning the normal ‘pattern of life’ for every user and correspondent, Darktrace’s cyber AI understands the dynamic individual behind every alias. This enables the AI to spot subtle deviations that reveal even the most targeted attacks – before they can make an impact.
Powered by Darktrace’s world-leading, self-learning technology, Antigena Email can spot the full range of email attacks, including:
- Advanced spear phishing
- Social engineering and impersonation
- Supply chain account takeover
- Business Email Compromise (BEC)
- Internal account hijack
- External data loss
- Unknown malware and ransomware
Darktrace’s award-winning Threat Visualizer provides the perfect canvas for explaining and understanding security incidents in an intuitive way.
The graphical user interface displays the most important issues that you should be aware of, having auto-triaged potential events of concern and alerts. Investigation is fast and efficient, with better informed decision-making allowing any issues to be remediated at record speed.
The Threat Visualizer not only acts as a threat interface. It also provides your teams with total visibility of behavior in your digital infrastructure, including cloud services, SaaS, on-premise networks and email. This real-time visibility allows for on-demand investigations and proactive threat hunting, giving you confidence about the true status of your infrastructure at any one time.
Deep forensic investigations are also enabled, with a wealth of information, including rich metadata and event logs, that can be queried and exposed through a range of interactive features.
During threat investigations, the Threat Visualizer provides a visual storytelling backdrop that can be used as a canvas for explaining and understanding security incidents, alongside rich metadata and event logs for investigation.
By displaying events of interest in this way, and visually explaining them before, during, and after the incident occurred, Darktrace ensures that incidents and the context surrounding them are genuinely meaningful to executives and end-users alike.
Darktrace is compatible with all major cloud providers and SaaS applications, including AWS, Microsoft Azure, Salesforce and Office 365.
The technology easily integrates with SIEM dashboards and SOC environments, allowing security teams to adopt Darktrace without changing existing business processes.
Incidents can also be viewed via the Darktrace Mobile App, which allows security teams to easily assess incidents, with real-time push notifications and one-click confirmation of the cyber AI decision-making.