In today’s world, security has become an indispensable factor for any organization. We all are evidence of various tumultuous 2020 cyber incidents like the deadly attack at Capitol Hill, SolarWinds Attacks and Ryuk ransomware attacks, and many more. Most of the companies have already adopted cyber-security strategies. However, no one can guarantee full security. Today, our personal and business affairs have shifted to the digital business, which has allured hackers. It has become very challenging for a business to avoid human-centric attack surface, especially social engineering.
As most of the hackers these days are turning to Artificial Intelligence (AI) attacks, organizations are also using AI defense against cybercrime. Darktrace (DT) Immune System has resembled the new frontier in digital security. It uses self-learning AI to automatically learn from the real-time network traffic, write rules based on their historical attacks, study the system behavior, analyses data, and detect anomalies or unnoticed threats in the enterprise. By learning normal “patterns of life” across entire Darktrace users, DT’s Immune system keeps an organization away from trending threats like Ransomware; Supply Chain/Vendor Management; Cloud Migration & Management; Social Engineering; and Privacy Regulation/Data Collection. Therefore, it studies the behavior and makes micro-decisions in seconds reducing the chances of cyber risk. The good news is Darktrace launched Version 5 of its Darktrace Immune System that has upgraded in three existing AI Augmentation, Workforce Coverage, and Interoperability areas.
Let’s Dig into the Darktrace New Version 5
Reinventing cybersecurity with Artificial intelligence has gain bolster in every organization these days. However, the risks and complexity have always challenged the security teams. It is very crucial for constant augmentation and enhancement of AI.
Cyber AI Analyst: Extending AI Investigation
Cyber Analyst provides enormous benefits of investigating autonomous security events detected 24/7, delivering expert analysis of all types of cyber threats that’s impossible to detect and respond with predefined rules/strategies, presenting a narrative and swift summary of incident reports that can be actioned by non-technical users, reducing triage time by 92%. Cyber AI Analyst gets the ‘lead’ for the investigation as soon as any security stack detects an abnormality. Therefore, through the lead, a Cyber AI Analyst gets into the root cause of security incidents that includes data query, analyzing supervised learning dataset accumulated over the past four years, and thinking beyond established playbooks. The analyst team detects threats by searching for ‘Bad’, learning from ‘Normal’, and applying ‘AI Investigation’.
Hence, investigating like human experts, Cyber AI analysts can generate hypotheses and form conclusions at a higher speed than humans. So, instead of thinking like a machine, Cyber AI analysts inspect like a human in every detected threat detail and correlate patterns across all the digital ecosystems. With new version 5, Cyber AI Analyst can accumulate third-party alerts to investigate, can investigate the users and devices as and when required, can have autonomous feeding of AI-generated Incident Reports to SIEM/SOAR, Ticketing/Workflow, or any security stack system.
Darktrace Antigena: Extending Autonomous Response to SaaS Applications
Darktrace Antigena learns about user behaviors, their patterns of life, understands the human behind email interactions. Hence, this product determines the normal and abnormal behavior for every user profile and provides Autonomous Response alerting Enterprise Immune System and Cyber analyst. The new version 5 enables Antigena to counteract the attacks in SaaS services especially the email platforms, Zoom, Teams, cloud file storage applications. Email is the source of 94% of cyber-attacks that can result in spear phishing, Business Email Compromise, social engineering, and domain spoofing. Consequently, Antigena defends autonomously against abnormal users, insider threat, unauthorized privileged escalation, compromised SaaS, and many more.
Every organization is evolving every day. The company aims to keep everyone connected all the time especially when they are remote workers or are in multiple locations. Even though a dynamic workforce provides adjustability and agility, it still requires many security handlings in many factors like sharing of information, data sync, distance communication networks, online tools for human interactions, frequent updates, and setups.
Client Sensors: Extending Network Visibility to the Disconnected Endpoint
Client sensors provide span sessions of all the suspicious activities of the dynamic workforce on and off the VPN. The sensors capture the traffic, processes the data, and feeds it to a central Darktrace cloud or on-premises devices for analysis. Hence, the new version allows the deployment of lightweight Client Sensors on a range of managed endpoints that are configured to capture and send copies of cloud traffic to central Darktrace. Hence, censors will allow to analyze the real-time traffic of remote workers, identify and defend possible malware as well as give an insight into workforce behavior developed in a remote environment.
Cloud, SaaS & Zero Trust: Extending Coverage of Workforce Behavior
We all know that SaaS services and cloud have become very popular due to their scalability, security, and affordability. The Darktrace extended coverage for Cloud, SaaS & Zero Trust protects against data theft and insider threats through SaaS-specific AI models and Cloud Console, extensions of Autonomous Response through Antigena email, and Cyber AI Analyst investigations through workforce and security stack. Also, Darktrace can capture container traffic in Docker and Kubernetes. Darktrace interacts with the security APIs of the SaaS solutions, analyzes the login details, data access events, and correlating them with ‘patterns of life in the entire organizations. The new version enhances the dynamic workforces by integrating with Okta adaptive multifactor authentication and zero-trust solutions.
Unified Interfaces, One-Click Integrations, and Flexible Delivery
Version 5 has introduced the new intuitive and easy-to-use interfaces that include a dedicated SaaS console and OT Engineer Dashboard. The interfaces are unified together to display an optimized overview of security events and make the investigation process easy.
Another functionality is easy deployment through one-click integrations. Darktrace integrates with other tools via open architectures. With one-click integrations and custom templates, the platform can ingest new forms of telemetry, share bespoke AI insights across established workflows as well as extends coverage immediately to new cloud services. It also includes delivering Autonomous Response across email systems, inline defenses, and collaboration platforms.
Version 5 makes sure that customers have a good deployment experience with dark trace’s products. This new version mainly provides flexibility in providing 100% cloud-hosted deployments, with AWS Marketplace.