How can AI and Machine learning be used in cybersecurity, given the increasing threat landscape of autonomous attacks?
Darktrace Enterprise Immune system (EIS) is the leading AI defence tool employed by many marketplace leaders and charities such as BT, AXA and The Royal British Legion to name a few.
Today, we live in a world where we are going digital at an unprecedented pace. We see the digitisation of entertainment, business, products, and services, to meet our expectations of everything in an instant. These benefits and conveniences come with a risk to our personal information, data and assets.
In this new frontier, we see cybercriminals use AI to automate cyberattacks on a colossal scale. AI and machine learning are now being used to disguise cyber-attacks and find weaknesses quickly and effectively. In response, AI and machine learning are becoming imperative in bolstering cybersecurity and in the faster response to security breaches. Businesses must ensure their cybersecurity includes AI and machine learning if they are to shield their operations and assets from hacker attacks.
With the increasing threat of autonomous attacks, autonomous responses are needed. This is known as SOAR – security, orchestration, automation, and response. Here, AI-enabled interventions enhance threat intelligence and help cybersecurity analysts, that are currently overwhelmed, improve their efficiency and accuracy. The level of security is increased, and the threat of costly cybersecurity hacks decreased.
AI and machine learning can be used in cybersecurity for:
- Intrusion detection/prevention
- Malware detection
- Digital Fraud detection
- Risk scoring in the network of operational technology
- Machine and user behavioural analysis of the Internet of Things (IoT)
- Behavioural analytics
- Network security
- Phishing detection
- Vulnerability management
Who is Darktrace?
Darktrace is a Cyber AI Platform; it can provide autonomous response and threat visualization. Its expertise is used across various industries, including Government & Defence, Healthcare, Financial Services, and Energy and Utilities.
Darktrace was founded in 2013 by mathematicians from Cambridge University and US and UK government cyber intelligence experts. The company is recognised as a world leader in AI cybersecurity. Expertise in machine learning and mathematics combined with extensive experience in critical national assets defence are just some of the knowledge brought by the founding team members. Darktrace aims to empower organisations to protect their business systems from sophisticated cyber-threats.
The Enterprise Immune system, a Darktrace pioneering program, uses AI as part of cyber defence, a first in the industry. 2016 saw the launch of the first-ever autonomous response technology Darktrace Antigena. Able to respond in a precise way to in-progress attacks, the technology proved invaluable during the 2017 WannaCry ransomware attacks. The contributions of the innovative technology were recognised in the IT World Awards 2019. Darktrace Antigena was awarded Gold for the Milestone of the Year.
In 2017, Darktrace Industrial was officially launched. Dedicated to the industrial and SCADA networks, the division uses Darktrace AI to protect vital national infrastructure.
Darktrace has headquarters in both Cambridge UK and San Francisco in the US. The company has over 40 offices around the world, with more than 900 employees. It is a privately-owned company with investors, including Samsung Venture, Insight Venture Partners, KKR and Summit Partners.
Darktrace has become the world-leading experts in cybersecurity and has been recognised with multiple awards. Accolades include the 2019 Globee Awards Gold winner for Company of the Year in Security Software, Information Technology and Cyber Security, and Artificial Intelligence in AI industries.
What is Darktrace Enterprise Immune System?
The Darktrace Enterprise Immune System uses AI algorithms and proprietary machine learning. This self-learning cyber AI technology builds a “pattern of life” for every user, device, and network within an organisation, alerting IT professionals where compliance breaches and potential threats occur.
Modelled on the human immune system, the Darktrace Enterprise Immune System learns about the self, which is everything and everyone in the business. It will spot subtle changes and signals that advanced attacks make and tackles emerging threats in real-time. It does not rely on rules, prior assumptions, blacklists, and signatures giving it the power to respond and protect against never before seen cyber threats.
The Darktrace Enterprise Immune System operates unsupervised and observes users, workflows, cloud containers, and devices. The system learns what is healthy for business and creates a security solution that is unique and evolving, based on the digital environment of your business.
The Darktrace system is unique, stealthy, and sophisticated, detecting the cyber threats that other tools miss. It protects against ransomware and insider attacks at their earliest stages.
Cyber-threats can originate from anywhere. The Darktrace Enterprise Immune System oversees all of these environments include Office 365, Salesforce, AWS, Microsoft Azure, and SharePoint. Organisations enjoy a unified view across their whole digital estate, not just one piece of it.
Key features include quick installation in under one hour so it may begin to observe the data traversing the network. Once the initial learning period is done, Darktrace can be configured and tailored to your specific business needs. The system learns continuously, adapting to new evidence while detecting attacks and threats inside your network before they do damage.
What is Darktrace Antigena?
Cyberattacks are increasingly fast and severe, occurring in seconds and made more dangerous by the rapid expansion of digital. Darktrace Antigena is an enterprise-grade autonomous response technology that has been crafted to support security teams and tackle these problems.
The Darktrace Antigena technology works like a digital antibody. It first learns the usual routine of life for each member of your workforce and every business device. This provides a base for recognising threats, where actions stray from the norm.
If a threat is detected, then before the illness can grow, Darktrace Antigena contains the threat. It works by leveraging Darktrace’s multi-award winning AI, to automatically fight back against advanced attacks. This automatic response provides a critical time-window for human responders to catch up.
This self-learning technology runs at machine speed to stop the threat before it becomes a crisis. Intuitively, specific attacks do not need to be programmed in. Instead, Darktrace Antigena spots changes to the normal actions of users and devices and the relationships between them.
For example, a ransomware attack, that could infect dozens of computers in minutes, can be stopped within just two seconds. Darktrace Antigena can halt cyberattacks by excluding devices from the network; interrupting with TCP connection resets, and by slowing connection to a device. Essential for the operations, Darktrace Antigena does not disrupt the daily activities of the business.
The technology can operate across the enterprise to industrial networks, digital businesses, to cloud containers, SaaS applications, and email communications. This breadth of service allows Darktrace Antigena to refine its quality of decision making, as it continues to learn what is normal. It excels in comparison to pre-programmed response tools that tend to be isolated to one system or device.
The Darktrace Threat Visualiser and mobile app offer a graphical interface in real-time. The visualiser has been designed to cater to personnel with different levels of knowledge, from business executives to forensic experts and less experienced IT team members.
Does Darktrace provide cloud integration?
Cloud computing has seen a meteoric rise in use, and this increases the challenge for corporate security teams. With rapid expansion comes increases in workloads. Data on various digital systems expands the corporate infrastructure, which can lead to vulnerabilities.
Various forms of cloud technology may be unfamiliar to some security team members. Hybrid or multi-cloud systems cannot use traditional security tools for protection and require a specialised approach. Native security systems to the cloud technology can be useful for compliance, but they are limited. They may not detect new threats or advancing attacks early enough to protect the data.
With the Darktrace Cyber AI Platform, you get a cloud-native solution that protects across multiple applications. The system can protect both hybrid and multi-cloud setups along with all well-known SaaS systems. Darktrace can detect and respond to cloud-based attacks that other technology can miss. An enterprise-wide security system protects your business data from external attacks or malicious insiders. Our system protects everything across the board, including possible misconfigurations that may lead to future cloud-security issues.
Darktrace cloud security integration works seamlessly with SaaS applications. It allows all activity and user interactions to be carefully monitored in real-time, protection extends across the network, including remote locations. Increased confidence in security resilience of business data can lead to a secure digital transformation.
Darktrace delivers unparalleled full cloud integration security. Potential threats are identified and neutralised quickly. Using AI systems makes it possible to attain information on complex environments and catch threats early. Cloud computing offers an innovative way of increasing efficiency and collaboration. However, cloud data requires a new approach to security. AI technology is highly adaptive, and machine learning helps keep pace with the ever-changing threat to cloud security.
Do I need a SOC for Darktrace?
It can be common for companies to have a Security Operations Centre or SOC, but it’s not essential to have one to use Darktrace. The technology is innovative and uses AI technology to identify and neutralise any cyberthreats. While this is a natural complement to a SOC, it can be used independently.
The ability to protect critical data and digital infrastructures has seen unprecedented advances thanks to AI technology. Some solutions offer protection against identified and conventional threats, but AI can detect new and advancing possible issues. By anticipating risks and identifying them faster than humanly possible, Darktrace Cyber AI responds to issues before they escalate.
Advanced machine learning can familiarise itself with the complexities of your company. Data and business activity is monitored continuously and protected. Making billions of probability-based calculations as data evolves, makes AI the solution to changing threats. The system can see previously undiscovered patterns and detect deviations from the typical business data pattern. Cyberthreats are evolving to include AI, and only an AI-based security solution will be able to respond with the required speed and precision.
Darktrace AI learns everything about your business from scratch and can develop a highly evolved understanding of corporate systems and activity. With the Cyber AI Analyst, the system conducts complete investigations and discards low-priority or harmless events. The Analyst will only forward high-priority incidents to the required personnel.
Darktrace is compatible with all major SaaS applications and cloud providers. Easily integrated into your SIEM dashboards, you don’t need a dedicated SOC to benefit from this technology. The AI data will work seamlessly with your current security information and event management systems. Darktrace AI Cyber can be used independently to protect your business data, whether you have a SOC or not.
Who in my team would be using Darktrace?
The pioneering technologies provided by Darktrace are designed to complement and support your security operations team and your IT team. The ever-evolving world of cyberthreats can be challenging, and Darktrace will keep pace. Using unsupervised machine learning, the Cyber AI platform keeps up with the transforming threat landscape. For smaller IT and Security teams, the technology takes the strain.
Today’s threats are ever-changing and strike fast. Security personnel can become overwhelmed as a threat takes over data centres. Darktrace Antigena Autonomous Response can calculate the best action to take in quick time. Effectively responding to a cyber-attack is vital, Autonomous Response does this. As a first of its kind technology, it allows your technical team to focus on other tasks.
Threat Visualizer is an award-winning system from Darktrace and complements your existing security measures perfectly. The team will be able to see events and have visuals explaining behaviour around the incident. Essential information and the full visibility of company systems allows your team to plan effectively.
Darktrace technology can be integrated into all major cloud providers and existing company systems. Your security operations centre, or IT team will be able to adopt Darktrace policies quickly. Security teams can see real-time push notifications of incidents on the mobile app too.
What is the Darktrace Education service
Get the best value from Darktrace solutions with the Darktrace Education service. Training will help the security team quickly learn how to use the systems fully. Accelerating the knowledge and understanding of the users will enhance user adoption. A global team of trainers is on hand to provide the best learning experience for your organisation.
Training is available in various formats with an online training schedule, private training, and on-site instruction. Instructional videos will complement the training further with unlimited access to a variety of videos. Using a modular approach, the highly-experienced instructors help the professionals focus on specific topics and reinforce their learning.
What new features will be in V4
Enterprise Immune System V4 includes a Cyber AI Analyst system to aid your technical team in preventing and investigating security incidents. The software is offered on a SaaS subscription and delivers security for networks, IoT, cloud, and email.
V4 will automate threat investigations at scale and speed, dramatically lowering the time to meaning, in terms of understanding the root cause and nature of security incidents. By combining information from multiple devices and triggered model breaches, the Cyber AI Analyst will summarise potential malicious activity in your network to aid investigations, essentially operating as your very own Security Analyst.
The new features include:
- Cyber AI Analyst
- Native cloud and container support
- Enhanced executive reporting.
- In total, there are 70 new enhancements or features.
Vital cloud security improvements include new AWS VPC Traffic Mirroring and Azure vTAP support, support for SharePoint, OneDrive, and coverage of multiple Office 365 domains, and support for modelling containerised systems (Docker & Kubernetes).
Further new features in V4 include enhanced executive reporting with new features and metrics, Antigena control and flexibility from Enterprise Immune System across cloud, email and network, and a new Darktrace App for ServiceNow, that creates custom entries in ServiceNow for each incident. There are also mobile app improvements, including real-time push notifications, more straightforward configuration, and new Cyber AI Analysts outputs.
In V4, the Cyber AI Analyst introduces several key benefits. V4 allows businesses to harness the expertise of top analysts and augment human teams, with V4 investigating threats detected through the Enterprise Immune System. This will enable companies to buy back time so that organizations can focus on mitigating risk and spend time on more strategic work.
What is the future of cybersecurity and AI?
Cybercrime is a threat to any organisation of any size, regardless of its global reach. This includes governments and educational institutions, as well as small and large businesses. Cybercriminals are using AI to find vulnerabilities and instigate attacks. Hence, artificial intelligence and companies like Darktrace must be at the forefront of cybersecurity, when it comes to protecting businesses and people’s computers, networks, and data.
For data and system’s defence, AI excels because it continually learns, and it never forgets however it adapts to create a better understanding of a threat for further prevention. AI can predict, detect, and create a rapid response to cyberthreats at speeds that humans simply cannot.
Under today’s online security model, firewalls require human intervention. Human’s configure and set the firewall policies, schedule backups, and check that they are performing correctly, which creates scope for security failings.
It is likely that passwords, which are a weak entryway into a computer network, will be superseded by AI. For attack detection, AI will track every user of an organisation. It will follow their roles and tasks, monitor their actions and privileges, and spot any changes in these. When a deviation is detected, AI will flag them and create a barrier with the second form of authentication, which will likely be a biometric check such as a fingerprint or facial recognition.
At the cutting edge of cybersecurity, we are beginning to see smart cybersecurity tools that can handle the lion’s share of event monitoring and breach response. The next generation of firewall software and hardware will employ machine learning and AI. These AI future generation tools can recognise patterns in web requests, determine if they are a threat, and automatically block them.