Today, remote working and virtual collaboration have become the new normal. Businesses are accelerating digital transformation projects and adopting cloud services faster than ever before. But these changes are also increasingly exploited by cyber-criminals and in recent years, an onslaught of new cyber-attacks and advanced tactics have threatened organisations across the globe.
In fact, most cyber security decision-makers foresee the weaponisation of artificial intelligence by malicious actors modifying their tactics to circumvent traditional security tools. In an impending era of offensive AI, various forms of machine learning will supercharge attacks, resulting in unpredictable, contextualised, and stealthier assaults that can quickly cripple organisations.
According to a recent Forrester report The Emergence of Offensive AI, 88% of cyber security professionals anticipate AI-driven attacks to become mainstream. To fight back, businesses need to embrace new technology that can keep pace with changing digital environments and evolving attacker techniques. To do this, thousands of organisations now use cyber security AI at the heart of their defence strategy.
A Digital Immune System
Darktrace is the world leader in AI for cyber defence. With over 4,500 customers across 110 countries – from Fortune 500 companies, to smart cities, universities & non-profits – Darktrace is helping organisations across the world defend their systems, data, and workforces from cyber-attacks.
Darktrace Cyber AI is based on a combination of unsupervised and supervised machine learning, and is deployed inside an organisation to learn its unique DNA – what is normal and what is abnormal for its employees, devices, and networks. Like an immune system, it is constantly learning, building an understanding of ‘self’ for the organisation, which enables it to distinguish between genuinely threatening activity, and unusual but benign behaviours.
Unlike legacy tools that are limited to identifying only previously-known attack types, Darktrace’s AI uncovers the novel and highly subtle malicious behaviours that might be lurking in any corner of a company’s digital environment – from cloud and SaaS applications, email, industrial systems, endpoints and the traditional corporate network.
The Machine Fights Back: Autonomous Response
Today’s cyber-attacks are not just advanced, but they also move quickly and security teams often find themselves outpaced by threats such as ransomware, which spread at computer speed. And as AI is beginning to be employed by attackers too, it is critical to contain any outbreak of malicious activity in the seconds that count. In fact, 77% of cyber security professionals expect attacks to become increasingly faster and stealthier and 83% believe that AI-augmentation is now necessary for cyber defence.
To fight back in a quickly evolving cyber-threat landscape, Darktrace created a new category of security technology, called Autonomous Response, when it launched Darktrace Antigena in 2016. Powered by AI, Autonomous Response technology allows the digital immune system to mount a response to a fast-moving cyber-attack, by precisely shutting down malicious activity whilst allowing normal business activity to continue.
The speed and precision of its response has made Darktrace Antigena an essential ally for security teams who require active protection when they aren’t in the office or when they are faced with a fast-spreading attack. The technology is relied on by thousands of customers worldwide, responding to a cyber-threat somewhere in the world every 3 seconds.
Darktrace Antigena operates across the entirety of the digital estate, from cloud and SaaS applications to defending against attacks on the inbox with Antigena Email.
‘Antigena can autonomously and precisely contain in-progress attacks. Darktrace is fundamentally transforming how we defend our systems.’ – Shane Silcox, Information Systems Manager
Watch our video
Mimicking Human Thought Processes: The Cyber AI Analyst
Darktrace’s machine learning has even gone one step further, and created a capability that leverages machine learning to mimic higher-level thought processes. Darktrace’s Cyber AI Analyst automates human analyst investigation processes by combining the expertise of world-class analysts with the speed and scale of AI.
Having learned from an ever-growing data set that captures the various ways that Darktrace’s world-class analysts respond to alerts detected by the Enterprise Immune System, Cyber AI Analyst is able to replicate expert investigations. The technology stitches together multiple threat alerts and indicators, developing a meaningful understanding of incidents at machine-speed.
Cyber AI Analyst can adapt to new and unique situations on the fly, automating thoughtful tasks rather than pre-defined playbooks or encoded human knowledge. The capability empowers the security team to spend less time trawling through alerts and more time prioritising strategic work – from focused incident response and threat hunting, through to security modernisation and risk mitigation across the business.
The technology automates investigations of security events, wherever malicious behavior occurs – whether in a SaaS application or within an industrial environment.
Threat Find: Zero-Day Ransomware Attack Neutralized
Darktrace’s AI was implemented across a logistics organization which was hit by ransomware. The attack began spreading rapidly and encrypting files at an astonishing pace, but within seconds, Darktrace autonomously stepped in to contain the threat. Crucially, this strain of ransomware was not associated with any publicly known indicators of compromise such as blacklisted command & control domains or malware file hashes.
Darktrace was able to detect this never-before-seen attack based purely on its comprehensive understanding of the normal ‘pattern of life’ for every device and user within the organization. With Autonomous Response acting decisively and immediately, the security team had enough time to catch up and perform hands-on incident response work.
Threat Find: Supply Chain Attack Leads to Account Takeover
When a logistics company decided to trial Antigena Email, Darktrace’s AI immediately detected that the company was under sustained attack from a cyber-criminal who had already performed account hijacks on a number of their trusted suppliers and partners. The attacker had sent out several tailored emails from these third-party accounts to the logistics company – threats slipped through the email gateway in place at the time.
Antigena Email was being trialled in passive mode, so the attack was not stopped in its initial phases. One of the Australian company’s employees clicked on a malicious link contained in these hijacked emails which led them to a fake Microsoft login page for credential harvesting. Three hours later, an anomalous SaaS login was detected on the corporate account from an IP address not seen across the business before. Shortly afterwards, Darktrace detected an anonymous sharing link being created for a password file.
The following day, the attacker sent out further malicious emails from this account to trusted business associates using the same methodology as before – sending fake and targeted RFPs in an attempt to compromise credentials. Darktrace’s SaaS module identified this anomalous behaviour, graphically revealing that the attacker had sent more than 1,600 tailored emails over the course of 25 minutes.
The Managed Security Service Provider (MSSP) running their cloud security was completely unaware of the account takeover. However, with Darktrace’s SaaS module working alongside Antigena Email, Cyber AI gave the security team full visibility of the account takeover. This incident caused the organisation to deploy Antigena Email in active mode, which now stops even the most subtle and targeted threats that attempt to enter through the inbox.
To learn more about Darktrace, please visit www.darktrace.com