New Darktrace PREVENT/OT will use AI to ‘pre-empt’ cyber attacks on critical infrastructure

Cybersecurity AI firm Darktrace announced Thursday the availability of its Darktrace PREVENT/OT product that identifies the paths adversaries may take to attempt to disrupt the operations of critical infrastructure. The approach deploys AI (artificial intelligence) to ‘think like an attacker’ to visualize pathways within IT and OT (operational technology) infrastructures that lead to critical infrastructure assets, empowering defenders to harden environments and stay steps ahead of the adversary.

The company said that Darktrace PREVENT/OT product, part of the Darktrace/OT product line, protects complex industrial environments against known and unknown attacks, using self-learning AI to discover and identify assets and detect subtle deviations that point to a cyber threat. 

The line prioritizes threats, and hardens defenses, while also reducing risks both inside the organization and outside at the attack surface. Organizations can proactively prevent cyber-attacks before they occur while identifying and prioritizing high-value targets and pathways to secure vital internal systems and assets.

Darktrace PREVENT/ASM uses AI to understand what ‘makes an external asset yours,’ searching beyond known servers, networks, and IPs, typically surfacing 30 to 50 percent more assets than an organization realizes it has. It also provides a high-level overview of the evolution of your attack surface and associated risks and presents trends on key metrics, such as the type of risks found and their criticality for prioritization. Darktrace PREVENT also communicates findings to Darktrace/DETECT + RESPOND to harden protections around critical chokepoints.

Initially launched in 2015, Darktrace/OT DETECT and RESPOND is currently used by hundreds of critical infrastructure companies in utilities including electric, water, oil & gas, maritime, and transportation.

“In one of our early adopters, Darktrace AI found a complete viable attack path from a public email account to a deeply protected and active production PLC (Programmable Logic Controller): a vital component of all Industrial Control Systems,” Jeffrey Macre, industrial security solutions architect at Darktrace, said in a media statement. “The organization was not aware this long, but complete path spanning both IT and OT systems existed. Some steps were not simple to exploit, but fundamentally a committed attacker could have followed this path and could have manipulated the controller logic, sound alarms, or even worse start and stop processes impacting the operation of the entire facility.”

Macre added that “we are incredibly proud to support the many critical infrastructure organizations that we do today and are excited to deliver this new capability to prevent the worst-case attacks before they can happen. We are seeing great interest from customers in these capabilities.”

Darktrace has signed several new deals with critical infrastructure organizations across the globe in the last three months including new customers, renewals, and expanded contracts within the critical infrastructure industry. These deals underscore a paradigm shift occurring around the globe that sees governments putting in place new mandates and rules requiring more robust cyber protections in critical industries, including healthcare, financial services, energy, and chemicals.

Last month, Darktrace released three new cyber-threat trend reports revealing 2022 attack data observed in industry reports pertaining to the energy, healthcare, and retail sectors respectively. It disclosed a spike in crypto-mining attacks targeting energy providers, a surge in credential theft affecting retailers, and an increase in data exfiltration attacks on healthcare providers.

Darktrace had in April last year joined with Zscaler, Okta, and Duo Security to extend its detection and autonomous response capabilities to zero trust technologies. These API integrations will allow organizations to accelerate their adoption of zero trust architecture by feeding data into Darktrace’s Self-Learning AI engine to identify and neutralize anomalous behaviors. The Self-Learning AI enables autonomous response, a technology that takes targeted action to interrupt cyber threats in seconds.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.