News
Vendors

Darktrace HEAL delivers AI-enabled capabilities to transform incident response, readiness, recovery

July 26, 2023
Darktrace HEAL delivers AI-enabled capabilities to transform incident response, readiness, recovery

Cybersecurity AI firm Darktrace announced Wednesday the launch of Darktrace HEAL, its AI-enabled product to help businesses prepare for, rapidly remediate, and recover from cyber-attacks. HEAL provides security teams with unique abilities to simulate real attacks within their own environments, create bespoke incident response plans as cyber incidents unfold, and automate actions to rapidly respond to and recover from those incidents.

Managing emerging cyber-attacks presents an enormous challenge for security teams who must make decisions quickly in the heat of the attack based on potentially hundreds of changing and uncertain data points and factors. 

“At Darktrace, we build technology by looking at where AI can be the most valuable in augmenting the people in a security team and how it can have the most positive impact on their work,” Jack Stockdale, chief technology officer at Darktrace, said in a media statement. “With HEAL, we’ve turned our attention to cyber resilience. We’re upskilling teams and reducing the overload analysts face during an attack, to help them recover and get back to business faster and more effectively.

HEAL leverages Darktrace’s Self-Learning AI to give security teams new abilities designed to build cyber resilience and help them more easily and confidently address live incidents. With HEAL, security teams can:

  • Simulate real-world cyber incidents, allowing teams to prepare for and practice their response to complex attacks on their own environments.
  • Create bespoke, AI (artificial intelligence)-generated playbooks as an attack unfolds based on the details of their environment, the attack, and lessons learned from their previous simulations. This reduces information overload, prioritizes actions, and enables faster decision-making at critical moments.
  • Automate actions from the response plan to rapidly stop and recover from the attack within the HEAL interface.
  • Create a full incident report, including an audit trail of the incident response with details of the attack, actions HEAL suggested, and actions taken by the security team for future learning and to support compliance efforts.

HEAL’s simulated incidents are a ‘first-of-its-kind’ capability for security teams to safely run live simulations of real-world cyber-attacks ranging from data theft and ransomware encryption, to rapid worm propagation, all in their own environments and involving their own assets. Security teams are expected to flawlessly manage incident response in the face of a live, rapidly unfolding, often novel attack, usually without any realistic practice. 

HEAL enables teams to get real-world experience managing attacks as they would happen to the business and regularly practice these procedures to help fine tune their responses. That means teams aren’t running their incident response for the first time in the face of a real, live attack.

When a live incident does occur, HEAL will use insights from Darktrace DETECT to create a picture of the attack and a bespoke, AI-generated, response playbook, built from Darktrace’s knowledge of the incident, the business’s environment, and lessons learned from the security team’s previous simulations. 

HEAL recommends the priority order for remediation actions based on factors like further damage the compromised asset can cause, how much the attack is relying on that asset as a pivot or entry point, and its importance to the business. Consequently, security teams can adapt their defenses as an incident evolves, enabling them to end it more rapidly and with less overall disruption.

HEAL further enables security teams to quickly and efficiently manage and recover from live incidents by integrating with a variety of tools in a business’s wider security stack to automate actions. Within HEAL’s live playbooks, teams can activate and manage authorized tools from across their environment, from a single interface with a click of a button. At launch, HEAL will integrate with Microsoft Defender for Endpoint, Intune, Microsoft 365, Veeam, and Acronis.

HEAL provides security teams with automated incident reports during and after an attack, giving teams valuable time back that is normally spent writing detailed updates. The reports provide analysis of the attacker and security team actions, decisions, containment, and recovery information to keep stakeholders updated as an event unfolds. After an attack, this can offer essential compliance information to third parties such as forensics teams, insurance providers, and legal teams and can be used to assist with reviews and learning lessons from the attack and the response.

HEAL works with DETECT and Darktrace PREVENT to build a live picture of the environment and attack, and integrates with Darktrace RESPOND to prioritize, isolate, and heal key assets to cut off and shorten attacks. Its introduction closes Darktrace’s Cyber AI Loop, bringing together DETECT, PREVENT, RESPOND, and HEAL into a single platform in which each element draws insights from and continuously reinforces the others to create a best-in-class cyber defense.

Earlier this year, Darktrace announced the availability of its Darktrace PREVENT/OT product that identifies the paths adversaries may take to attempt to disrupt the operations of critical infrastructure. The approach deploys AI to ‘think like an attacker’ to visualize pathways within IT and OT (operational technology) infrastructures that lead to critical infrastructure assets, empowering defenders to harden environments and stay steps ahead of the adversary.

Industrial Cyber News Desk
Industrial Cyber News Desk

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Building a Culture of Cyber Resilience in Manufacturing (WEF)
WEF playbook addresses cyber resilience in manufacturing and supply chains, provides three guiding principles
DOE, EPA support NSM-22 focused on critical infrastructure security and resilience
DOE, EPA support NSM-22 focused on critical infrastructure security and resilience
White House releases National Security Memorandum on critical infrastructure security and resilience
White House releases National Security Memorandum on critical infrastructure security and resilience
US DHS delivers safety and security guidelines to secure critical infrastructure from AI-related threats
US DHS delivers safety and security guidelines to secure critical infrastructure from AI-related threats
Xage’s Zero Trust Session Collaboration tool delivers remote access, collaboration across industrial frameworks
Xage announces AI-powered analytics and insight capabilities to boost zero trust access and protection
US DHS establishes AI Safety and Security Board to advise on safe deployment in critical infrastructure
US DHS establishes AI Safety and Security Board to advise on safe deployment in critical infrastructure
AI for Energy - Opportunities for a Modern Grid and Clean Energy Economy (DoE)
US DOE rolls out initial assessment report on AI benefits and risks for critical energy infrastructure
Honeywell’s 2024 USB Threat Report reveals significant rise in malware frequency, highlighting growing concerns
Honeywell’s 2024 USB Threat Report reveals significant rise in malware frequency, highlighting growing concerns
Claroty’s Team82 details exploitation of classic deserialization vulnerability in Siemens EnMPro line
Claroty’s Team82 details exploitation of classic deserialization vulnerability in Siemens EnMPro line
Microsoft debuts ICSpector framework to enable examining information and configurations of industrial PLCs
Microsoft debuts ICSpector framework to enable examining information and configurations of industrial PLCs