News
Vendors

Darktrace introduces ActiveAI security platform to boost security operations, cyber resilience

April 09, 2024
Darktrace HEAL delivers AI-enabled capabilities to transform incident response, readiness, recovery

Cybersecurity AI firm Darktrace introduced on Tuesday the Darktrace ActiveAI Security Platform which includes the company’s existing security products supplemented by a set of innovations and features, including for email and operational technology (OT). The platform uses AI to transform security operations from reactive to proactive and improve cyber resilience. 

New features in the Darktrace ActiveAI Security Platform are expected to be available in the early calendar second quarter of this year. 

To uplift human security analysts, the platform identifies weaknesses in security controls and processes before they are exploited, detects and responds to unknown, known, and novel threats, and automates the investigation of every alert to completion to reduce the manual triage process. Core to the platform is the ability to visualize, correlate, and investigate security incidents across cloud, email, network, endpoint, identity, and OT, as well as third-party tools and applications. 

The Darktrace ActiveAI Security Platform helps organizations transform their security operations from a focus on reactive threat detection to proactive cyber resilience. The platform includes Darktrace’s core detection and autonomous response capabilities with pre-breach prevention, attack simulation, and recovery capabilities in a single, holistic solution with a common AI architecture. The platform enables teams to visualize and correlate events across a broad set of domains including cloud, email, endpoint, identity, network, and OT environments. 

The platform is built on Darktrace’s Self-Learning AI engine, which directly applies multiple types of Al to the data of each business so that it can continuously learn from its unique digital environment to understand what is normal and what is not. Darktrace’s AI detects known, unknown, and novel threats in real time and provides an autonomous response that contains active threats without disrupting business operations. 

“Security teams are reaching a breaking point, forced into a reactive state by too many alerts, too little time, and a fragmented security stack,” said Max Heinemeyer, chief product officer at Darktrace. “Building on a decade of experience applying AI to transform security operations for thousands of customers, the Darktrace ActiveAI Security Platform takes a unique approach from the rest of the industry. It correlates incidents across the digital environment and automates investigations to uplift security teams and free them from the manual, time-intensive alert triage process so they can focus their time on building proactive cyber resilience.”

Darktrace Cyber AI Analyst will now reveal the results of its investigations for every security alert, rather than just those escalated to an incident. This helps security analysts understand how the AI reached its conclusion that escalation wasn’t required. Cyber AI Analyst also can now be customized to perform investigations that are tailored to each business’s unique needs. 

Cyber AI Analyst was first introduced in 2019 and uses AI trained to mirror how human security analysts conduct investigations. Unique in the industry, it automatically investigates every alert to completion and identifies precise response actions that can be taken autonomously to contain threats. Rather than security teams triaging a small portion of alerts, Cyber AI Analyst triages all of them. This helps to reduce alert fatigue and free up time for security teams, who can instead focus on proactively hardening their security controls and refining incident handling procedures.

The platform will include new integrations with third-party network solutions to provide decrypted traffic feeds and decryption keys. It will also include native decryption for Microsoft Windows and Apple Mac applications, including internet browsers.

Darktrace PREVENT/End-to-End provides pre-breach preparation, and now includes the ability to analyze firewall rules, allowing it to provide a more comprehensive view of potential unauthorized traversal points or attack paths within IT, OT, or in between, identifying risks in configuration and pre-empt threats.

Additionally, Darktrace will release enhancements to its email and OT security solutions, which can be purchased as stand-alone products based on each organization’s unique project needs. 

Darktrace/OT will include new capabilities that go beyond traditional Common Vulnerability and Exposure (CVE) scoring to help organizations identify, prioritize, mitigate, and continuously review the risks and potential attack paths that are specific to their OT infrastructure. 

In addition to identifying and prioritizing risks more effectively, Darktrace/OT can now evaluate each business’s defenses against the tactics of Advanced Persistent Threat (APT) Groups. Darktrace/OT maps MITRE techniques and known threat groups’ tools, tactics, and procedures (TTPs) against unique attack paths identified within the business.

Industrial Cyber News Desk
Industrial Cyber News Desk

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Claroty’s Team82 details exploitation of classic deserialization vulnerability in Siemens EnMPro line
Claroty’s Team82 details exploitation of classic deserialization vulnerability in Siemens EnMPro line
Microsoft debuts ICSpector framework to enable examining information and configurations of industrial PLCs
Microsoft debuts ICSpector framework to enable examining information and configurations of industrial PLCs
TXOne’s Portable Security Pro works towards improving security in ICS environments
TXOne Networks presents SageOne, its new CPS protection platform
Critical Start
Critical Start introduces managed detection and response services for OT environments
Shift5
Shift5 debuts GPS integrity module to combat GPS spoofing risks
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
MITRE's CREF Navigator aligns with DoD's CMMC to boost cyber resilience in defense industrial base
MITRE’s CREF Navigator aligns with DoD’s CMMC to boost cyber resilience in defense industrial base
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates