Darktrace integrates with Zscaler, Okta, Duo Security to enhance zero trust with its detection, autonomous response capabilities

Cybersecurity AI company Darktrace has joined with Zscaler, Okta, and Duo Security to extend its detection and autonomous response capabilities to zero trust technologies. These API integrations will allow organizations to accelerate their adoption of zero trust architecture by feeding data into Darktrace’s Self-Learning AI engine to identify and neutralize anomalous behaviors.

The Self-Learning AI enables autonomous response, a technology that takes targeted action to interrupt cyber-threats in seconds.

Zero trust solutions are very well-suited for protecting IT and OT systems, Dan Fein, vice president of product at Darktrace, told Industrial Cyber. “With increasing IT/OT convergence in industrial environments, the addition of this coverage area helps Darktrace protect customers in essential industries across both IT and OT environments, preventing the spread of IT breaches to industrial systems,” Fein added. 

According to Fein, zero trust integrations broaden the scope of the activity that Darktrace can detect and respond to across entire organizations, including those operating critical national infrastructure. “Integrations offer additional critical visibility for Darktrace to protect existing coverage areas, including industrial control systems, OT, and IoT environments,” he added.

“Customers can complete deployment in just a few clicks,” Fein said. “Many of Darktrace’s detection and response capabilities like Zero Trust, SaaS, Email, and Endpoint (to name a few) can be deployed directly in the cloud and are ready to go for customers within minutes. Darktrace currently has over 6,500 customers, and many are already deploying this technology with integrations,” he added.

The shift to remote and hybrid work has increased the attack surface for organizations and underscores the importance of securing the identity of each user, Max Heinemeyer, vice president of cyber innovation at Darktrace, said in a company statement. “Although traditional zero trust policies minimize risk, and zero trust architectures reduce the overall attack surface, organizations need to assume attackers will still inevitably breach their perimeter defenses, including identity controls,” he added.

Explaining how long it will take Darktrace’s Self-Learning AI engine to identify and neutralize anomalous behavior, Fein said that once Darktrace has a contextual understanding of an organization, it will analyze data in real-time and can neutralize suspicious events immediately. “In terms of time to deployment and data collection, Darktrace deployments are entirely flexible to customer needs, whether in the cloud, on-prem, or hybrid,” he added.

“Typically, Darktrace’s AI takes about a week to learn the normal day-to-day activities of an environment, but it continues to learn on the job as less frequent events occur and patterns of life evolve,” according to Fein. “Customers with existing Darktrace deployments benefit from an existing understanding of their organization when adding a further coverage area; this contextual basis accelerates the time to identify anomalous behavior and trigger autonomous responses.”

Darktrace’s AI responds whenever something outside its understanding of ‘normal’ happens – even to unknown threats like zero-day vulnerabilities, Fein said. “With this capability, Darktrace’s Self-Learning AI catches in-progress cyber-attacks that have evaded existing defenses and are already inside a business every day. In fact, Darktrace responds to a threat somewhere in the world every three seconds,” he added. 

Fein also notes that in 77 percent of trials, Darktrace finds a severe threat that other tools missed. “Darktrace’s Autonomous Response is machine-speed, meaning Darktrace quarantines devices immediately until the customer has triaged and remediated. This quarantine exists until the human can be brought into the loop and based on the severity of the threat,” he added.

Apart from tracking anomalous behavior, Fein said that “log events are made visible within the Darktrace user interface even when no anomalous behavior is detected. This visibility enables more context and deeper understanding for both human- and machine-run investigations.” 

“The initial integration focuses on detection and response, though we have a great working relationship with Zscaler and are exploring further opportunities to drive more value with the data available,” Fein added.

When deployed with Zscaler, the scope of activity visible to Darktrace widens, and its AI technologies can analyze, contextualize, and act when necessary. For example, upon detecting unusual behavior, Darktrace’s Autonomous Response can directly take appropriate action via the Zscaler API, ranging from actions as granular and surgical as blocking connections between two endpoints to a complete termination of all device-specific activity.

“While Zscaler’s Zero Trust Exchange reduces the attack surface and enforces cyber security policies, the integration with Darktrace AI behavioral detection and response allows customers to correlate Zscaler telemetry with data from across the enterprise to improve threat response further,” Amit Raikar, vice president, business development and technology alliances at Zscaler, said in the media statement.

“Data ingestion across our various areas of coverage varies from raw emails and network traffic to account-based events, like in cloud collaboration tools or cloud providers,” according to Fein. “In the case of these integrations with Okta and Duo, Darktrace ingests admin and user events, such as logins, modifications to groups and users, changes to apps and app approvals, and admin actions, to detect and respond to anomalous activity,” he added.

Earlier this week, the U.S. government released its ‘Fiscal Year 2023 President’s Budget’ that funds a strategic shift in defense of federal infrastructure and service delivery. The Budget provides investments across federal agencies that align them to foundational cybersecurity practices and priorities as outlined in U.S. President Joe Biden’s Executive Order 14028, ‘Improving the Nation’s Cybersecurity.’ This includes funding to facilitate the ongoing transition to a ‘zero trust’ approach, which would enable agencies to more rapidly detect, isolate, and respond to cyber threats.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.