The IT Nerd

Darktrace today announces the launch of Darktrace HEAL™, its AI-enabled product to help businesses more effectively prepare for, rapidly remediate, and recover from cyber-attacks. HEAL provides security teams with unique abilities to simulate real attacks within their own environments, create bespoke incident response plans as cyber incidents unfold, and automate actions to rapidly respond to and recover from those incidents.

Managing emerging cyber-attacks presents an enormous challenge for security teams who must make decisions quickly in the heat of the attack based on potentially hundreds of changing and uncertain data points and factors. In a recent ransomware incident, analysts would have needed around 60 total hours of investigative work to build a complete understanding of the full scope and varied details, yet the malicious activity unfolded across just 10 hours. The pressure and complexity facing these teams is only poised to grow as generative AI tools enable attackers to increase the speed, scale, and sophistication of novel attacks. With the global average cost of a data breach reaching $4.35 million in 2022, the financial, operational and reputational stakes for businesses to remediate and recover quickly are high.

HEAL leverages Darktrace’s Self-Learning AI to give security teams new abilities designed to build cyber resilience and help them more easily and confidently address live incidents. With HEAL, security teams can:

• Simulate real-world cyber incidents, allowing teams to prepare for and practice their response to complex attacks on their own environments.
• Create bespoke, AI-generated playbooks as an attack unfolds based on the details of their environment, the attack, and lessons learned from their previous simulations. This reduces information overload, prioritizes actions, and enables faster decision-making at critical moments.
• Automate actions from the response plan to rapidly stop and recover from the attack within the HEAL interface.
• Create a full incident report, including an audit trail of the incident response with details of the attack, actions HEAL suggested, and actions taken by the security team for future learning and to support compliance efforts.

Transforming Readiness with Incident Simulations 

HEAL’s simulated incidents are a first-of-its-kind capability for security teams to safely run live simulations of real-world cyber-attacks ranging from data theft and ransomware encryption, to rapid worm propagation, all in their own environments and involving their own assets. Security teams are expected to flawlessly manage incident response in the face of a live, rapidly unfolding, often novel attack, usually without any realistic practice. HEAL enables teams to get real-world experience managing attacks as they would happen to the business and regularly practice these procedures to help fine tune their responses. That means teams aren’t running their incident response for the first time in the face of a real, live attack.

Transforming Incident Response with Bespoke, AI-Generated Playbooks 

When a live incident does occur, HEAL will use insights from Darktrace DETECT to create a picture of the attack and a bespoke, AI-generated, response playbook, built from Darktrace’s knowledge of the incident, the business’s environment, and lessons learned from the security team’s previous simulations. HEAL recommends the priority order for remediation actions based on factors like further damage the compromised asset can cause, how much the attack is relying on that asset as a pivot or entry point, and its importance to the business. Consequently, security teams can adapt their defenses as an incident evolves, enabling them to end it more rapidly and with less overall disruption. 

Transforming Recovery with Automated Remediation & Reporting

HEAL further enables security teams to quickly and efficiently manage and recover from live incidents by integrating with a variety of tools in a business’s wider security stack to automate actions. Within HEAL’s live playbooks, teams can activate and manage authorized tools from across their environment, from a single interface with a click of a button. At launch, HEAL will integrate with Microsoft Defender for Endpoint, Intune, Microsoft 365, Veeam, and Acronis.

HEAL provides security teams with automated incident reports during and after an attack,giving teams valuable time back that is normally spent writing detailed updates. The reports provide analysis of the attacker and security team actions, decisions, containment, and recovery information to keep stakeholders updated as an event unfolds. After an attack, this can offer essential compliance information to third parties such as forensics teams, insurance providers, and legal teams and can be used to assist with reviews and learning lessons from the attack and the response.

Closing the Cyber AI Loop

HEAL works with DETECT and Darktrace PREVENT to build a live picture of the environment and attack, and integrates with Darktrace RESPOND to prioritize, isolate, and heal key assets to cut off and shorten attacks. Its introduction closes Darktrace’s Cyber AI Loop, bringing together DETECT, PREVENT, RESPOND, and HEAL into a single platform in which each element draws insights from and continuously reinforces the others to create a best-in-class cyber defense.

To learn more about Darktrace HEAL and the Darktrace Cyber AI Loop, register for the launch event on August 3.

Darktrace, a global leader in cyber security artificial intelligence, today announced that RioCan, one of Canada’s largest real estate investment trusts, has selected Darktrace to defend “The Well,” Canada’s most ambitious multi-use real estate project.  

Set to open in 2023, The Well will host approximately 11,000 people daily. Located in downtown Toronto, this expansive development will comprise more than 200 retail, commercial, and residential spaces across 7.7 acres of land. 

RioCan selected Darktrace’s DETECT and RESPOND technologies in 2021 to defend Network and Cloud infrastructure across its commercial office spaces and retail property investments. The property investor is now deploying Darktrace’s AI to defend this three-million-square-foot project in Toronto from sophisticated and disruptive cyber-threats. 

As cyber-crime proliferates, attackers continue to target real estate organizations both to exfiltrate confidential data, including the financial information of property buyers and sellers, and to disrupt operations and demand hefty ransoms from investors and agents. With AI-powered defenses, RioCan is able to protect its IT estate as well as its operational technology, including elevators, thermostats, and appliances.  

Darktrace delivers complete AI-powered solutions in its mission to free the world of cyber disruption. We protect more than 7,400 customers from the world’s most complex threats, including ransomware, cloud, and SaaS attacks. Darktrace is delivering the first-ever Cyber AI Loop, fueling a continuous security capability that can autonomously spot and respond to novel in-progress threats within seconds. Darktrace has 115+ patent applications filed. Darktrace was named one of TIME magazine’s “Most Influential Companies” in 2021. 

Darktrace, a global leader in cyber security artificial intelligence (AI), and HackerOne, the leader in Attack Resistance Management, have partnered to combine Darktrace PREVENT/Attack Surface Management™ technology with the continuous security assessment capabilities of the HackerOne platform. The partnership expands HackerOne’s OpenASM initiative and delivers on a shared vision with Darktrace to help organizations secure their digital estate through leading technology and a community of ethical hackers. 

HackerOne recognized the need for an ASM partner that could enhance the asset discovery and reconnaissance efforts of HackerOne’s community of hackers. After an extensive technology evaluation, it selected PREVENT/ASM™, a set of AI-powered capabilities that perform reconnaissance on a target attack surface simply by knowing the name of an organization or brand and identifying threats external to that target. The combination of AI and security expertise will deliver continuous insight and help organizations find and eliminate blind spots across their digital landscape before attackers can exploit them. To assure ongoing security improvement, Darktrace and HackerOne will collaborate to train hackers on ASM best practices as they find, enrich, and risk rank assets. 

The Darktrace and HackerOne partnership helps organizations close their security gap. Organizations face challenges with an attack resistance gap between known digital assets and those they need to protect. According to The 2022 Attack Resistance Management Report, one-third of organizations said they monitor less than 75% of their attack surface, and almost 20% believe that over half of their attack surface is unknown or not observable. In June, HackerOne launched OpenASM, an initiative that empowers organizations to combine external scan data from ASM products with HackerOne’s proactive security testing capabilities to gain a comprehensive understanding of attack surface risks. As an early champion of OpenASM, Darktrace assures that customers can quickly gain visibility of their external assets, while hacker expertise provides targeted testing and data enrichment to address the most critical risks to their organization. 

Are you heading to the Black Hat USA conference on August 10-11 at the Mandalay Bay Hotel, Las Vegas? Stop by Darktrace’s Booth #1132 or HackerOne’s Booth #2520 to see a demonstration of Darktrace and HackerOne’s products working together. 

Darktrace, a global leader in cyber security artificial intelligence, today announced the launch of Darktrace PREVENT™, an interconnected set of AI products that deliver a proactive cyber security capability to help organizations pre-empt future cyber-attacks. Darktrace PREVENT is the third product area in Darktrace’s delivery of a Cyber AI Loop, the industry-first set of AI capabilities which work together autonomously to optimize an organization’s state of security through a continuous feedback loop.  

The new Darktrace PREVENT product family is based on breakthroughs developed in the firm’s Cambridge Cyber AI Research Centre and the capabilities gained through the acquisition of Cybersprint in March 2022. PREVENT uses AI to ‘think like an attacker,’ finding pathways to an organization’s most critical assets from inside and outside. Underpinned by AI that ‘knows you,’ it continuously analyzes the most disruptive attacks for an organization and feeds that information back into DETECT and RESPOND to support continuous learning and automation to harden systems.  

A number of organizations in the US, UK and Northern Europe are early adopters of Darktrace PREVENT products, including the City of Las Vegas and Sedgwick, a leading global provider of technology-enabled risk, benefits and integrated business solutions.  

Darktrace’s latest product family is set to proactively defend organizations against the heightened volume and sophistication of cyber threats, which is making identification and prioritization of their most pressing vulnerabilities increasingly difficult. In new data published today, Darktrace reveals that high-priority attempts to breach customer systems increased by 49% globally between January and June 2022. Over the same period, Darktrace saw a 138% increase in attempted cyber-attacks targeting customers in government-related sectors globally. In the month of June, the Information and Communication sector was the most highly targeted across Darktrace’s global customer base as it was in the US. In the UK, the most targeted industry was the public sector and government-related sectors.   

At the same time, security teams are contending with an ever-increasing volume of vulnerabilities, and they do not have the resources to fight on all fronts. With the launch of PREVENT, Darktrace provides more predictive and preventative solutions to tackle cyber threats and business risk – rather than waiting for breaches to occur before action is taken. In new data published today, based on external vulnerability data of over 150 organizations, Darktrace reveals that 85% of high-risk vulnerabilities are not patched within one week and 70% are still unpatched after one month. Defenders do not have the resources to fight on every front and they cannot simply be reactive anymore.  

Within Darktrace PREVENT, Darktrace today launches two new products. In addition, Darktrace is announcing major new releases to its existing Darktrace DETECT™ and Darktrace RESPOND™ product families, enabling all products to interact with one another as key components of the Cyber AI Loop.  

• Darktrace PREVENT/E2E™ (End-to-End) – an outcomes-based approach to managing cyber risk, incorporating the best capabilities from across multiple disciplines including attack path modelling, automated penetration testing, breach & attack emulation, security awareness testing and training, and vulnerability prioritization. 
• Darktrace PREVENT/ASM™ (Attack Surface Management) – AI performs reconnaissance on a specific target by simply knowing the name of the entity, with zero scope and delivering value across many use cases including shadow IT, supply chain, mergers & acquisitions, configuration errors, and many others. 
• DETECT, RESPOND FEEDBACK LOOP – Existing capabilities integrated with Darktrace PREVENT/E2E and PREVENT/ASM reinforce one another to create a continuous feedback loop for always-on learning from the threat landscape. 

Darktrace, a global leader in cyber security AI, today announced that it has been named one of the Most Innovative Companies in Artificial Intelligence of 2022 by Fast Company. The editors recognized Darktrace as one of the top 10 companies innovating in the AI sector.

Since 2008, Fast Company‘s Most Innovative Companies has been the definitive source for recognizing organizations transforming industries and shaping society. According to Fast Company, Darktrace was recognized for its Self-Learning AI that can defend against cyber-attacks “by forming an understanding of an organization’s machines, processes, and people—and then springing into action when it detects signs of abnormality.” Fast Company highlighted the efficacy of Darktrace’s Enterprise Immune System, noting that Darktrace reported none of its customers were ensnared when the ransomware gang REvil exploited a flaw in Kaseya in 2021.

Fast Company also underlined the value of the breadth of Darktrace’s coverage areas from email systems to operational technologies (OT). Finally, the publication highlighted Darktrace furthering its innovation in AI-based cyber defenses by expanding its key partnership with Microsoft and doubling its R&D team at the Cyber AI Research Centre in Cambridge, UK.

Darktrace is a global leader in cyber security AI, delivers world-class technology that protects over 6,500 customers worldwide from advanced threats, including ransomware and cloud and SaaS attacks. Darktrace’s fundamentally different approach applies Self-Learning AI to enable machines to understand the business in order to autonomously defend it. Headquartered in Cambridge, UK, the company has more than 1,700 employees and over 30 offices worldwide. Darktrace was also named one of TIME magazine’s ‘Most Influential Companies’ for 2021.

Effectively communicating during a cyber breach is crucial for companies to beat any misinformation. Organizations often fail to disclose details of a cyber breach because they don’t know what happened or have the tools to fight cyberattacks. While legislation like this forces companies to report such incidents, it’s pretty clear that companies need to do more on the communication front. David Masson of Darktrace agrees:

Organizations can be slow or hesitant in getting their message out after experiencing a cyber incident, and this can sometimes give an impression of reluctance to say anything at all, which sows seeds of doubt. In this world of communication immediacy, businesses should have disclosure as part of their cyber response plans and be ready to discuss the incident as soon and as openly as possible in the public domain. Strong and confident communications that promptly offer clear and accurate information will help avoid mistakes or other narratives becoming the truth and instead drive home reassurance about what has happened, how the organization is remedying the situation and the fact that the business is in charge of its future. A failure to disclose or disclose appropriately won’t actually stop eventual disclosure, but it won’t be on your terms, and you won’t have control of the message.

That’s helpful advice and something that business should build into their plans for dealing with a cyber incident. On top of having the proper defences in place to keep a cyber incident from happening.

Darktrace today announced that its Autonomous Response technology now takes action on the endpoint – rounding out the Darktrace Antigena product family, which already includes coverage for SaaS applications, cloud, email, network, and Operational Technology (OT).

Endpoints have moved farther outside traditional infrastructure and have started housing even more sensitive data. As a result, CISOs and security professionals have been left grappling with the complexities of protecting their organizations and dynamic workers in the wake of flexible work arrangements and the dawn of the ‘Great Resignation’.

A novel approach to this challenge could be to augment security teams with AI that learns on the job how this flexible, dynamic workforce is working. Irregularity of endpoint activity can be continuously re-evaluated, and subtle, indiscernible actions can be taken that allow productive work to continue while stopping only threatening activity.

Antigena Endpoint does just that. It detects anomalous activity and intelligently makes micro-decisions based on unusual activity, such as out-of-the-ordinary initial file downloads and data exfiltration attempts, command and control traffic or lateral movement that might represent a cyber-threat. It uses various techniques to interrupt attacks on Mac, Windows, and Linux devices, including data leaks, ransomware and insider threats.

Contextual awareness gained from other parts of the digital estate is also beneficial in stopping endpoint attacks. For example, in the case of Antigena Email and Antigena Endpoint deployed together, the precision of response is enhanced by the more nuanced understanding of new and expected senders across all endpoint and email activity. A brand-new sender soliciting an employee into making a bank transaction on its own might warrant action. But, with the added information that the website has no prior relevancy to the organization, the increased context would solidify the case and alter the system’s response.

Darktrace a global leader in cyber security AI, delivers world-class technology that protects over 6,500 customers worldwide from advanced threats, including ransomware and cloud and SaaS attacks. Darktrace’s fundamentally different approach applies Self-Learning AI to enable machines to understand the business in order to autonomously defend it. Headquartered in Cambridge, UK, the company has 1,700 employees and over 30 offices worldwide. Darktrace was named one of TIME magazine’s ‘Most Influential Companies’ for 2021.

By Justin Fier, Director of Cyber Intelligence & Analytics, Darktrace

In 2020, the financial services sector was the industry that experienced the most cyber-attacks. For years, attackers targeted these organizations because they were expectedly lucrative targets. 

But in 2021, the financial services sector was no longer the most targeted. Instead, the IT and communications sector, including telecommunications providers, software developers, managed security service providers, and others faced the most attempted cyber-attacks.

This shift in priority target is not surprising for industry experts given the numerous high-profile software supply chain attacks in 2021, including those on SolarWinds, Kaseya, GitLab. Bad actors increasingly see software and developer infrastructure, platforms, and providers as entry vectors into governments, corporations, and critical infrastructure. 

Darktrace’s researchers observed that its artificial intelligence (AI)) autonomously interrupted around 150,000 threats each week against the sector in 2021. These research findings are developed based on Darktrace data generated by ‘early indicator analysis’ that looks at the breadcrumbs of potential cyber-attacks at several stages before attributing them to any actor and before they escalate into a full-blown crisis. 

From this analysis, Darktrace predicts that, in 2022, we will see threat actors embed malicious software throughout the software supply chain, including proprietary source code, developer repositories, open-source libraries, and more. We will likely see further supply chain attacks against software platforms and additional publicized vulnerabilities.

Explaining the shift

This increase in attacks on this sector is likely because more companies rely on third-party trusted suppliers to handle their data while it’s in motion and at rest. This cyber-attack vector has proven substantially profitable for attackers who focused their efforts on related organizations to get to a target’s crown jewels. This shift means that small- and medium-sized companies are now more likely to experience an attack, even if they are not the end target. 

Most recently, the uncovered vulnerability ‘Log4Shell’ embedded in a widely used software library left billions of devices exposed and prompted the Cybersecurity and Infrastructure Security Agency to provide formal guidance.

Unfortunately, many of these libraries are only updated and supported by volunteers, making it easy for vulnerabilities and intentional corruptions to slip through. DevSecOps will be a significant discussion point in 2022 as organizations begin to understand the importance of baking security into applications much earlier in the development process. Risks presented by the dependence on open source will put dev teams front and center. 

Email phishing persists as a reliable method for attackers

Despite this relevant shift in targets, Darktrace found that the most widely used attack method on the IT sector continues to be phishing. Darktrace found that organizations in the industry faced an average of 600 unique email phishing campaigns a month in 2021. These campaigns also matured in sophistication, as most no longer contain a malicious link or attachment as in the typical ill-intended email. 

In 2022, attackers will continue to advance their email attacks to hijack the communications chain more directly. We will see attackers hijack trusted supplier accounts to send spear-phishing emails from genuine, trusted accounts, as we saw in the November 2021 FBI account takeover.

Top cyber-criminals will use ‘clean’ emails containing normal text, with messages carefully crafted to impersonate a trusted third party to induce recipients to reply and reveal sensitive information. 

Facing the increase in attacks head-on

As the global software supply chain becomes increasingly interconnected, governments, corporations, and critical infrastructure organizations are all at risk of breach not only through their software and communications suppliers but via any security flaw in the extensive global software supply chain. 

In the face of this cyber threat, organizations must focus on not only their own cyber resilience but also ensure they can hold their trusted suppliers accountable to best cyber practices. There is no magic solution to finding attacks embedded in your software suppliers, so the real challenge for organizations will be to operate while accepting this risk. This year, like 2021, it is increasingly unrealistic for these companies to hope to avoid breaches via their supply chains. Instead, they must have the ability to detect the presence of attackers after a breach and stop this malicious activity in the early stages. 

If attackers can embed themselves at the beginning of the development process, organizations will have to detect and stop the attacker after they have gotten through. This problem calls for cyber defense technology that can spot vulnerabilities as threat actors exploit them. 

This threat reinforces the need for security to be integrated earlier in the development process and the importance of quickly containing attacks to prevent business disruption. Since these are multi-stage attacks, organizations can use AI at every step to contain and remediate the threat.

Darktrace, a global leader in cyber security AI, today reported that its security researchers discovered a 30% increase in the average number of attempted ransomware attacks globally over the holiday season in every consecutive year from 2018 to 2020 compared to the monthly average.

The researchers also observed a 70% average increase in attempted ransomware attacks in November and December compared to January and February. Following a record number of ransomware attacks this year, the company expects the spike to be higher over the 2021 holiday period.

During the nascent 2021 holiday season, Darktrace’s AI detected and autonomously stopped an in-progress, early-stage ransomware attack on a U.S. city before any data exfiltration or encryption could occur. The city’s security team had the foresight to deploy an AI solution to combat multi-stage ransomware attacks, enabling them to stop the attackers at the earliest stage. 

Ransomware is often falsely considered an encryption problem. This misconception masks and undermines attackers’ determination and creativity to initially break into and then move around within an organisation’s digital environment first to discover, then steal and encrypt data. The break-in is often through email, but that quickly evolves to targeting servers where the data lives. Therefore, a combination of email and network security is crucial to stop these attacks. 

Powered by Self-Learning AI, Darktrace technology develops an understanding of normal business operations for each organisation. It autonomously interrupts in-progress attacks at every stage from the initial entry with sophisticated spearphishing emails to brute-forced remote desktop protocol (RDP), command-and-control, and lateral movement, all without business disruption. 

Darktrace is a global leader in cyber security AI, delivers world-class technology that protects almost 6,000 customers worldwide from advanced threats, including ransomware, and cloud and SaaS attacks. The company’s fundamentally different approach applies Self-Learning AIto enable machines to understand the business in order to autonomously defend it. Headquartered in Cambridge, UK, the company has 1,600 employees and over 30 offices worldwide. Darktrace was named one of TIME magazine’s ‘Most Influential Companies’ for 2021.

Darktrace today announced that its Self-Learning AI is defending organizations across  all 16 critical infrastructure sectors designated by the Cybersecurity and Infrastructure Security Agency (CISA). 

Within CISA, the Office of Infrastructure Protection leads efforts to manage risks to critical infrastructure,  deeming them  ”essential to the economy, security, and sustainment of the American way of life.” Self-Learning AI has proved crucial in this mission. It augments human teams and takes autonomous action to detect and respond to threats against the country’s most sensitive systems and critical data—at the earliest stages of an attack. 

Self-Learning AI works by constantly evolving its understanding of both IT and operational technologies, allowing it to identify the subtle, emerging signs of a cyber-threat and take targeted action to interrupt encroaching attacks. These real-time alerts enable critical infrastructure organizations to continue business operations without disruption. 

The technology also allows defenders of critical infrastructure to achieve the Biden Administration’s goals outlined in the  National Security Memorandum on Protecting Critical Infrastructure Control Systems — namely threat visibility, indications, detections, warnings, and facilitating response. 

Darktrace Self-Learning AI has successfully fought back against insider threats, supply chain attacks, zero-day exploits, APTs as well as state-sponsored attacks across U.S. critical infrastructure industries. 

In  May 2021, hackers hit Colonial Pipeline with ransomware, forcing the company to halt the pipeline’s total operations to contain the attack. In the same month, Darktrace AI detected, investigated, and contained a double extortion ransomware attack on a water and wastewater organization in  North America. Unlike in the case of Colonial Pipeline, the attack was interrupted before hackers could demand any ransom payment or disrupt business operations. Darktrace catches ransomware and other security threats similar to this every day across all 16 sectors.