AI-supported product simulates cyber attacks. This helps companies prepare for attacks more effectively and resolve them faster.
Coping with cyberattacks poses an enormous challenge for security teams. They must make quick decisions based on up to hundreds of changing and uncertain data points and factors. In a recent ransomware incident (1), it would have taken analysts around 60 hours in total to fully understand the scope and various details. Yet the attack unfolded in just 10 hours.
More complex cyber attacks through generative AI tool
The pressure and complexity facing security teams is only going to increase. Because generative AI tools enable attackers to increase the speed, scope and sophistication of new types of attacks. With the average cost of a data breach globally in 2022 being $4,35 million(2), the stakes for organizations are high: they must quickly repair the damage, restore operations, and maintain their reputation.
Darktrace has launched its new Darktrace HEAL™ solution. HEAL leverages Darktrace's self-learning AI to bring new capabilities to security teams. These strengthen their cyber resilience and help them to react more easily and securely to current incidents.
With HEAL, security teams can:
- Simulate real-world cyber incidents so they can prepare for, and practice responding to, complex attacks on their own environments.
- Build customized, AI-generated playbooks as an attack unfolds, based on the details of their environment, the attack, and the results of previous simulations. This reduces the information overload, prioritizes actions and enables faster decisions in critical moments.
- Automate actions from the response plan to quickly stop and remediate the attack within the HEAL UI.
- Create a full incident report—including an audit trail of incident response with details of the attack, actions suggested by HEAL, and actions taken by the security team—for learning and to support compliance.
Improved preparedness through incident simulations
With HEAL's simulated incidents, security teams can, for the first time, securely conduct live simulations of real-world cyberattacks. This ranges from data theft and ransomware encryption to rapid worm propagation - all in their own environment and with their own resources. Security teams are expected to respond flawlessly in the face of a rapidly evolving, often novel, attack, typically without any realistic practice. HEAL allows teams to gain real-world experience in dealing with attacks as they would occur in the enterprise. They can also practice the processes regularly to refine their reactions. This means that in the case of a real attack, the teams do not carry out their reaction to it for the first time.
Novel Incident Response with customized, AI-generated playbooks
When a live incident occurs, HEAL uses insights from Darktrace DETECT™ to create a picture of the attack and a customized, AI-generated playbook for the response. This is based on Darktrace's knowledge of the incident, the corporate environment, and lessons learned from the security team's previous simulations. HEAL recommends a prioritized order of remediation based on factors such as the further damage the compromised asset may cause, the extent to which the attack relies on that asset as a fulcrum or entry point, and its importance to the organization. As a result, security teams can adjust their countermeasures as an incident develops, closing it down faster and with less disruption.
"In reality, manual incident response schedules don't last long," said Neal Mohammed, head of technology at leading real estate company Rudin Management. “Nowadays, because the cyber landscape is changing so quickly, they can become obsolete within 24 hours of their creation. We have to constantly revise them as there are so many things we might not think of. Also, these playbooks assume you have a controlled environment. However, this is not the case with an attack. Using Darktrace's AI solutions eliminates the need for those crude, static playbooks.”
Recovery now with automated remediation and reporting
HEAL enables security teams to quickly and efficiently manage incidents and recover systems. The solution integrates with a variety of tools in an organization's broader security stack to automate actions. Within HEAL's live playbooks, teams can enable and manage authorized tools from across their environment through a one-click interface. At launch, HEAL integrates with Microsoft Defender for Endpoint, Intune, Microsoft 365, Veeam®, and Acronis.
HEAL provides security teams with automated incident reports during and after an attack. This frees up valuable time for teams, which they normally spend writing detailed updates. The reports provide analysis of the attacker and security team actions, decisions, and containment and recovery information to keep stakeholders informed as an event unfolds. In the event of an attack, critical compliance information can be made available to third parties such as forensic teams, insurance companies and the legal department. They can also be used to support reviews and lessons learned from attack and response.
Closing the Cyber AI Loop
HEAL works with DETECT and Darktrace PREVENT™ to create a live image of the environment and attack. Integration with Darktrace RESPOND™ also allows key resources to be prioritized, isolated and repaired to disrupt and shorten attacks. This completes the Darktrace Cyber AI Loop that brings together DETECT, PREVENT, RESPOND and HEAL into one platform where each element draws insights from the others and continuously amplifies them to provide best-in-class cyber defenses.
Jack Stockdale, Chief Technology Officer at Darktrace, comments: “At Darktrace, we develop technology by considering where AI is most valuable in assisting members of a security team and how it can most positively impact their jobs. With HEAL, we turned our attention to cyber resilience. We train teams and reduce analyst overload during an attack so organizations can recover faster and more effectively and get back to normal operations. With the closure of Darktrace's Cyber AI Loop, human security teams can optimize their time and skills by focusing on critical and complex tasks. This is done with the knowledge that the Darktrace AI is working autonomously in the background to prevent, detect, respond to and recover from cyberattacks in a continuous, escalating loop.”
(1) A Black Cat attack on a customer identified by Darktrace Cyber AI Analyst in April 2023
(2) IBM and Ponemon Institute, Cost of a Data Breach 2022: https://www.ibm.com/downloads/cas/3R8N1DZJ
About Darktrace Darktrace, a global leader in artificial intelligence for cybersecurity, protects businesses and organizations with AI technology from cyberattacks. Darktrace's technology registers atypical traffic patterns that indicate possible threats. In doing so, it recognizes novel and previously unknown attack methods that are overlooked by other security systems.
Matching articles on the topic