TIDMDARK
Darktrace PLC
26 July 2023
Darktrace HEAL(TM) Brings Industry First AI-Enabled Capabilities
to Transform Incident Response, Readiness and Recovery
-- Security teams can now address more emerging, potentially
critical incidents earlier, with more confidence.
-- HEAL completes Darktrace's Cyber AI Loop, delivering
resilience throughout the cyber lifecycle from prevention, to
detection, to response, and now to recovery.
July 26(th) , 2023, Cambridge UK - Darktrace today announces the
launch of Darktrace HEAL(TM), its AI-enabled product to help
businesses more effectively prepare for, rapidly remediate, and
recover from cyber-attacks. HEAL provides security teams with
unique abilities to simulate real attacks within their own
environments, create bespoke incident response plans as cyber
incidents unfold, and automate actions to rapidly respond to and
recover from those incidents.
Managing emerging cyber-attacks presents an enormous challenge
for security teams who must make decisions quickly in the heat of
the attack based on potentially hundreds of changing and uncertain
data points and factors. In a recent ransomware incident ([1]) ,
analysts would have needed around 60 total hours of investigative
work to build a complete understanding of the full scope and varied
details, yet the malicious activity unfolded across just 10 hours.
The pressure and complexity facing these teams is only poised to
grow as generative AI tools enable attackers to increase the speed,
scale, and sophistication of novel attacks. With the global average
cost of a data breach reaching $4.35 million in 2022[2], the
financial, operational and reputational stakes for businesses to
remediate and recover quickly are high.
HEAL leverages Darktrace's Self-Learning AI to give security
teams new abilities designed to build cyber resilience and help
them more easily and confidently address live incidents. With HEAL,
security teams can:
-- Simulate real-world cyber incidents, allowing teams to
prepare for and practice their response to complex attacks on their
own environments.
-- Create bespoke, AI-generated playbooks as an attack unfolds
based on the details of their environment, the attack, and lessons
learned from their previous simulations. This reduces information
overload, prioritizes actions, and enables faster decision-making
at critical moments.
-- Automate actions from the response plan to rapidly stop and
recover from the attack within the HEAL interface.
-- Create a full incident report, including an audit trail of
the incident response with details of the attack, actions HEAL
suggested, and actions taken by the security team for future
learning and to support compliance efforts.
Transforming Readiness with Incident Simulations
HEAL's simulated incidents are a first-of-its-kind capability
for security teams to safely run live simulations of real-world
cyber-attacks ranging from data theft and ransomware encryption, to
rapid worm propagation, all in their own environments and involving
their own assets. Security teams are expected to flawlessly manage
incident response in the face of a live, rapidly unfolding, often
novel attack, usually without any realistic practice. HEAL enables
teams to get real-world experience managing attacks as they would
happen to the business and regularly practice these procedures to
help fine tune their responses. That means teams aren't running
their incident response for the first time in the face of a real,
live attack.
Transforming Incident Response with Bespoke, AI-Generated
Playbooks
When a live incident does occur, HEAL will use insights from
Darktrace DETECT (TM) to create a picture of the attack and a
bespoke, AI-generated, response playbook, built from Darktrace's
knowledge of the incident, the business's environment, and lessons
learned from the security team's previous simulations. HEAL
recommends the priority order for remediation actions based on
factors like further damage the compromised asset can cause, how
much the attack is relying on that asset as a pivot or entry point,
and its importance to the business. Consequently, security teams
can adapt their defenses as an incident evolves, enabling them to
end it more rapidly and with less overall disruption.
"The reality is that sets of manual incident response playbooks
don't last very long. These days they may be outdated 24 hours
after they are created, because the cyber landscape is just
changing so rapidly. We constantly have to revise them because
there are so many things we may not be thinking of. Moreover, these
playbooks assume you have a controlled environment, which is not
the case when an attack occurs. Utilizing Darktrace's AI solutions
really ends the need for these coarse static playbooks," adds Neal
Mohammed, Head of Technology at real estate leader Rudin
Management.
Transforming Recovery with Automated Remediation &
Reporting
HEAL further enables security teams to quickly and efficiently
manage and recover from live incidents by integrating with a
variety of tools in a business's wider security stack to automate
actions. Within HEAL's live playbooks, teams can activate and
manage authorized tools from across their environment, from a
single interface with a click of a button. At launch, HEAL will
integrate with Microsoft Defender for Endpoint, Intune, Microsoft
365, Veeam(R), and Acronis.
HEAL provides security teams with automated incident reports
during and after an attack,
giving teams valuable time back that is normally spent writing
detailed updates. The reports provide analysis of the attacker and
security team actions, decisions, containment, and recovery
information to keep stakeholders updated as an event unfolds. After
an attack, this can offer essential compliance information to third
parties such as forensics teams, insurance providers, and legal
teams and can be used to assist with reviews and learning lessons
from the attack and the response.
Closing the Cyber AI Loop
HEAL works with DETECT and Darktrace PREVENT (TM) to build a
live picture of the environment and attack, and integrates with
Darktrace RESPOND (TM) to prioritize, isolate, and heal key assets
to cut off and shorten attacks. Its introduction closes Darktrace's
Cyber AI Loop, bringing together DETECT, PREVENT, RESPOND, and HEAL
into a single platform in which each element draws insights from
and continuously reinforces the others to create a best-in-class
cyber defense.
Jack Stockdale, Chief Technology Officer, Darktrace comments:
"At Darktrace, we build technology by looking at where AI can be
the most valuable in augmenting the people in a security team and
how it can have the most positive impact on their work. With HEAL,
we've turned our attention to cyber resilience. We're upskilling
teams and reducing the overload analysts face during an attack, to
help them recover and get back to business faster and more
effectively.
"With the closing of Darktrace's full Cyber AI Loop, security
teams can maximize the time and talent of their human teams,
enabling them to focus on critical and complex tasks with the
knowledge that Darktrace AI is autonomously working in the
background to prevent, detect, respond, and heal from cyber-attacks
in a continuous, reinforcing loop."
To learn more about Darktrace HEAL and the Darktrace Cyber AI
Loop, register for the launch event on August 3.
# # #
About Darktrace
Darktrace (DARK.L), a global leader in cyber security artificial
intelligence, is on a mission to free the world of cyber
disruption. Breakthrough innovations in our Cyber AI Research
Centre in Cambridge, UK have resulted in over 145 patents filed and
research published to contribute to the cyber security community.
Rather than study attacks, Darktrace's technology continuously
learns and updates its knowledge of 'you' and applies that
understanding to optimise your state of optimal cyber security.
Darktrace is delivering the first ever Cyber AI Loop, fuelling a
continuous end-to-end security capability that can autonomously
spot and respond to novel in-progress threats within seconds.
Darktrace employs over 2,200 people around the world and protects
approximately 8,800 customers globally from advanced cyber threats.
Darktrace was named one of TIME magazine's 'Most Influential
Companies' in 2021. To learn more, visit http://www.darktrace.com
.
[1] A Black Cat attack on a customer, identified by Darktrace's
Cyber AI Analyst in April 2023
[2] IBM and Ponemon Institute, Cost of a Data Breach 2022:
https://www.ibm.com/downloads/cas/3R8N1DZJ
This information is provided by Reach, the non-regulatory press
release distribution service of RNS, part of the London Stock
Exchange. Terms and conditions relating to the use and distribution
of this information may apply. For further information, please
contact rns@lseg.com or visit www.rns.com.
RNS may use your IP address to confirm compliance with the terms
and conditions, to analyse how you engage with the information
contained in this communication, and to share such analysis on an
anonymised basis with others as part of our commercial services.
For further information about how RNS and the London Stock Exchange
use the personal data you provide us, please see our Privacy
Policy.
END
NRAPPUPAMUPWUAQ
(END) Dow Jones Newswires
July 26, 2023 02:00 ET (06:00 GMT)
Darktrace (LSE:DARK)
Gráfico Histórico do Ativo
De Mai 2024 até Jun 2024
Darktrace (LSE:DARK)
Gráfico Histórico do Ativo
De Jun 2023 até Jun 2024