Darktrace AI Cyber Security

 

 

Self-Learning AI learns your business from the ground up to stop cyber disruption

While conventional AI techniques rely on pre-labelled data sets and prior knowledge, Self-Learning AI learns ‘on the job’ from real-world data and constantly adapts. Today, this fundamental technology powers the entire range of Darktrace security solutions used across 6,500 organizations worldwide.

 

Core principles of Self-Learning AI

 

Bringing Self-Learning AI to your data

In contrast to other AI approaches, which require data to be cleaned, labelled and moved to a centralized repository, Darktrace brings the AI to your data, wherever it lives.

Whether it is in the cloud and on email systems, across Operational Technologies or traditional networks and infrastructure, Self-Learning AI can be applied to any of these systems, without requiring data migration. It learns from scratch, and constantly evolves its understanding as the data environment changes.

 

 

Self-Learning AI and cyber security

Thrives in complexity

Self-Learning AI thrives in complexity – the more users, devices and environments that the AI can analyze, the deeper its understanding becomes. It is constantly learning from new activity and data and builds greater cyber resilience over time.

Finds the unfindable

In cyber security, it’s impossible to second-guess tomorrow’s attackers. Self-Learning AI identifies patterns that no one thought to look for, enabling it to uncover novel attacker behaviours that would otherwise go unnoticed.

Highly accurate

Self-Learning AI is highly accurate in distinguishing between genuinely threatening behaviours, and unusual but benign activity. In fact, it’s so precise that it is capable of reacting to a cyber threat without human intervention while avoiding any disruption to the business.

 

When attackers strike, Autonomous Response fights back on your behalf

 

 

Fast-moving cyber-attacks like ransomware can strike at any time, and security teams are often unable to react quickly enough. Autonomous Response uses Darktrace’s understanding of ‘self’ to take targeted action to stop in-progress attacks, without disrupting your business.

Responds with surgical precision

Powered by Self-Learning AI, Autonomous Response knows exactly the right action to take, at the right time, to contain an in-progress attack. The actions are precisely calibrated to ensure that the intervention is minimal, avoiding any disruption.

Protects the entire digital estate

Regardless of time or day, or where the attack comes in — through the cloud, SaaS, email, or the corporate network — the AI takes precise action to neutralize threats on behalf of security teams.

Buys back time and frees up humans

Autonomous Response gives security teams peace of mind. The AI intervenes in escalating cyber incidents in seconds and allows your people to focus on higher-value tasks.

Builds cyber resilience over time

When a cyber-threat emerges, Autonomous Response enforces the ‘pattern of life’ of the infected device or entity. Because Self-Learning AI continually enhances its understanding of your digital infrastructure, it constantly improves the precision of its response over time.

 

Augment and uplift your security team

Human security teams often lack the resources to conduct full investigations into incidents, leading to important facets of attacks being overlooked. Intelligence Augmentation dramatically extends the reach and efficiency of in-demand and time-pressed cyber experts.

 

 

Mimicking human intuition

Over a period of three years, Darktrace developed AI that observed how expert security analysts interacted with the output of our Self-Learning AI and came to conclusions about threat scenarios and incidents.

The AI analyzed the way that analysts formulate hypotheses, ask questions, and follow leads to reveal the full scope of a security incident.

Because of this project, Darktrace produced the first-ever ‘AI Analyst’ that mimics human intuition by intelligently stitching together multiple, disparate information sources, in order to prioritize workloads, and perform fully-fledged, expert-grade threat investigations in real-time.

AI and second-order effects

While Self-Learning AI makes sense of raw data from across the digital enterprise and establishes patterns of behaviour in order to pinpoint threats, Intelligence Augmentation applies the second layer of AI on top of this, using supervised machine learning to assess the output of these findings.

 

 

The result is AI-detected security events feeding into overarching incident summaries that highlight the full scope, origin and extent of the compromise.

 

The investigation process

 

 

  1. A single alert or event serves as the ‘lead’ of an investigation.
  2. Like a human analyst, Intelligence Augmentation starts with this lead and generates plausible hypotheses about the nature of the potential threat and the potential underlying cause.
  3. It then queries and analyzes data that may confirm, deny, or refine its hypotheses – using custom algorithms.
  4. This process is repeated continuously until it settles on a high-level description of the nature and root cause of the wider security incident.

 

 

Contact us to make the most of the cyber-security AI technology and drive your organisation towards the route of digital transformation.