Darktrace’s Cyber AI Analyst now runs open investigations
Darktrace, a global cybersecurity AI company, has announced significant enhancements to its flagship Cyber AI Analyst product.
It now intelligently groups incidents to encompass the life cycle of complex compromises as they develop across various entities within a business's digital estate. The Cyber AI Analyst now treats incidents as 'open investigations,' continuously adding new supporting data to ongoing cases.
Cyber AI Analyst is known for augmenting human analysts by continuously investigating to surface and prioritising critical incidents. Its open investigations piece together cross-entity incidents, so a SaaS account takeover can now be connected back to the same compromised credentials used on a local device. The company says this process is similar to open criminal investigations, where a single piece of evidence could connect two seemingly isolated crimes.
"With ever-expanding, unique digital estates, it's mission-critical that Cyber AI Analyst investigations remain bespoke to their environment rather than follow a one-size-fits-all model with pre-programmed investigation tactics," says Darktrace.
"AI Analyst's on-the-fly technical approach to investigations enables it to find the needle in a thousand haystacks that might be the key evidence to connecting disparate compromises."
In the past, multiple incidents would have remained separate. AI Analyst can now automatically merge incidents when it discovers a link connecting them. This shift to open investigations has early adopter customers experiencing up to a 63% reduction in total incidents and up to a 92% reduction in the most critical incidents, further decreasing time-to-meaning and analyst triage time, enabling customers to spend more time focusing on macro-level tasks and initiatives.
Cyber AI Analyst open investigations can be run manually by a human security team member or be triggered automatically by a third-party event, such as an alert ingested directly from another security solution, to validate and further contextualise their detections and decisions. Completed investigations are integrated directly into human and technology ecosystems for consumption either natively within the Darktrace UI, exportable reports, or third-party tools like SIEMs and ticketing systems.
"Our Cyber AI Research Centre focused on identifying ways to piece together seemingly disparate activity from different sources and entities to tie multiple possible indicators of compromise closely," says Darktrace product lead, Research and Development, Dr Tim Bazalgette.
"This cross-entity approach to incident discovery allows for the automated detection of compromises, and the automated determination of their full scope, without human attention. This influential research evolved to directly impact these key updates that make understanding incidents easier for Darktrace customers."
Darktrace has over 6,500 customers worldwide. Darktrace's fundamentally different approach applies Self-Learning AI to enable machines to understand the business to defend it autonomously. The company is headquartered in Cambridge, UK, and has more than 1,700 employees and over 30 offices worldwide.