Deploying A World First – How Darktrace Antigena Neutralizes Threats in Seconds

13 February 2020 | 15140 Shares


Artificial intelligence has revolutionized global business paradigms. With its tantalizing promises of increased efficiency and empowering innovation, companies of all sizes and sectors are desperate to integrate AI into their products. But, separating the wheat from the chaff when it comes to claims of AI is a Herculean task. There are thousands of solutions that purport to be “AI-powered” or “ML-driven”; it seems like every new product has had the term dropped somewhere in its marketing materials.

While many conversations about AI are happening at a conceptual level, one area where claims of AI are credible, and have already been proven to work in enterprises at scale, is within the cyber security industry. That’s because the cyber realm comprises of vast swathes of data – data which is AI’s lifeblood. AI algorithms thrive on large information sets as they enable it to accurately self-learn normal patterns of behavior for users and devices across the digital business – empowering the technology to arrive at conclusions of what’s normal and not normal to a higher level of accuracy (as well as much faster) than a human ever could.

One AI cyber security vendor, Darktrace, has developed such a technology that passively observes organizations’ metadata flow at scale, ingesting and analyzing activity across an entire digital estate: emails, file-sharing, web browsing, and use of cloud services, among others. In short, Darktrace learns each business’s unique and evolving digital DNA. Acting as an organization’s ‘immune system’, it identifies emerging threats based on its comprehensive understanding of ‘self’ and ‘not self’, and resultingly neutralizes cyber-attacks within seconds.

A World First  

Capable of flagging up suspicious, out-of-the-ordinary behavior to human security teams, Darktrace’s technology also takes its own independent, proportionate actions according to detected threatening activity. The sophisticated AI algorithms that power these Autonomous Response capabilities are a world first. But, Darktrace Antigena’s inspiration comes from an unusual source – biological antibodies, the world’s oldest autonomous system.

Acting as a digital antibody, Darktrace Antigena takes precise action to curb a threat within seconds of it emerging. Within the network, it can limit the actions of a specific device to its normal pattern of life, while the Antigena’s email model can strip malicious attachments from spear-phishing emails before they reach a single user, thus protecting the entire organization.

Antigena’s capabilities save vital time and effort for stretched security teams. Alongside taking surgical and appropriate response to contain malicious activity, it allows normal business operations to continue as usual. This quick threat neutralization gives security teams critical time to catch up and investigate cyber incidents, with threat alerts being delivered to their desktops and mobile phones.

However, when teams do come to investigate incidents, much of the heavy lifting will have already been performed by Darktrace’s Cyber AI Analyst. This ground-breaking technology uses AI rather than humans to investigate and triage threats. Threat notifications are compiled into concise, easily digestible reports, able to be read and understood by technical and non-technical employees alike.

Unlike human teams, Darktrace Antigena is the always-on machine defender, stopping threats before they do damage. And Antigena’s capabilities have been proven time and time again across all sectors, in over 3,000 Darktrace customers worldwide.

Detecting Malicious Insiders in the Cloud

No-matter a company’s security posture, insider threats are always a concern. Their privileged access to companies’ systems means they can often steal critical data without triggering any security procedures. And with increased migration to the cloud, organizations have even less visibility into their digital estate, making insider detection exponentially more difficult.

However, Darktrace Antigena caught an insider threat in the cloud after an employee had been let go from their position as System Administrator. As the company had neglected to delete the employee’s corporate account, the former IT admin was able to log in to their SaaS account and quickly download many sensitive customer files. They then attempted to exfiltrate this data during one of the company’s regular data transfer services. However, Darktrace immediately picked up on the unusual nature of this action and blocked the exfiltration at every turn, no matter which data transfer service utilized. This is only possible given an understanding of ‘self’.

The granular view that Darktrace facilitates ensured that specific definition was available for this incident. This view additionally enables preventative measures to be implemented, with certain people able to be restricted to a pre-defined set of rules, procedures, and actions during uncertain times, such as during company merges.

A proven technology

While many cyber companies add in a small element of machine learning on top of their product, or have AI ‘building blocks’ that require a lot of configuration, AI is integral to Darktrace. In fact, Antigena’s AI element is inseparable from every aspect of its work. And Darktrace Antigena has proven itself in thousands of businesses and companies right across the globe — in fact, its Cyber AI catches a cyber-threat every three seconds.

In the time taken to read this article, an organization could have experienced an attempt at a cyber breach, with Antigena taking action and stopping all malicious activity. To find out more, and learn why there’s never been a better time to invest in cyber AI, start a free trial today.