Darktrace announced significant enhancements to its Cyber AI Analyst product as it now intelligently groups incidents to encompass the life cycle of complex compromises as they develop and progress across various entities within a business’s digital estate.
Cyber AI Analyst now treats incidents as ‘open investigations,’ continuously adding new supporting data to ongoing cases.
Known for augmenting human analysts by continuously investigating to surface and prioritize the most critical incidents, Cyber AI Analyst’s open investigations piece together cross-entity incidents, so a SaaS account takeover can now be connected back to the same compromised credentials used on a local device. This process is akin to open criminal investigations where a single piece of evidence could connect two seemingly isolated crimes.
With ever-expanding, unique digital estates, it’s mission-critical that Cyber AI Analyst investigations remain bespoke to their environment rather than follow a one-size-fits-all model with pre-programmed investigation tactics. AI Analyst’s on-the-fly technical approach to investigations enables it to find the needle in a thousand haystacks that might be the key evidence to connecting disparate compromises.
Historically, multiple incidents would have remained separate. Now, AI Analyst can automatically merge incidents when it discovers a link connecting them. This shift to open investigations has early adopter customers experiencing up to a 63% reduction in total incidents and up to a 92% reduction in the most critical incidents, further decreasing time-to-meaning and analyst triage time, enabling customers to spend more time focusing on macro-level tasks and initiatives.
In addition to continuously running based on directly observed events, Cyber AI Analyst open investigations can be run manually by a human member of the security team or be triggered automatically by a third-party event, perhaps by an alert ingested directly from another security solution to validate and further contextualize their detections and decisions.
Completed investigations are integrated directly into human and technology ecosystems for consumption either natively within the Darktrace UI, exportable reports, or third-party tools like SIEMs and ticketing systems.
“Our Cyber AI Research Centre focused on identifying ways to piece together seemingly disparate activity from different sources and entities to closely tie multiple possible indicators of compromise,” said Dr Tim Bazalgette, Research and Development Product Lead, Darktrace. “This cross-entity approach to incident discovery allows for the automated detection of compromises, and the automated determination of their full scope, without human attention. This influential research evolved to directly impact these key updates that make understanding incidents easier for Darktrace customers.”