Darktrace, a global leader in cyber security AI, announced significant upgrades to its flagship Cyber AI Analyst product, which now intelligently groups incidents to cover the life cycle of complex compromises as they develop and progress across various entities within a company's digital estate. In addition, Cyber AI Analyst now treats incidents as 'open investigations,' with fresh supporting evidence being added to ongoing cases regularly.
Cyber AI Analysts' open investigations piece together cross-entity incidents, so a SaaS account takeover can now be linked back to the same compromised credentials used on a local device. In addition, Cyber AI Analysts' open investigations are known for augmenting human analysts by continuously investigating to surface and prioritize the most critical incidents. This procedure is similar to open criminal investigations, in which a single piece of evidence can link two seemingly unconnected crimes.
With ever-growing, distinct digital estates, it's vital that Cyber AI Analyst investigations are tailored to their specific circumstances rather than following a one-size-fits-all paradigm with pre-programmed investigative strategies. The on-the-fly technological approach to studies by AI Analysts allows it to identify the needle in a thousand haystacks, which could be essential in linking different compromises.
Previously, several events would have been treated as separate incidents. When AI Analyst finds a link between two incidents, it can automatically integrate them. As a result, early adopter customers have seen a 63 percent reduction in total incidents and a 92 percent reduction in the most critical incidents as a result of the shift to open investigations, further reducing time-to-meaning and analyst triage time, allowing customers to focus on macro-level tasks and initiatives.
Cyber AI Analyst open investigations can be run manually by a human member of the security team or triggered automatically by a third-party event, such as an alert ingested directly from another security solution, to validate and further contextualize their detections and decisions, in addition to continuously running based on directly observed events. Furthermore, investigations are immediately connected into human and technological ecosystems for consumption, whether through the Darktrace UI, exportable results, or third-party technologies like SIEMs and ticketing systems.
"Our Cyber AI Research Centre focused on identifying ways to piece together seemingly disparate activity from different sources and entities to tie multiple possible indicators of compromise closely, This cross-entity approach to incident discovery allows for the automated detection of compromises, and the automated determination of their full scope, without human attention. This influential research evolved to directly impact these key updates that make understanding incidents easier for Darktrace customers."
Dr. Tim Bazalgette, Research, and Development Product Lead, Darktrace