Darktrace's Cyber AI Analyst is now running open Investigations

Darktrace | February 22, 2022

Darktrace, a global leader in cyber security AI, announced significant upgrades to its flagship Cyber AI Analyst product, which now intelligently groups incidents to cover the life cycle of complex compromises as they develop and progress across various entities within a company's digital estate. In addition, Cyber AI Analyst now treats incidents as 'open investigations,' with fresh supporting evidence being added to ongoing cases regularly.

Cyber AI Analysts' open investigations piece together cross-entity incidents, so a SaaS account takeover can now be linked back to the same compromised credentials used on a local device. In addition, Cyber AI Analysts' open investigations are known for augmenting human analysts by continuously investigating to surface and prioritize the most critical incidents. This procedure is similar to open criminal investigations, in which a single piece of evidence can link two seemingly unconnected crimes.

With ever-growing, distinct digital estates, it's vital that Cyber AI Analyst investigations are tailored to their specific circumstances rather than following a one-size-fits-all paradigm with pre-programmed investigative strategies. The on-the-fly technological approach to studies by AI Analysts allows it to identify the needle in a thousand haystacks, which could be essential in linking different compromises.

Previously, several events would have been treated as separate incidents. When AI Analyst finds a link between two incidents, it can automatically integrate them. As a result, early adopter customers have seen a 63 percent reduction in total incidents and a 92 percent reduction in the most critical incidents as a result of the shift to open investigations, further reducing time-to-meaning and analyst triage time, allowing customers to focus on macro-level tasks and initiatives.

Cyber AI Analyst open investigations can be run manually by a human member of the security team or triggered automatically by a third-party event, such as an alert ingested directly from another security solution, to validate and further contextualize their detections and decisions, in addition to continuously running based on directly observed events. Furthermore, investigations are immediately connected into human and technological ecosystems for consumption, whether through the Darktrace UI, exportable results, or third-party technologies like SIEMs and ticketing systems.

"Our Cyber AI Research Centre focused on identifying ways to piece together seemingly disparate activity from different sources and entities to tie multiple possible indicators of compromise closely, This cross-entity approach to incident discovery allows for the automated detection of compromises, and the automated determination of their full scope, without human attention. This influential research evolved to directly impact these key updates that make understanding incidents easier for Darktrace customers."

Dr. Tim Bazalgette, Research, and Development Product Lead, Darktrace


Answer the Demand for Certified Professionals Prepping for an (ISC)² credential, like the CISSP, is a big commitment. Maybe you’ve started, but life got in the way of your goal… We get it. That’s why we created the (ISC)² Exam Action Plan to help keep you on track for success. Because we need talented, skilled people like you w

Other News

Cyber Security & Cloud North America – New Line-Up Speakers Announced

TechEx Events Ltd | April 17, 2023

The Cyber Security & Cloud Congress North America (17-18th May) has announced exciting new additions to its line-up of speakers and panellists for the upcoming two-day event in Santa Clara. The event will take place on May 17th and 18th, 2023, and will feature a diverse range of tech industry experts, including CIOs, CTOs, Cyber Security, Cloud Architects, and other key players in the field. Attendees will have a great opportunity to hear from the most talented speakers including: Prasanna P., Digital Transformation Leader – Enterprise Architecture & Enterprise Strategy Leader – Molina Healthcare Shea Lovan, Chief Security Officer – UC Santa Barbara Sachin Vaidya, EVP Chief Information Officer of Heritage – Bank of Commerce Kishore Viswanathan, Senior Technical Program Manager, Cybersecurity and Compliance – Lucid Motors Sameh Emam, Division Risk Manager – Union Bank Kavitha Venkataswamy, Director – Digital Product Security – Capital One Richard Paz, CISM, Cyber Security Engineer – NASA Jet Propulsion Laboratory & many more! In addition to these keynote speakers, the event will also feature several panel discussions covering a wide range of topics, including Zero Trust, Threat Detection & Response, Training, Talent & Culture, Identity & Access Management, Application Security, Data Security and more. Attendees will have the opportunity to network with other industry professionals and gain valuable insights into the latest trends and technologies shaping the cybersecurity and cloud technology landscape. The Cyber & Cloud Congress North America promises to be a knowledge-packed, innovative, and engaging event for all those interested in Cyber Security and Cloud technology, but also the newest technology solutions, products and services that will be showcased during the event. “We are thrilled to have such an outstanding group of speakers joining us for the Cyber & Cloud Expo,” said Lia Richards, Head of Conference. “With their diverse backgrounds and extensive experience, they will bring a wealth of knowledge and insights to our attendees. We look forward to hearing their perspectives on the most pressing issues facing the industry today”. WHAT ELSE TO EXPECT? Over the course of two days at Cyber Security & Cloud Congress North America attendees will have a great number of opportunities to visit exhibition stalls and connect with the representatives of some of the world’s biggest brands including IBM, IDC, Bosh, AWS, Zoho and many more, all implementing the latest in Cyber Security & Cloud technologies within their sectors. Paying attendees will also have a chance to join the networking party event following Day 1 of the conference, where all will be able to connect and network in a more relaxed setting, with free food and drinks provided. This opportunity is open for Gold and Ultimate Pass Holders, Speakers, Press, Sponsors, and Exhibitors. Find out more information here: Early-bird registration offering 25% discount of the full ticket price is open until 17th April, and interested attendees are encouraged to secure their tickets before the offer ends to avoid missing out on this exciting opportunity. Follow this link to discover ticket types and prices: About TechEx Events Ltd The TechEx Event portfolio is an international conference and tech showcasing cutting-edge tech innovation in enterprise. Featuring real-life use cases and in-depth industry insights, the event series delves into the AI, Big Data, Blockchain, Cyber Security, 5G, IoT and Edge Computing ecosystems. Running for over six years, our co-located events strengths lie within our expert community. We bring the heroes responsible for pushing game changing tech and strategy together, to craft relationships and creative solutions. We are the place where networking never stops – The one-stop-shop for enterprise innovators.

Read More


Answer the Demand for Certified Professionals Prepping for an (ISC)² credential, like the CISSP, is a big commitment. Maybe you’ve started, but life got in the way of your goal… We get it. That’s why we created the (ISC)² Exam Action Plan to help keep you on track for success. Because we need talented, skilled people like you w