RCS - Darktrace PLC - Launch of Darktrace HEAL™

DarktraceAnnouncement

26/07/2023 07:00

For best results when printing this announcement, please click on link below:
http://newsfile.refinitiv.com/getnewsfile/v1/story?guid=urn:newsml:reuters.com:20230726:nRSZ2381Ha&default-theme=true

RNS Number : 2381H  Darktrace PLC  26 July 2023

Darktrace HEAL™ Brings Industry First AI-Enabled Capabilities to Transform
Incident Response, Readiness and Recovery

·    Security teams can now address more emerging, potentially critical
incidents earlier, with more confidence.

·    HEAL completes Darktrace's Cyber AI Loop, delivering resilience
throughout the cyber lifecycle from prevention, to detection, to response, and
now to recovery.

 

July 26(th), 2023, Cambridge UK - Darktrace today announces the launch of
Darktrace HEAL™, its AI-enabled product to help businesses more effectively
prepare for, rapidly remediate, and recover from cyber-attacks. HEAL provides
security teams with unique abilities to simulate real attacks within their own
environments, create bespoke incident response
(https://darktrace.com/products/heal) plans as cyber incidents unfold, and
automate actions to rapidly respond to and recover from those incidents.

Managing emerging cyber-attacks presents an enormous challenge for security
teams who must make decisions quickly in the heat of the attack based on
potentially hundreds of changing and uncertain data points and factors. In a
recent ransomware incident(( 1 )), analysts would have needed around 60 total
hours of investigative work to build a complete understanding of the full
scope and varied details, yet the malicious activity unfolded across just 10
hours. The pressure and complexity facing these teams is only poised to grow
as generative AI tools enable attackers to increase the speed, scale, and
sophistication of novel attacks. With the global average cost of a data breach
reaching $4.35 million in 2022 2 , the financial, operational and reputational
stakes for businesses to remediate and recover quickly are high.

HEAL leverages Darktrace's Self-Learning AI to give security teams new
abilities designed to build cyber resilience and help them more easily and
confidently address live incidents. With HEAL, security teams can:

·    Simulate real-world cyber incidents, allowing teams to prepare for
and practice their response to complex attacks on their own environments.

·    Create bespoke, AI-generated playbooks as an attack unfolds based on
the details of their environment, the attack, and lessons learned from their
previous simulations. This reduces information overload, prioritizes actions,
and enables faster decision-making at critical moments.

·    Automate actions from the response plan to rapidly stop and recover
from the attack within the HEAL interface.

·    Create a full incident report, including an audit trail of the
incident response with details of the attack, actions HEAL suggested, and
actions taken by the security team for future learning and to support
compliance efforts.

 

Transforming Readiness with Incident Simulations

HEAL's simulated incidents are a first-of-its-kind capability for security
teams to safely run live simulations of real-world cyber-attacks ranging from
data theft and ransomware encryption, to rapid worm propagation, all in their
own environments and involving their own assets. Security teams are expected
to flawlessly manage incident response in the face of a live, rapidly
unfolding, often novel attack, usually without any realistic practice. HEAL
enables teams to get real-world experience managing attacks as they would
happen to the business and regularly practice these procedures to help fine
tune their responses. That means teams aren't running their incident response
for the first time in the face of a real, live attack.

 

Transforming Incident Response with Bespoke, AI-Generated Playbooks

 

When a live incident does occur, HEAL will use insights from Darktrace DETECT
(https://darktrace.com/products/detect) ™ to create a picture of the attack
and a bespoke, AI-generated, response playbook, built from Darktrace's
knowledge of the incident, the business's environment, and lessons learned
from the security team's previous simulations. HEAL recommends the priority
order for remediation actions based on factors like further damage the
compromised asset can cause, how much the attack is relying on that asset as a
pivot or entry point, and its importance to the business. Consequently,
security teams can adapt their defenses as an incident evolves, enabling them
to end it more rapidly and with less overall disruption.

 

"The reality is that sets of manual incident response playbooks don't last
very long. These days they may be outdated 24 hours after they are created,
because the cyber landscape is just changing so rapidly. We constantly have to
revise them because there are so many things we may not be thinking of.
Moreover, these playbooks assume you have a controlled environment, which is
not the case when an attack occurs. Utilizing Darktrace's AI solutions really
ends the need for these coarse static playbooks," adds Neal Mohammed, Head of
Technology at real estate leader Rudin Management.

 

Transforming Recovery with Automated Remediation & Reporting

HEAL further enables security teams to quickly and efficiently manage and
recover from live incidents by integrating with a variety of tools in a
business's wider security stack to automate actions. Within HEAL's live
playbooks, teams can activate and manage authorized tools from across their
environment, from a single interface with a click of a button. At launch, HEAL
will integrate with Microsoft Defender for Endpoint, Intune, Microsoft 365,
Veeam®, and Acronis.

 

HEAL provides security teams with automated incident reports during and after
an attack,

giving teams valuable time back that is normally spent writing detailed
updates. The reports provide analysis of the attacker and security team
actions, decisions, containment, and recovery information to keep stakeholders
updated as an event unfolds. After an attack, this can offer essential
compliance information to third parties such as forensics teams, insurance
providers, and legal teams and can be used to assist with reviews and learning
lessons from the attack and the response.

 

Closing the Cyber AI Loop

HEAL works with DETECT and Darktrace PREVENT
(https://darktrace.com/products/prevent) ™ to build a live picture of the
environment and attack, and integrates with Darktrace RESPOND
(https://darktrace.com/products/respond) ™ to prioritize, isolate, and heal
key assets to cut off and shorten attacks. Its introduction closes Darktrace's
Cyber AI Loop, bringing together DETECT, PREVENT, RESPOND, and HEAL into a
single platform in which each element draws insights from and continuously
reinforces the others to create a best-in-class cyber defense.

 

Jack Stockdale, Chief Technology Officer, Darktrace comments: "At Darktrace,
we build technology by looking at where AI can be the most valuable in
augmenting the people in a security team and how it can have the most positive
impact on their work.  With HEAL, we've turned our attention to cyber
resilience. We're upskilling teams and reducing the overload analysts face
during an attack, to help them recover and get back to business faster and
more effectively.

 

"With the closing of Darktrace's full Cyber AI Loop, security teams can
maximize the time and talent of their human teams, enabling them to focus on
critical and complex tasks with the knowledge that Darktrace AI is
autonomously working in the background to prevent, detect, respond, and heal
from cyber-attacks in a continuous, reinforcing loop."

 

To learn more about Darktrace HEAL and the Darktrace Cyber AI Loop, register
for the launch event
(http://darktrace.zoom.us/webinar/register/WN_wYt8iyb0Q5e_vQdVf6IkKQ?utm_source=Zoom&utm_medium=pr&utm_campaign=heal-launch)
on August 3.

 

# # #

About Darktrace

Darktrace (DARK.L), a global leader in cyber security artificial intelligence,
is on a mission to free the world of cyber disruption. Breakthrough
innovations in our Cyber AI Research Centre in Cambridge, UK have resulted in
over 145 patents filed and research published to contribute to the cyber
security community. Rather than study attacks, Darktrace's technology
continuously learns and updates its knowledge of 'you' and applies that
understanding to optimise your state of optimal cyber security. Darktrace is
delivering the first ever Cyber AI Loop, fuelling a continuous end-to-end
security capability that can autonomously spot and respond to novel
in-progress threats within seconds. Darktrace employs over 2,200 people around
the world and protects approximately 8,800 customers globally from advanced
cyber threats. Darktrace was named one of TIME magazine's 'Most Influential
Companies' in 2021. To learn more, visit http://www.darktrace.com
(http://www.darktrace.com/) . (http://www.darktrace.com/)

 

 

 

 1  A Black Cat attack on a customer, identified by Darktrace's Cyber AI
Analyst in April 2023

 2  IBM and Ponemon Institute, Cost of a Data Breach 2022:
https://www.ibm.com/downloads/cas/3R8N1DZJ
(https://www.ibm.com/downloads/cas/3R8N1DZJ)

 

This information is provided by Reach, the non-regulatory press release distribution service of RNS, part of the London Stock Exchange. Terms and conditions relating to the use and distribution of this information may apply. For further information, please contact
rns@lseg.com (mailto:rns@lseg.com)
 or visit
www.rns.com (http://www.rns.com/)
.

RNS may use your IP address to confirm compliance with the terms and conditions, to analyse how you engage with the information contained in this communication, and to share such analysis on an anonymised basis with others as part of our commercial services. For further information about how RNS and the London Stock Exchange use the personal data you provide us, please see our
Privacy Policy (https://www.lseg.com/privacy-and-cookie-policy)
.   END  NRAPPUPAMUPWUAQ