Darktrace aims to expand into ‘proactive’ security AI by end of year | #cybersecurity | #cyberattack | #education | #technology | #infosec

Darktrace plans to expand its AI-powered security offerings to include attack prevention by the end of 2021, the company told VentureBeat.

On Tuesday, executives from the company described plans for upcoming product updates that will expand the Darktrace portfolio to include proactive security AI capabilities, joining the company’s detection and response technologies.

The upcoming launch of “prevent” capabilities will extend Darktrace “into the offensive area for the first time ever,” said Nicole Eagan, chief strategy officer and AI officer at Darktrace, while speaking at the virtual Gartner Security & Risk Management Summit – Americas conference on Tuesday.

In a statement provided to VentureBeat, Eagan said that “development of this breakthrough innovation known as our ‘prevent’ capability is on track, and we expect this to be released to early adopters by the end of this calendar year.”

Founded in 2013, the Cambridge, U.K.-based firm went public in April and now has a market capitalization of $4.25 billion.

Security AI growth

While Darktrace is a pioneer in the realm of security AI with its self-learning technology for detecting and responding to cyber threats, the company is now part of a fast-growing field of companies that are turning to AI and machine learning to counter increasingly sophisticated cyber threats.

Startups getting major traction in the space include Securiti, Vectra AI and Salt Security, while cybersecurity giants such as Fortinet, Palo Alto Networks and Microsoft have invested heavily into AI-based security. Today, for instance, Palo Alto Networks unveiled a cloud security platform that taps ML and AI to enable many of its new capabilities, such as improved data loss prevention.

Alongside its growth, Darktrace has also demonstrated the potential for AI-powered security with responses to high-profile cyber incidents, such as an incident this summer at the Olympic Games in Tokyo.

There, Darktrace identified a malicious Raspberry Pi IoT device that an intruder had planted into the office of a national sporting body directly involved in the Olympics. The company’s technology detected the device port scanning nearby devices, blocked the connections, and supplied human analysts with insights into the scanning activity so they could investigate further.

But even with outcomes like that, there is much more that Darktrace’s security AI technology can do, company executives said during the conference Tuesday.

During “all the time that you aren’t actually under attack,” a customer could be using the Darktrace technology in order to prevent future attacks, Eagan said.

The company’s self-learning AI has “an immense amount of insights” from a customer’s data, she said. “We could use this data to help you move from a reactive state to a proactive, and even an adaptive, state.”

Attack path modeling

Specifically, Darktrace is looking at capabilities that include attack path modeling, which in the past has typically been a “human-centric” capability, said Max Heinemeyer, director of threat hunting at Darktrace, during the conference session.

With the self-learning AI technology, Darktrace knows a customer’s digital estate inside and out, he said. The technology knows what type of data is being accessed, how it’s being accessed, what types of emails are being sent, what variety of internet-facing systems a customer has, and whether there is shadow IT in the environment, Heinemeyer said.
This could provide customers with potential attack paths that they otherwise would never have been able to figure out, he said.

The Darktrace system could proactively tell a customer, “this is your core crown jewel, based on what we see—and it’s actually just two hops from this new [employee] to one your IT administrators to compromise that,” Heinemeyer said. “And that could be one of thousands of possible attack pathways. So we can really have an impact in telling you where your risks lie, and where your most vulnerable paths are, without having to predefine everything and try to tell the system what your environment looks like. That situational awareness, that context, comes with the self-learning AI.”

In this scenario, Darktrace would be able to then feed that knowledge back into the detection and response side of the product, “wrapping a safety blanket around these critical assets,” he said.

Other “prevent” capabilities in development at Darktrace include AI-powered red teaming to automatically test security controls, company executives said.

“Continuous AI loop”

Eventually, the goal is for Darktrace’s expanded security AI offerings to “form a continuous AI loop that’s always improving your overall cyber posture,” Eagan said.

The plan even further down the road is to bring AI-driven recovery capabilities after an attack, she said.

“We feel that we’re very well positioned to be able to actually help in that recovery,” Eagan said. “Our vision is really to be able to help you do the cleanup very quickly—bring the organization back to its normal state of business operations.”

Ultimately, she said, Darktrace sees each of its AI systems “reinforcing the other, minimizing any impacts of any breach or attack in real-time, and allowing the AI to preemptively lower your risk.”