Darktrace, a global leader in cyber security AI, announced significant upgrades to its flagship Cyber AI analyst product, which now intelligently groups incidents to encompass the life cycle of complex compromises as they develop and progress across various entities within a company's digital estate. In addition, Cyber AI analysts now treat incidents as 'open investigations,' with fresh supporting evidence being added to ongoing cases on a regular basis.
Cyber AI analyst's open investigation piece together cross-entity incidents, so a SaaS account takeover can now be linked back to the same compromised credentials used on a local device. In addition, Cyber AI analyst's open investigations are known for augmenting human analysts by continuously investigating to surface and prioritize the most critical incidents. This procedure is similar to open criminal investigations, in which a single piece of evidence can link two seemingly unconnected crimes.
With ever-growing, distinct digital estates, it's vital that cyber AI analyst investigations are tailored to their specific circumstances rather than following a one-size-fits-all paradigm with pre-programmed investigative strategies. AI analyst's on-the-fly technical approach to investigations allows it to identify the needle in a thousand haystacks, which could be essential in linking different compromises.
Our Cyber AI Research Centre focused on identifying ways to piece together seemingly disparate activity from different sources and entities to closely tie multiple possible indicators of compromise."
Dr. Tim Bazalgette, Research, and Development Product Lead, Darktrace.
Cyber AI analysts open investigations can be run manually by a human member of the security team or triggered automatically by a third party event, such as an alert ingested directly from another security solution, to validate and further contextualize their detections and decisions, in addition to continuously running based on directly observed events. Furthermore, investigations are immediately connected into human and technological ecosystems for consumption, whether through the Darktrace UI, exportable results, or third-party technologies like SIEMs and ticketing systems.