Q1. What new features and capabilities has Darktrace integrated into its recently launched ActiveAI Security Platform? In what way does it help organizations improve their overall security posture?
The rise of automation and cybercrime-as-a-service is increasing the speed, sophistication, and success of cyber-attacks. Multi-stage and multi-domain attacks are now widely used by adversaries, who take advantage of a lack of visibility and siloes to move undetected between systems. AI is already beginning to amplify these threats and increasing the challenge of cybersecurity for organizations globally. In fact, our latest research found that 74% of security professionals believe AI-augmented cyber threats are already having a significant impact on their organization, yet 60% believe they are currently unprepared to defend against these attacks. We introduced the Darktrace ActiveAI Security Platform to help organizations increase their readiness for this next phase of threats and to help security teams use AI effectively to transform security operations from a reactive to a proactive state.
Before I share an overview of what we launched this spring, I think it’s important to share what hasn’t changed. At the heart of the platform is our unique AI engine. Darktrace applies multiple types of AI directly to the data of each business to continuously learn an organization’s unique operations to understand what is normal and what is not. As our approach doesn't rely on existing threat data, our AI detects known, unknown, and novel threats in real-time and can provide an autonomous response to contains threats without disrupting business operations.
The platform includes our core detection and autonomous response capabilities as well as our pre-breach prevention, attack simulation and recovery capabilities in a single, holistic solution with a common AI architecture. The new innovations we’ve released within the platform provide more complete visibility across the enterprise and help illuminate any security gaps. Our goal is to help free up security teams so they can focus on more strategic tasks. Some of the new features that I’m most excited about include:
- Darktrace Cyber AI Analyst, our unique investigative AI, operates across the platform and now provides more explainable, automated, and customizable investigations for all alerts – even those not escalated to an incident.
- Enhancements to Darktrace/Email use AI to stop early-stage phishing, spot early symptoms of account compromise across a broader range of communications and increase SOC efficiency.
- New features in Darktrace/OT provide the most realistic evaluation and prioritization of OT risk, helping teams understand where their time will have the most impact.
We designed the Darktrace ActiveAI Security Platform to bring machine speed and scale to some of the most time-intensive, error-prone, and psychologically draining components of cybersecurity, helping humans focus on the value-added work that only they can provide. By freeing up resources for more strategic tasks, organizations can focus on not only improving overall security posture but building overall cyber resilience. I am inspired by the impact we’ve already seen on our customers, who are saving time with our autonomous detection, response, and investigation, allowing their teams to focus resources on proactively reducing cyber risk and incident preparation training.
Q2. What are some of the challenges and considerations that organizations need to keep in mind when integrating AI into existing security operations and processes? How does Darktrace's approach help in this regard?
For more than a decade, Darktrace has applied AI to transform security operations (SecOps) for thousands of customers. We’ve seen first-hand the many benefits that an effective human-AI oration can have on business operations. However, organizations must understand that not all AI is created equal, and it is critical to use the right types of AI, trained on the right data and applied to the right security problems.
There are a number of questions organizations should consider when looking to implement AI into their existing SecOps and processes: What are the strengths and limitations of this specific approach? Is the model pre-trained on a set of data or is it continually learning? If the data is pre-trained, how often does the vendor retrain or update it? What measures have been put in place to ensure that data is private and secure, as well as what measures have been put in place to prevent bias and data poisoning?
In addition to this, organizations must understand if the AI – or any automation – is effectively augmenting and or transforming SecOps processes to uplift their teams. Our own Cyber AI Analyst is a good example of this – it uses AI trained to mirror how human security analysts conduct investigations and automatically investigates every alert to completion. This frees up significant resources in the SecOps process to spend on higher-impact tasks than alert triage.
It’s worth remembering that AI isn’t a silver bullet that will automatically improve SecOps – the right combination of people, processes and technology are all required to create an impactful partnership. Organizations must consider how AI impacts processes and people, and what needs to be adjusted to ensure the best results. For example, our AI can help lower the barrier to entry for common SecOps tasks, like threat detection and response, allowing a small, less skilled security team to do the job of a bigger, much higher-skilled security team with Darktrace's ActiveAI Security Platform augmenting it.
Q3. What insights and innovations does Darktrace plan to highlight at Black Hat USA 2024? What do you hope customers and other organizations will take away about Darktrace from the event?
At Black Hat USA 2024, AI will undoubtedly be the hot topic of conversation. However, according to our latest research, only 26% of security professionals report a full understanding of the different types of AI in use within security products. As organizations increasingly look to implement AI, we look forward to helping demystify AI and its use cases in cyber for our customers using our learnings from over a decade of applying AI to the challenge of cybersecurity.
Black Hat is also a great opportunity for the community to share key insights on the evolving threat landscape, and we’re looking forward to being a part of that dialogue. We are already seeing signs of how AI, cybercrime-as-a-service and other emerging technologies are impacting the threat landscape. There has never been a more important time for these discussions, with more people going to the polls globally this year than ever before, the 2024 Paris Olympics convening millions of people, and important discussions on AI safety and security happening around the world.
We hope our customers and others leave Black Hat understanding why moving from a reactive to proactive stance is critical for defenders to stay one step ahead. This, however, is often easier said than done so we hope to help customers understand what AI can do – as well as what it can’t do – and identify how that fits into their overall strategy and goals. We want to educate customers and others on how our Darktrace ActiveAI Security Platform can help them transform their security operations from a focus on reactive threat detection to proactive cyber resilience – all within a single, holistic solution across a common AI architecture platform.