The new platform is designed to visualize and investigate security incidents in cloud, email, network, endpoint, identity, and OT environments.
To do this, the ActiveAI Security Platform uses an AI engine. This analyzes a company’s data to learn about the organization. Based on this, the engine can determine what is normal behaviour and what is not. This helps detect and block known and emerging threats without disrupting business operations.
Cyber AI Analyst
Darktrace also equips the ActiveAI Security Platform with the Cyber AI Analyst. This component reports the results of investigations for each security alert. This helps security analysts understand how the AI reached a conclusion and why escalation was or was not necessary. In addition, the Cyber AI Analyst can be customized to perform investigations based on a company’s unique needs. For example, it can investigate activities based on third-party information.
The Cyber AI Analyst’s AI is trained to simulate how human security analysts conduct investigations. According to Darktrace, it is unique because it automatically examines each alert and then autonomously selects and executes a response action.
Decryption and firewall rules
Darktrace also adds integrations with third-party network solutions to the ActiveAI Security Platform to provide decrypted traffic feeds and decryption keys for better network visibility. It also includes native decryption of Windows and Mac applications, including Internet browsers.
Finally, Darktrace PREVENT/End-to-End, which helps increase security levels, is part of the new platform. This component now includes analysing firewall rules and providing a comprehensive view of potential unauthorized transit points or attack paths within IT, OT or in between. It can also identify risks in the configuration.
The ActiveAI Security Platform is scheduled to be available in the near future, within days or weeks.
Tip: Darktrace: Sharp rise in number of novel social engineering attacks