Darktrace is expanding its ActiveAI Security Platform with new features. These are designed to provide greater insight into complex cyberattacks and improve collaboration between network and endpoint security. The British security provider is introducing the NEXT agent, which brings together network and endpoint data using self-learning AI.
This NEXT agent (Network Endpoint eXtended Telemetry) is the first system to combine network packets and endpoint processes within a single AI model. This should enable security analysts to trace the origin of an attack within seconds, where previously it could take hours and require multiple tools. Where network security normally only sees unusual connections, Darktrace now also immediately shows which process on which device caused that connection. This makes it easier to spot things like misuse of legit software, use of built-in Windows tools in “living off the land” attacks, and unauthorized software use.
Read also: OT security: how AI is both a threat and a protector
The information collected by the NEXT agent feeds Darktrace’s Cyber AI Analyst. This AI system analyzes data from various domains, from network and endpoint to cloud, SaaS, identity, and email, and links them together to recognize unknown threats. The technology is designed to help analysts respond faster and with more context, without the need for manual correlation or integrations with external data sources.
Containing zero-days faster
Darktrace / NETWORK also gains new capabilities, including improved integrations with firewalls and support for automatic responses in complex and segmented networks. According to the company, this will enable attacks, including zero-days, to be contained more quickly. Darktrace even claims that the solution is capable of isolating zero-day threats up to eight days before their public disclosure.
For organizations with industrial systems, Darktrace/OT has been further expanded. The update introduces greater insight into operational risks and offers real-time modeling of attack paths. In addition, IT and OT teams can collaborate more effectively thanks to dashboards tailored to their specific needs. Additional support for GE and Mitsubishi protocols increases visibility in industrial environments, while integration with ServiceNow aids management and compliance.
Darktrace is also improving its vulnerability management capabilities. The Attack Surface Management and Proactive Exposure Management tools now link external exposures to internal network context, enabling security teams to better assess which risks are truly critical. They can also perform automatic penetration tests against known vulnerabilities and detect leaked credentials on the dark web.
For large organizations and MSSPs, Darktrace is launching the ActiveAI Security Portal, a central environment for managing all Darktrace implementations. The portal offers a single login, uniform rights structures, and API management, making security at scale easier.
According to Darktrace, this step helps companies respond more quickly to threats that spread across different IT domains. Where traditional security often provides separate pieces of the puzzle, Darktrace aims to offer a complete picture of what is happening within the digital ecosystem with these innovations.