Blog
/
/
October 30, 2019

Previewing the 2020 Data Protection Landscape

Default blog imageDefault blog imageDefault blog imageDefault blog imageDefault blog imageDefault blog image
30
Oct 2019
To achieve compliance in 2020, human teams need artificial intelligence to make sense of their dynamic digital estates.

From credit card details and medical records, through to private conversations and even dating preferences, the modern consumer entrusts an unprecedented number of organizations with their most sensitive information, hoping against hope that it will be stored on the digital equivalent of Fort Knox.

The reality, however, is that robust data privacy has thus far proven elusive. Almost 13 billion records were breached over the last two years — including from Facebook, Google, and the US Postal Service — demonstrating once again that no network perimeter can keep motivated attackers at bay.

For governments whose principal responsibility is to safeguard their citizens, implementing a strong data protection regime is therefore as challenging as it is critical. At a time when cyber-criminals find vulnerabilities in the most ostensibly airtight systems, these regulators have tended to shy away from mandating concrete security practices, since no one can anticipate which measures will repel the next unpredictable attack. Instead, most data protection laws default to ambiguous calls for “reasonable,” “adequate,” or “appropriate” cyber defenses — language that arguably renders any breached company noncompliant by definition.

While such ambiguity makes prediction pieces like this one speculative to some extent, the coming year will almost certainly witness both an increase in data protection laws around the world as well as a less forgiving interpretation of their requirements. Ultimately, as governments attempt to address growing public concern over data privacy, the mere fact of having suffered a breach could be seen as grounds for significant fines. Avoiding these fines — and doing right by one’s customers — entails assuming that the bad guys will inevitably get past the perimeter.

Figure 1: Noncompliance penalties are only getting larger as the 2020s near. Data source: CSO.

GDPR goes global

The EU’s adoption of the General Data Protection Regulation (GDPR) in April 2016 was the watershed moment in the history of data protection legislation. Its enumeration of individual privacy rights, its 72-hour breach notification requirement, and its broad data protection directives continue to serve as a blueprint for countless others, such as Brazil’s General Data Protection Law (LGPD), Thailand’s Personal Data Protection Act (PDPA), and the California Consumer Privacy Act (CCPA). All three of these regulations become enforceable in 2020, with major ramifications for companies worldwide.

Brazil’s law, which will go into effect on August 15, 2020, is modeled closely after GDPR. Like GDPR, the law applies to all companies that handle the personal data of any of Brazil’s 210 million residents — regardless of where these companies themselves are headquartered. Also like GDPR, of course, the LGPD’s security clauses are open to interpretation. The law compels data handlers to “adopt security, technical, and administrative measures able to protect personal data from unauthorized access,” taking into account “the current state of technology.”

The PDPA in Thailand — effective starting on May 27, 2020 — is similarly vague in mandating unspecified security measures. It parts company, however, in that violators face the possibility of criminal prosecution and even imprisonment for up to one year, in addition to civil damages. Organizations classified as Critical Information Infrastructure (CII), including banks, telecoms, utilities, and hospitals, are regulated under Thailand’s separate Cybersecurity Act and its slightly more detailed obligations.

Figure 2: New GDPR-inspired laws like Brazil’s will turn this map increasingly blue. Image source: DLA Piper.

In California, meanwhile, the CCPA will enforce noncompliance penalties of up to $750 per consumer per incident beginning on the first day of 2020, which could result in multibillion-dollar fines in the case of large-scale breaches. Such precise provisions indicate that GDPR-style legislation is more than a symbolic step toward data protection. And yet, as of August 2019, only 2% of companies reported that they were fully compliant with CCPA, perhaps because, according to a state-commissioned study, California firms will be forced to shell out $55 billion on just their initial compliance efforts.

Checkmate for checkbox compliance

Between the hundreds of data protection fines levied under GDPR and analogous laws, the common thread is that penalized companies are deemed to have suffered a preventable breach. For instance, in the aftermath of the 2017 Equifax compromise that exposed the personal information of more than 140 million consumers, the company was found to have been in violation of the FTC Safeguards Rule, which compelled it to adopt security measures “appropriate to [the] size and complexity” of its digital infrastructure. The US government concluded that the incident was “entirely preventable” had Equifax performed a “routine” security update on the impacted database — an oversight that precipitated at least $1.4 billion in total damages.

However, a closer inspection reveals challenges far deeper than just a simple oversight. Equifax did indeed scan its network for vulnerabilities, but the automated scanner it used was not properly configured to search all of its assets. The truth is that these kinds of misconfigurations and blind spots are a symptom of the conventional approach to cyber security itself, an approach reliant on humans to adjust and monitor a vast array of siloed security tools. In the context of cloud environments designed to be dynamic and IoT devices that are often unbeknownst to the security team, there is nothing routine about defending the “size and complexity” of the modern enterprise.

The upshot of all these new laws, requirements, and fines is that the days of mere checkbox compliance are over. Breached companies can no longer throw up their hands and point to the list of perimeter security tools they had in place, particularly because attackers largely exploit user errors and misconfigurations that — while inevitable — also appear preventable in a vacuum. Rather, to achieve compliance in 2020, human teams need artificial intelligence to make sense of their dynamic digital estates. By learning how each unique user and device normally functions while ‘on the job’, such Cyber AI detects threats that are already inside the perimeter — before they cost the company in court.

Inside the SOC
Darktrace cyber analysts are world-class experts in threat intelligence, threat hunting and incident response, and provide 24/7 SOC support to thousands of Darktrace customers around the globe. Inside the SOC is exclusively authored by these experts, providing analysis of cyber incidents and threat trends, based on real-world experience in the field.
Author
Justin Fier
SVP, Red Team Operations

Justin is one of the US’s leading cyber intelligence experts, and holds the position of SVP, Red Team Operations at Darktrace. His insights on cyber security and artificial intelligence have been widely reported in leading media outlets, including the Wall Street Journal, CNN, The Washington Post, and VICELAND. With over 10 years’ experience in cyber defense, Justin has supported various elements in the US intelligence community, holding mission-critical security roles with Lockheed Martin, Northrop Grumman Mission Systems and Abraxas. Justin is also a highly-skilled technical specialist, and works with Darktrace’s strategic global customers on threat analysis, defensive cyber operations, protecting IoT, and machine learning.

Watch the NIS2 Webinar
Book a 1-1 meeting with one of our experts
Get in touch
Share this article
Trending blogs
1
Our Annual Survey Reveals How Security Teams Are Adapting to AI-Powered Threats
Mar 4, 2025
2
Darktrace Releases Annual 2024 Threat Insights
Feb 19, 2025
3
From Hype to Reality: How AI is Transforming Cybersecurity Practices
Feb 10, 2025
4
From Containment to Remediation: Darktrace / CLOUD & Cado Reducing MTTR
Mar 6, 2025
5
RansomHub Ransomware: Darktrace’s Investigation of the Newest Tool in ShadowSyndicate's Arsenal
Jan 14, 2025

More in this series

No items found.

Blog

/

Cloud

/

April 2, 2025

Fusing Vulnerability and Threat Data: Enhancing the Depth of Attack Analysis

Default blog imageDefault blog image

Cado Security, recently acquired by Darktrace, is excited to announce a significant enhancement to its data collection capabilities, with the addition of a vulnerability discovery feature for Linux-based cloud resources. According to Darktrace’s Annual Threat Report 2024, the most significant campaigns observed in 2024 involved the ongoing exploitation of significant vulnerabilities in internet-facing systems. Cado’s new vulnerability discovery capability further deepens its ability to provide extensive context to security teams, enabling them to make informed decisions about threats, faster than ever.

Deep context to accelerate understanding and remediation

Context is critical when understanding the circumstances surrounding a threat. It can also take many forms – alert data, telemetry, file content, business context (for example asset criticality, core function of the resource), and risk context, such as open vulnerabilities.

When performing an investigation, it is common practice to understand the risk profile of the resource impacted, specifically determining open vulnerabilities and how they may relate to the threat. For example, if an analyst is triaging an alert related to an internet-facing Webserver running Apache, it would greatly benefit the analyst to understand open vulnerabilities in the Apache version that is running, if any of them are exploitable, whether a fix is available, etc. This dataset also serves as an invaluable source when developing a remediation plan, identifying specific vulnerabilities to be prioritised for patching.

Data acquisition in Cado

Cado is the only platform with the ability to perform full forensic captures as well as utilize instant triage collection methods, which is why fusing host-based artifact data with vulnerability data is such an exciting and compelling development.

The vulnerability discovery feature can be run as part of an acquisition – full or triage – as well as independently using a fast ‘Scan only’ mode.

Figure 1: A fast vulnerability scan being performed on the acquired evidence

Once the acquisition has completed, the user will have access to a ‘Vulnerabilities’ table within their investigation, where they are able to view and filter open vulnerabilities (by Severity, CVE ID, Resource, and other properties), as well as pivot to the full Event Timeline. In the Event Timeline, the user will be able to identify whether there is any malicious, suspicious or other interesting activity surrounding the vulnerable package, given the unified timeline presents a complete chronological dataset of all evidence and context collected.

Figure 2: Vulnerabilities discovered on the acquired evidence
Figure 3: Pivot from the Vulnerabilities table to the Event Timeline provides an in-depth view of file and process data associated with the vulnerable package selected. In this example, Apache2.

Future work

In the coming months, we’ll be releasing initial versions of highly anticipated integrations between Cado and Darktrace, including the ability to ingest Darktrace / CLOUD alerts which will automatically trigger a forensic capture (as well as a vulnerability discovery) of the impacted assets.

To learn more about how Cado and Darktrace will combine forces, request a demo today.

Continue reading
About the author
Paul Bottomley
Director of Product Management, Cado

Blog

/

OT

/

March 28, 2025

Darktrace Recognized as the Only Visionary in the 2025 Gartner® Magic Quadrant™ for CPS Protection Platforms

Default blog imageDefault blog image

We are thrilled to announce that Darktrace has been named the only Visionary in the inaugural Gartner® Magic Quadrant™ for Cyber-Physical Systems (CPS) Protection Platforms. We feel This recognition highlights Darktrace’s AI-driven approach to securing industrial environments, where conventional security solutions struggle to keep pace with increasing cyber threats.

A milestone for CPS security

It's our opinion that the first-ever Gartner Magic Quadrant for CPS Protection Platforms reflects a growing industry shift toward purpose-built security solutions for critical infrastructure. As organizations integrate IT, OT, and cloud-connected systems, the cyber risk landscape continues to expand. Gartner evaluated 17 vendors based on their Ability to Execute and Completeness of Vision, establishing a benchmark for security leaders looking to enhance cyber resilience in industrial environments.

We believe the Gartner recognition of Darktrace as the only Visionary reaffirms the platform’s ability to proactively defend against cyber risks through AI-driven anomaly detection, autonomous response, and risk-based security strategies. With increasingly sophisticated attacks targeting industrial control systems, organizations need a solution that continuously evolves to defend against both known and unknown threats.

AI-driven security for CPS environments

Securing CPS environments requires an approach that adapts to the dynamic nature of industrial operations. Traditional security tools rely on static signatures and predefined rules, leaving gaps in protection against novel and sophisticated threats. Darktrace / OT takes a different approach, leveraging Self-Learning AI to detect and neutralize threats in real time, even in air-gapped or highly regulated environments.

Darktrace / OT continuously analyzes network behaviors to establish a deep understanding of what is “normal” for each industrial environment. This enables it to autonomously identify deviations that signal potential cyber threats, providing early warning and proactive defense before attacks can disrupt operations. Unlike rule-based security models that require constant manual updates, Darktrace / OT improves with the environment, ensuring long-term resilience against emerging cyber risks.

Bridging the IT-OT security gap

A major challenge for organizations protecting CPS environments is the disconnect between IT and OT security. While IT security has traditionally focused on data

protection and compliance, OT security is driven by operational uptime and safety, leading to siloed security programs that leave critical gaps in visibility and response.

Darktrace / OT eliminates these silos by providing unified visibility across IT, OT, and IoT assets, ensuring that security teams have a complete picture of their attack surface. Its AI-driven approach enables cross-domain threat detection, recognizing risks that move laterally between IT and OT environments. By seamlessly integrating with existing security architectures, Darktrace / OT helps organizations close security gaps without disrupting industrial processes.

Proactive OT risk management and resilience

Beyond detection and response, Darktrace / OT strengthens organizations’ ability to manage cyber risk proactively. By mapping vulnerabilities to real-world attack paths, it prioritizes remediation actions based on actual exploitability and business impact, rather than relying on isolated CVE scores. This risk-based approach enables security teams to focus resources where they matter most, reducing overall exposure to cyber threats.

With autonomous threat response capabilities, Darktrace / OT not only identifies risks but also contains them in real time, preventing attackers from escalating intrusions. Whether mitigating ransomware, insider threats, or sophisticated nation-state attacks, Darktrace / OT ensures that industrial environments remain secure, operational, and resilient, no matter how threats evolve.

AI-powered incident response and SOC automation

Security teams are facing an overwhelming volume of alerts, making it difficult to prioritize threats and respond effectively. Darktrace / OT’s Cyber AI Analyst acts as a force multiplier for security teams by automating threat investigation, alert triage, and response actions. By mimicking the workflow of a human SOC analyst, Cyber AI Analyst provides contextual insights that accelerate incident response and reduce the manual workload on security teams.

With 24/7 autonomous monitoring, Darktrace / OT ensures that threats are continuously detected and investigated in real time. Whether facing ransomware, insider threats, or sophisticated nation-state attacks, organizations can rely on AI-driven security to contain threats before they disrupt operations.

Trusted by customers: Darktrace / OT recognized in Gartner Peer Insights

Source: Gartner Peer Insights (Oct 28th)

Beyond our recognition in the Gartner Magic Quadrant, we feel Darktrace / OT is one of the highest-rated CPS security solutions on Gartner Peer Insights, reflecting strong customer trust and validation. With a 4.9/5 overall rating and the highest "Willingness to Recommend" score among CPS vendors, organizations across critical infrastructure and industrial sectors recognize the impact of our AI-driven security approach. Source: Gartner Peer Insights (Oct 28th)

This strong customer endorsement underscores why leading enterprises trust Darktrace / OT to secure their CPS environments today and in the future.

Redefining the future of CPS security

It's our view that Darktrace’s recognition as the only Visionary in the Gartner Magic Quadrant for CPS Protection Platforms validates its leadership in next-generation industrial security. As cyber threats targeting critical infrastructure continue to rise, organizations must adopt AI-driven security solutions that can adapt, respond, and mitigate risks in real time.

We believe this recognition reinforces our commitment to innovation and our mission to secure the world’s most essential systems. This recognition reinforces our commitment to innovation and our mission to secure the world’s most essential systems.

® Download the full Gartner Magic Quadrant for CPS Protection Platforms

® Request a demo to see Darktrace OT in action.

Gartner, Magic Quadrant for CPS Protection Platforms , Katell Thielemann, Wam Voster, Ruggero Contu 12 February 2025

Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

GARTNER is a registered trademark and service mark of Gartner and Magic Quadrant and Peer Insights are a registered trademark, of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved. Gartner Peer Insights content consists of the opinions of individual end users based on their own experiences with the vendors listed on the platform, should not be construed as statements of fact, nor do they represent the views of Gartner or its affiliates. Gartner does not endorse any vendor, product or service depicted in this content nor makes any warranties, expressed or implied, with respect to this content, about its accuracy or completeness, including any warranties of merchantability or fitness for a particular purpose.

Continue reading
About the author
Pallavi Singh
Product Marketing Manager, OT Security & Compliance
Your data. Our AI.
Elevate your network security with Darktrace AI