Press Release
Updated statement regarding LockBit claims
We have completed a thorough security investigation following yesterday’s tweets by LockBit claiming they had compromised Darktrace’s internal systems. We can confirm that there has been no compromise of our systems or any of our affiliate systems. Our service to our customers remains uninterrupted and is operating as normal and no further action is required.
Press Release
Statement regarding LockBit claims
Earlier this morning we became aware of tweets from LockBit, the cyber-criminal gang, claiming that they had compromised Darktrace’s internal security systems and had accessed our data. Our security teams have run a full review of our internal systems and can see no evidence of compromise. None of the LockBit social media posts link to any compromised Darktrace data. We will continue to monitor the situation extremely closely, but based on our current investigations we are confident that our systems remain secure and all customer data is fully protected.
Press Release
Darktrace HEAL™ Brings Industry First AI-Enabled Capabilities to Transform Incident Response, Readiness and Recovery
- Security teams can now address more emerging, potentially critical incidents earlier, with more confidence.
- HEAL completes Darktrace’s Cyber AI Loop, delivering resilience throughout the cyber lifecycle from prevention, to detection, to response, and now to recovery.
Darktrace today announces the launch of Darktrace HEAL™, its AI-enabled product to help businesses more effectively prepare for, rapidly remediate, and recover from cyber-attacks. HEAL provides security teams with unique abilities to simulate real attacks within their own environments, create bespoke incident response plans as cyber incidents unfold, and automate actions to rapidly respond to and recover from those incidents.
Managing emerging cyber-attacks presents an enormous challenge for security teams who must make decisions quickly in the heat of the attack based on potentially hundreds of changing and uncertain data points and factors. In a recent ransomware incident[1], analysts would have needed around 60 total hours of investigative work to build a complete understanding of the full scope and varied details, yet the malicious activity unfolded across just 10 hours. The pressure and complexity facing these teams is only poised to grow as generative AI tools enable attackers to increase the speed, scale, and sophistication of novel attacks. With the global average cost of a data breach reaching $4.35 million in 2022[2], the financial, operational and reputational stakes for businesses to remediate and recover quickly are high.
HEAL leverages Darktrace’s Self-Learning AI to give security teams new abilities designed to build cyber resilience and help them more easily and confidently address live incidents. With HEAL, security teams can:
- Simulate real-world cyber incidents, allowing teams to prepare for and practice their response to complex attacks on their own environments.
- Create bespoke, AI-generated playbooks as an attack unfolds based on the details of their environment, the attack, and lessons learned from their previous simulations. This reduces information overload, prioritizes actions, and enables faster decision-making at critical moments.
- Automate actions from the response plan to rapidly stop and recover from the attack within the HEAL interface.
- Create a full incident report, including an audit trail of the incident response with details of the attack, actions HEAL suggested, and actions taken by the security team for future learning and to support compliance efforts.
Transforming Readiness with Incident Simulations
HEAL’s simulated incidents are a first-of-its-kind capability for security teams to safely run live simulations of real-world cyber-attacks ranging from data theft and ransomware encryption, to rapid worm propagation, all in their own environments and involving their own assets. Security teams are expected to flawlessly manage incident response in the face of a live, rapidly unfolding, often novel attack, usually without any realistic practice. HEAL enables teams to get real-world experience managing attacks as they would happen to the business and regularly practice these procedures to help fine tune their responses. That means teams aren’t running their incident response for the first time in the face of a real, live attack.
Transforming Incident Response with Bespoke, AI-Generated Playbooks
When a live incident does occur, HEAL will use insights from Darktrace DETECT™ to create a picture of the attack and a bespoke, AI-generated, response playbook, built from Darktrace’s knowledge of the incident, the business’s environment, and lessons learned from the security team’s previous simulations. HEAL recommends the priority order for remediation actions based on factors like further damage the compromised asset can cause, how much the attack is relying on that asset as a pivot or entry point, and its importance to the business. Consequently, security teams can adapt their defenses as an incident evolves, enabling them to end it more rapidly and with less overall disruption.
“The reality is that sets of manual incident response playbooks don’t last very long. These days they may be outdated 24 hours after they are created, because the cyber landscape is just changing so rapidly. We constantly have to revise them because there are so many things we may not be thinking of. Moreover, these playbooks assume you have a controlled environment, which is not the case when an attack occurs. Utilizing Darktrace’s AI solutions really ends the need for these coarse static playbooks,” adds Neal Mohammed, Head of Technology at real estate leader Rudin Management.
Transforming Recovery with Automated Remediation & Reporting
HEAL further enables security teams to quickly and efficiently manage and recover from live incidents by integrating with a variety of tools in a business’s wider security stack to automate actions. Within HEAL’s live playbooks, teams can activate and manage authorized tools from across their environment, from a single interface with a click of a button. At launch, HEAL will integrate with Microsoft Defender for Endpoint, Intune, Microsoft 365, Veeam®, and Acronis.
HEAL provides security teams with automated incident reports during and after an attack, giving teams valuable time back that is normally spent writing detailed updates. The reports provide analysis of the attacker and security team actions, decisions, containment, and recovery information to keep stakeholders updated as an event unfolds. After an attack, this can offer essential compliance information to third parties such as forensics teams, insurance providers, and legal teams and can be used to assist with reviews and learning lessons from the attack and the response.
Closing the Cyber AI Loop
HEAL works with DETECT and Darktrace PREVENT™ to build a live picture of the environment and attack, and integrates with Darktrace RESPOND™ to prioritize, isolate, and heal key assets to cut off and shorten attacks. Its introduction closes Darktrace’s Cyber AI Loop, bringing together DETECT, PREVENT, RESPOND, and HEAL into a single platform in which each element draws insights from and continuously reinforces the others to create a best-in-class cyber defense.
Jack Stockdale, Chief Technology Officer, Darktrace comments: “At Darktrace, we build technology by looking at where AI can be the most valuable in augmenting the people in a security team and how it can have the most positive impact on their work. With HEAL, we’ve turned our attention to cyber resilience. We’re upskilling teams and reducing the overload analysts face during an attack, to help them recover and get back to business faster and more effectively.
“With the closing of Darktrace’s full Cyber AI Loop, security teams can maximize the time and talent of their human teams, enabling them to focus on critical and complex tasks with the knowledge that Darktrace AI is autonomously working in the background to prevent, detect, respond, and heal from cyber-attacks in a continuous, reinforcing loop.”
To learn more about Darktrace HEAL and the Darktrace Cyber AI Loop, register for the launch event on August 3.
About Darktrace
Darktrace (DARK.L), a global leader in cyber security artificial intelligence, is on a mission to free the world of cyber disruption. Breakthrough innovations in our Cyber AI Research Centre in Cambridge, UK have resulted in over 145 patents filed and research published to contribute to the cyber security community. Rather than study attacks, Darktrace's technology continuously learns and updates its knowledge of 'you' and applies that understanding to optimise your state of optimal cyber security. Darktrace is delivering the first ever Cyber AI Loop, fuelling a continuous end-to-end security capability that can autonomously spot and respond to novel in-progress threats within seconds. Darktrace employs over 2,200 people around the world and protects approximately 8,800 customers globally from advanced cyber threats. Darktrace was named one of TIME magazine's 'Most Influential Companies' in 2021. To learn more, visit https://darktrace.com/.
[1] A Black Cat attack on a customer, identified by Darktrace’s Cyber AI Analyst in April 2023
[2] IBM and Ponemon Institute, Cost of a Data Breach 2022: https://www.ibm.com/downloads/cas/3R8N1DZJ
Darktrace HEAL™ Brings Industry First AI-Enabled Capabilities to Transform Incident Response, Readiness and Recovery
cv
Darktrace named a Challenger in first Gartner® Magic Quadrant™ for Email Security Platforms · Evaluated on Completeness of Vision and Ability to Execute Darktrace, a global leader in AI for cybersecurity,today announces that Darktrace / EMAIL™, has been recognized in thefirst ever Gartner Magic Quadrant™ for Email Security Platforms (ESP) as a Challenger. Chris Kozup, Chief Marketing Officer, Darktrace, said of therecognition: “We are extremely proud to have been recognized in the first MagicQuadrant for ESP. We believe the factthat wehave seen such wide scale adoption is testament to the unique way in which wedevelop products to keep our customers safe from even the most sophisticated emailcompromises. We believe our placement reaffirms our dedication to deliveringexceptional customer service, and innovations that safeguard against the emailchallenges of today—and tomorrow.” Darktrace customers consistently acknowledge its exceptional customersupport, delivered by an award-winning[1]service team. Darktrace has the highest percentage of 5-star ratings with a 4.8rating on Gartner® Peer Insights™ out of 249 reviews as on[MW1] 19th December. We feel this unwavering commitment to customersatisfaction is evident in strong renewal rates and accelerated growth inDarktrace / EMAIL over the past few years, gaining almost 5,000 customers sinceits launch in 2019. Darktrace / EMAIL, one of the fastest-growing emailsecurity products on the market, is built on Darktrace’s unique Self-LearningAI, a multi-layered AI engine that leverages different types of AI includingNLP and behavioral analysis to detect threats, instead of traditional securitymeasures such as signatures and sandboxing. This approach enables Darktrace todetect and stop threats like business email compromise attacks and noveltechniques, including some 56% of which passed through customers’ other emailsecurity layers. This pioneering approach has enabled Darktrace to introduce industry-leadingcapabilities such as QR code analysis and automated incident investigations, alongsidedifferentiated functionality to help teams add new depth to their emailsecurity, including: Account take over and Lateral mail account compromise protection. Contributing yet another layer to the AI behavioural profile for each user, security teams can now spot early symptoms of account compromise or malicious insiders before a link or attachment payload is sent, and exfiltration occur Microsoft Teams security with advanced messaging analysis: Advancing beyond simple text analysis to behavioral and natural language content analysis that tracks context across both email and instant messaging to identify the approximately 38% of phishing, sophisticated social engineering and novel insider threats other solutions fail to capture · Drastically improveend user reporting with Cyber AI Analyst narratives: Real-time awareness training capabilities reduce falsepositives in phishing investigations by up to 60% by providing context specificanalysis of each received email to each employee as they interact with their mail.· MailboxSecurity Assistant to increase security team operational efficiency: All forms ofsecondary investigations can now automatically perform advanced behavioralbrowser analysis and stop malicious links within webpages, reducing manualeffort of security analysts to detecting phishing links, and allowing them to remediateup to 70% more malicious phishing links than before.· AI based,autonomous data loss prevention: to immediately protect organizations from misdirected emails,insider threats, and data loss—both classified and unclassified – using userbehavior and dynamic content analysis to determine sensitivity, removing administrativeoverhead from manual expressions and labeling.Marco Cavallo, IT Manager at Darktrace / EMAIL customer Arpa Industries comments:“During the POV, Darktrace / EMAIL showed how specific attacks weresurgically blocked. We realized that other tools wouldn’t have detected thesethreats.” Darktrace / EMAIL is part of Darktrace’s ActiveAI Security Platform™,offering network, cloud, endpoint, identity and operational technologyprotection from a single shared architecture, all built on Darktrace’s uniqueAI engine – providing a strong, integrated approach to threat prevention,detection and response across an organization’s entire digital footprint. Darktrace’s global presence supports a diverse and varied customer base,and adapts proactively to customer pain points of all kinds. Darktrace’sadaptability across all market segments, from SMBs to large enterprisessupports both first time email security buyers and mature email securitystacks. It is able to meet varied security needs with lower setuprequirements, includes capability for advanced depth in configuration and,particularly for mature organizations, can augment existing security providerswith additional protections. Download the fullMagic Quadrant for Email Security Platforms here Resources:· Read more onthe Darktrace Blog· Read more abouthow business email compromise attacks are evolving on The Inference Gartner disclaimersGartner, Magic Quadrant for EmailSecurity Platforms, Max Taggett, Nikul Patel, Franz Hinner, Deepak Mishra, 16December 2024 GARTNER is a registered trademarkand service mark of Gartner and Magic Quadrant and Peer Insights are aregistered trademark, of Gartner, Inc. and/or its affiliates in the U.S. andinternationally and are used herein with permission. All rights reserved.
Gartner Peer Insights content consists of the opinions of individual endusers based on their own experiences with the vendors listed on the platform,should not be construed as statements of fact, nor do they represent the viewsof Gartner or its affiliates. Gartner does not endorse any vendor, product orservice depicted in this content nor makes any warranties, expressed orimplied, with respect to this content, about its accuracy or completeness,including any warranties of merchantability or fitness for a particularpurpose. Gartner does not endorse any vendor,product or service depicted in its research publications and does not advisetechnology users to select only those vendors with the highest ratings or otherdesignation. Gartner research publications consist of the opinions of Gartner’sresearch organization and should not be construed as statements of fact.Gartner disclaims all warranties, expressed or implied, with respect to thisresearch, including any warranties of merchantability or fitness for aparticular purpose. About DarktraceDarktrace is a global leader in AI for cybersecurity that keepsorganizations ahead of the changing threat landscape every day. Founded in2013, Darktrace provides the essential cybersecurity platform protectingorganizations from unknown threats using its proprietary AI that learns fromthe unique patterns of life for each customer in real-time. The DarktraceActiveAI Security Platform™ delivers a proactive approach to cyber resiliencewith pre-emptive visibility into security posture, real-time threat detection,and autonomous response – securing the business across cloud, email,identities, operational technology, endpoints, and network. Breakthroughinnovations from our R&D teams in Cambridge, UK, and The Hague, Netherlandshave resulted in over 200 patent applications filed. Darktrace’s platform andservices are supported by over 2,400 employees around the world who protectnearly 10,000 customers across all major industries globally. To learn more,visit http://www.darktrace.com. ----
[1] Darktrace wins two Globeeawards for excellent customer service [PressRelease] [MW1]shouldthis be 'of'
About Darktrace
