Research

Attack Path Modeling Research

This paper outlines Darktrace's Attack Path modeling (APM) capabilities, exploring how real-time, automated, dual-aspect, multi-data-source, end-to-end APM can be used to give blue teams a comprehensive view of realistic, risk-prioritized attack paths so that resources can be best allocated to defend key assets.

Download this research paper

It is well known that the cyber security industry is both talent and resource starved. It is therefore critical that cyber security blue teams prioritize the defense of their networks to ensure maximum protection per unit cost. While red teams can provide insight into where effort and resource should be most immediately applied, the exercises themselves are often costly, nonexhaustive and infrequently run.

In this paper, the Attack Path modeling (APM) module of the Darktrace Prevent Framework is outlined. This technology sits at the core of the Darktrace Prevent product family, offering a real-time, automated, dual-aspect, multi-data-source, end-to-end attack-path-modeling capability. This module in particular, is designed to give blue teams a comprehensive view of realistic, risk-prioritized attack paths so that resources can be best allocated to defend key assets. As a proactive risk-reducing approach, this technology builds on Darktrace Self-Learning AI, an “engine” that produces continuously updated data for all assets across the entire digital domain.

In this paper, the internal aspect of the network takes the primary focus. Greater detail on other areas of the Darktrace Prevent product family will be discussed in separate, forthcoming literature.

Researcher
No items found.
Research Abstracts
Rapid Process-Chain Anomaly Detection Using a Multistage Classifier
Sorting long lists of file names by relevance and sensitive content
A system for analyzing network activity to detect stealthy cryptocurrency mining
Autonomous detection of the intended function of a corporate inbox through meta-scoring
Using epidemiology theory to identify the most damaging network devices
Automatic Identification of Scanned IP Ranges
A real-time, self-correcting similarity classifier for emails
Using graph theory to identify critical nodes within computer networks
Analyzing network activity to detect compromised devices sending spam emails
Detecting and preventing misdirected emails with correspondence semantics
AI Research Centre

Backed in Research.

In existence since Darktrace’s inception in 2013, the Darktrace AI Research Centre is foundational to our continued innovation. Rather than a defined product roadmap, the Centre looks at how AI can be applied to real-world challenges, to find solutions that cannot be achieved by humans alone.

Visit our AI Research Centre