Darktrace is beta testing a cybersecurity platform that uses its artificial intelligence (AI) engine to map potential attack paths cybercriminals might exploit to gain access to enterprise IT environments.
Nicole Eagan, chief strategy officer and AI officer for Darktrace, told attendees at the Cyber Security Summit in Miami that a forthcoming Darktrace Prevents offering will use algorithms to model how cybercriminals might employ various attack paths to compromise an organization.
Eagan said Darktrace Prevents is expected to become generally available this summer and will also enable organizations to test countermeasures.
Darktrace Prevents is, in part, based on technologies the company gained with the acquisition of Cybersprint B.V., a provider of a tool that employs machine learning algorithms to surface vulnerabilities. It provides an alternative to hiring external security professionals to conduct penetration testing. Rather than conducting those tests once or twice a year, the Cybersprint approach enables organizations to continuously scan their environments for vulnerabilities. That’s critical because IT environments today are more dynamic than ever; most penetration testing reports are outdated within a few days of being filed.
The Cybersprint platform extends the current Darktrace Detect and Respond platform that also uses machine learning algorithms to both discover anomalies indicative of cyberthreats and quarantine those threats in real-time. The Darktrace Detect and Respond platform is based on attack path modeling that uses graphs to surface network nodes. A weighted graph can be used to identify the path of least resistance to key assets to estimate the probability that an adversary will be able to conduct successful lateral movement from node A to node B. That capability provides a realistic assessment in real-time of the attack patterns that will be employed against an organization’s most critical assets.
In effect, the acquisition of Cybersprint extends Darktrace’s goal to provide a continuous cybersecurity AI loop based on machine learning algorithms that learn the IT environment they protect.
It’s not clear to what degree cybersecurity teams are embracing AI just yet. However, as attacks increase in volume and sophistication, AI technologies provide a way to augment chronically understaffed cybersecurity teams. In fact, as IT environments become more extended, it’s unlikely cybersecurity teams will be able to defend every attack surface without the aid of machine learning algorithms.
That said, it’s unlikely AI—in the form of machine learning algorithms—will replace the need for cybersecurity professionals any time soon. However, they will go a long way toward rebalancing a playing field that today is decidedly tilted in favor of the cybercriminal who only need to find and exploit one weakness to be successful. In fact, it’s now more a question of the degree to which AI will augment overwhelmed cybersecurity professionals who are being attacked from all sides.