An autonomous response solution analyzes events as they are happening, helping to combat zero-day and other threats.
Darktrace, a Cambridge-based cyber defense start-up, recently published a new report highlighting some of the company’s major AI operations.
The company’s autonomous response solution, called Darktrace Antigena, is seen as an evolution on previous forms of cyber security, as it is capable of neutralizing new threats while maintaining normal operations.
Antigena was able to successfully recognize a zero-day trojan, without any prior data on the virus. The solution spotted a highly irregular pattern of activity coming from what looked like a Microsoft file, and was able to contain the virus and remove it within 20 minutes.
Most anti-virus software, however efficient, only works when a third-party source provides information on known viruses. That leaves systems open to new forms of viruses, not yet discovered by the community. Antigena, by running on the system in real-time, is able to assess the network constantly and evaluate any problems.
Two of the case studies mentioned in the report had to do with products that have only just started coming online – CCTV cameras and smart lockers. In the case of the CCTV camera, Antigena noticed video feed was being downloaded off-site, and severed the connection, while maintaining the video feed for security guards. For the smart lockers, again the AI noticed irregular connections between the locker and an off-site device, and severed the connection while alerting the security team.
Not all attacks are coordinated by hackers, some are initiated by disgruntled employees. While working with a South African investment firm, Antigena spotted a laptop pinging hundreds of internal IP addresses to identify activity. It quickly realized this as a potential security threat, and notified the security team. The team found the laptop owner had been looking for weaknesses in the network.
To see the full report, click here.