Darktrace has unveiled what is claims as significant enhancements to its network detection and response (NDR) capabilities with the updated Darktrace / NETWORK. This innovation addresses the increasing complexities faced by organisations, particularly those in Asia, grappling with distributed infrastructures and hybrid workforces.
A key feature of Darktrace / NETWORK is its Self-Learning AI engine, which continuously adapts to an organisation's specific network behaviour. This capability allows it to identify both known and unknown threats. Recent findings indicate that approximately 70% of detections involve highly anomalous activities, such as insider threats and compliance issues, which traditional security tools often overlook. The reliance on pre-defined indicators of compromise can leave organisations vulnerable to emerging threats.
To bolster its detection capabilities, Darktrace has introduced innovative features aimed at enhancing both detection and response efficiency. Notably, the platform can now ingest secondary threat intelligence, allowing it to proactively identify known threats. This integration facilitates deeper threat hunting and the creation of custom detections. As noted by security researcher Bruce Schneier, “The best defence is a good offence; organisations must be proactive in their threat hunting to stay ahead of attackers”.
Darktrace's advancements also include enhanced support for encrypted traffic analysis and tunneling detection. The ability to decrypt TLS traffic and conduct deep packet inspection is crucial, as encrypted communications can often hide malicious activities. The platform's focus on detecting misuse of generative AI tools is timely, given the growing concerns over data privacy and security in the age of AI.
The Cyber AI Analyst automates threat investigations, significantly reducing the response time for security teams. During 2023, the Cyber AI Analyst performed an impressive 1.5 million investigations per week, completing each within five minutes on average. This efficiency is essential for security operations centres (SOCs) that face increasing alert fatigue and resource constraints.
With the recent updates, Darktrace / NETWORK offers enhanced scalability, allowing organisations to manage large, complex networks effectively. This is particularly beneficial for CISOs in Asia, where many enterprises operate across multiple locations and environments.
By leveraging advanced AI capabilities and enhancing operational efficiency, organisations can better protect themselves against a rapidly evolving threat landscape. As cyber threats become increasingly sophisticated, tools like Darktrace will be vital for maintaining robust security postures.