The Darktrace Cyber AI Analyst is a new technology that emulates human thought processes to continuously investigate cyber threats at machine speed. With transformational implications for the security industry, early adopters of the Cyber AI Analyst reported a 92% reduction in the time required to investigate threats and provide conclusions to executives.
This innovation is the culmination of over three years of research at the Darktrace R&D Centre in Cambridge, UK. Using various forms of machine learning, including unsupervised, supervised and deep learning, the technology learned human intuition and trade craft from more than 100 world-class cyber analysts across thousands of customer deployments.
Mike Beck, global head of Threat Analysis at Darktrace, told Information Age: “This is the latest evolution of the Darktrace Cyber AI platform, which started with autonomous identification of threats in 2013 and moved to autonomously reacting to attacks in 2016. Today we are transforming the human factor in cyber security, with autonomous expert investigation.”
Typically, a human analyst will spend half an hour to half a day investigating a single suspicious security incident. They will look for patterns, form hypotheses, reach conclusions about how to mitigate the threat and share the findings with the rest of the business. The AI cyber security company claim its new solution accelerates this process, continuously conducting investigations behind the scenes and operating at a speed and scale beyond human capabilities. And crucially, Darktrace say it can conduct expert investigations into hundreds of parallel threads simultaneously and instantly communicate its findings in the form of an actionable security narrative.
ML and AI in cyber security: real opportunities overshadowed by hype
Beck continued: “As the number of cyber-attacks rise, the industry faces a shortage of cyber security experts to deal with them.
“Cyber AI Analyst emulates the human thought processes that take place when a security analyst performs an investigation on a security incident. It’s like having an extra member of staff that is an expert in their field, and reports on issues in seconds, instead of hours.”
By learning from the millions of interactions between Darktrace’s expert analysts and the output of the Enterprise Immune System — Darktrace’s Cyber AI Analyst combines human expertise with the consistency, speed and scalability of AI. The ability of AI to investigate every possibility, make connections between seemingly disparate events, and quickly illuminate the full scope of a security incident dramatically reduces ‘time to meaning’ and buys back time for human teams.
“AI,” said Beck, “has unequivocally become a must have, not a nice to have in today’s increasingly hostile cyber threat environment. Darktrace’s AI is now leading the industry and addressing the cyber challenge at every stage of the process.”
• Faster response to stealthy attacks that can fly under the radar and better understanding of false positives.
• 24/7 security — humans can’t work 24/7, they need breaks. Hackers can attack at any time of the day and businesses need to be prepared for this.
• Elevates the role of existing security teams. AI is not advanced enough to make strategic decisions in a business – we will still require human teams to do this. We will start to see security teams get involved in senior level business decisions e.g. revamping security policies.
• Time to meaning is too slow in today’s age of machine speed attacks. Instead of a human spending hours each day analysing potential threats, Cyber AI Analyst can do the same thing at a speed beyond human capabilities.
• This technology is the admin worker that never sleeps, or needs to take a lunch break or go to meetings; the cyber analyst that is on 24/7. It combines human expertise with the consistency, speed and scalability of AI.
• Careers are no longer static — the rise in AI has meant we need to constantly learn and adapt in our roles. This technology allows the cyber analyst to have more of a business, people-centric role, as opposed to one that involves sifting through data.
• It is the natural evolution of AI.
Information Age comment
There is a certain buzz around this announcement. And Darktrace are confident this could be a game changer for the security industry.
As hackers increasingly use AI and other attack vectors to spread their malicious, data-stealing code, organisations will need automated solutions that can help repel the threat without the aid of a human. A cyber AI analyst could certainly come in handy, given the potential financial and reputational damage that results from a data breach in today’s evolving cyber and regulatory landscape.
The impact of this solution will need time before we can measure its success — when the customer case studies emerge. But, for all intents and purposes, if it can actually do what it says on the tin, the Darktrace Cyber AI Analyst will prove an invaluable ally.