The rise of ransomware

Organizations continue to be caught off-guard by advanced ransomware attacks. Autonomous Response stops ransomware without disrupting normal business operations.

The sheer speed at which ransomware spreads through an organization forces security teams to take drastic and heavy-handed action to stop threats – often with broad-ranging and serious implications.

As digital infrastructures become more interconnected, the knock-on effects of ransomware will continue to worsen. It’s time to shift to a proportionate response strategy – stopping the attack, while allowing your business to operate as it should.

Self-Learning AI

AI is transforming the way we perform myriad tasks within our business and personal lives. But not all AI is created equal.

Self-learning AI is different. Rather than using large volumes of training data, Self-Learning AI learns on the job from real-time data. Applied to cyber security, this means that it can identify and stop zero-day attacks, because it’s not learning from historical attack data.

Autonomous decision-making

In this new era of cyber-threats, human security teams are being outpaced. We now need machines to think for themselves and react to fast-moving attacks, on our behalf.

Self-Learning AI enables the autonomous decision-making that is so critical as an attack or incident unfolds. It is able to work out, on its own, the appropriate action required to immediately contain the threat and stop it spreading, without causing unnecessary disruption to the organization.

This autonomous decision-making gives humans precious time to catch up with fast-moving incidents, and focus on higher-value, strategic work.

We bring our AI to your data

In stark contrast to other AI approaches, which require data to be cleansed, labelled, and moved to a centralized repository, Darktrace brings the AI to your data, wherever it lives.

Whether it’s in the cloud and email systems, across Operational Technologies or traditional networks and infrastructure, Darktrace’s Self-Learning AI is installed into the heart of these systems, without requiring data migration. It learns from scratch, and constantly evolves its understanding as the data environment changes.

How it works

Self-Learning AI is made up of many thousands of algorithms that inform its decision-making, each with different strengths. These algorithms operate in competition with one another to deliver the best model for every user and device.

To determine which algorithms to employ at any given moment, Darktrace uses a smart threshold filter that contextually weights and rescores the outputs from all machine learning detectors in light of their previous performance.

To combine these analyses of digital activity, Darktrace uses a technique known as Recursive Bayesian Estimation. Crucially, this allows the AI to continually recalculate threat levels in light of new data and discern significant patterns in data flows indicative of attacks.

Identifies latent threats already inside your systems

Self-Learning AI autonomously clusters users and devices into groups based on its understanding of how each of these entities behaves. The technology combines a number of different clustering methods, including matrix-based clustering, density-based clustering, and hierarchical clustering techniques. By combining these techniques, the technology can determine when a device is behaving unusually in relation to the rest of its peer group, enabling it to detect cyber disruption already occurring within your organization.

Thrives in complexity

While other approaches struggle to analyze vast quantities of data – often processed and stored in a variety of ways – the complexity of modern hybrid and multi-cloud environments is an advantage for Self-Learning AI. The technology thrives in complexity, with more users, devices, and environments simply adding extra insights and depth to its analysis.

With this understanding constantly evolving as your business grows, Darktrace helps build cyber resilience over time.