The document discusses using machine learning for cyber defense. It describes Darktrace's Enterprise Immune System, which uses unsupervised machine learning to learn a profile of normal user and network behavior and detect anomalies in real time. It detects all types of threats, has full network visibility, and scales from small to large networks. It discusses emerging threat vectors like insider threats, compromised credentials, and machine learning attacks. Darktrace uses autonomous response to fight threats without disrupting business operations. It also provides cloud security and detects over 63,500 in-progress threats across different industries.
2. The Enterprise Immune System:
Using Machine Learning for Next-Gen Cyber Defence
Tingyi Wang
Cyber Security Account Manager
3.
4. The Enterprise Immune System: Proven to Work
Learns ‘self’ in real time
For every user, device, and network, using unsupervised machine
learning
Detects and responds to all threat types
Insider threats, criminal attacks, data exfiltration and manipulation,
IoT hacks and supply chain threats
100% visibility
Visualizes entire network, including traditional and non-traditional
IT, allows both real-time and retrospective investigations
Scalable
From 12 users to over 1 million devices
Deploys on premise & cloud
Defends physical and virtual networks, cloud, ICS, SaaS
5. Compromised credentials; ‘Trust
attacks’ are silent and stealthy
Misconfigurations
Unsecured APIs
Expanded attack surface
Insider threat –malicious and non-
malicious
AI attacks are emerging, leading to
highly customized campaigns
Machine on machine attacks
Threat Vectors in the Cloud
6. Machine Learning is Hard to Get Right
No two networks are alike
On-premise, virtualized, Cloud, SaaS,
segmented
Needs to work without customer
configuration or tuning of models
Needs to support teams with varying
security and math skills
Must deliver value immediately but keep
learning and adapting as it goes
Must have linear scalability
Cannot rely on training sets of data
7. The Machine Fights Back: Autonomous Response
Today’s threats are fast and automated
Security teams struggling to keep up
‘Digital antibody’ generates autonomous
response, powered by AI
Targeted, measured actions
Buys time for humans to catch up
Without disrupting day-to-day business
“Antigena fights the most important battles for us”
Michael Sherwood, CIO, City of Las Vegas
8. Is Your Cloud a Blind Spot?
Legacy approaches to network security are not
applicable to cloud environments
Organizations do not manage security for the
cloud environment
Third party cloud providers cannot be relied on
for security
Access to the cloud is not controlled by your IT
team
Organizations do not have visibility of network
traffic in the cloud
11. Darktrace Finds Threats That Go Undetected
Over 63,500 in-progress threats detected,
including:
Indiscriminate worms, Trojans, ransomware
Exfiltration of sensitive data by insiders
Hacked IoT devices, including HVAC, video
conferencing, internet-connected fish tanks
Irregular VPN access from remote users & sites
Compromises of industrial control systems
Attacks on physical security, such as biometric
scanners & badge readers
Long-term criminal campaigns and
infrastructure hijacking
12. Conclusion
Conclusion
The rapid adoption of cloud and SaaS services
has shifted the traditional network security
paradigm
Native controls and traditional third-party
offerings leave gaping security holes
Darktrace offers the world’s first and only AI-
powered cyber defense platform in the cloud
and beyond
Single pane of glass across IaaS, SaaS, and
the enterprise for real-time threat detection,
autonomous response, and complete visibility
13. Anomalous activity detected:
Industry:
Point of entry:
Apparent objective:
Data Gathering within the Cloud
Laterally within Cloud
Data Gathering
Pharmaceutical
SMB File shares used to store
data within public cloud.
Darktrace was able to monitor
the intra-cloud
communications to establish
patterns of life.
Another cloud device was
observed behaving
anomalously and retrieving
unusually large amounts of
data from the cloud server
Darktrace alerted on the
suspicious data movements
within the cloud
14. Industry:
Point of entry:
Apparent objective:
Cloud Environment Compromised
Organization misconfigured
cloud deployment, leaving
critical server exposed to the
Internet
Server was continuously
attacked by outside threat-actor
attempting to gain access
Darktrace identified the pattern
of attack and alerted the
customer to the ongoing risk
Third-party cloud
Gain access through an exposed
cloud environment to exfiltrate data
Financial Services
15. Industry:
Point of entry:
Apparent objective:
Insider Runs Widespread Bitcoin Operation
Disgruntled systems
administrator decided to hijack
company infrastructure to mine
cryptocurrency
Stole user credentials and
service accounts to take over
140 devices
Darktrace AI identified
anomalous activity and traced it
back to the single malicious
insider
Insider threat
Use company hardware to profit
from crypto-currency
E-Commerce