We attended RSAC 2024 in San Francisco from May 6-8. Our days at the conference were packed with back-to-back briefings.
Here’s some notes on our briefing with Mitchell Bezzina (VP, Product Marketing) and Madeline Wilson (Communications Manager) at Darktrace. The briefing was organized by Caroline Dobyns at ICR Lumina.
Our notes from the briefing (enriched with some additional research):
- Darktrace has built its security offerings as a single platform architecture with AI a fundamental design layer. Its three solution areas are detection and response (across cloud, email, endpoint, OT, identity, and network), prevention (e.g., attack surface management), and heal (with automated playbooks for recovery).
- UEBA (user and entity behavioral analytics) is a core part of Darktrace’s approach to assessing for security threats versus what normal behavior looks like. In its CISO Guide to Cyber AI white paper, the Darktrace team says this about their approach: ” … self-learning AI approaches learn what constitutes ‘normal’ by continuously analyzing every device, every user, and the millions of interactions between them, this type of AI can understand ‘self’ for an organization. Once it knows ‘self,’ it can piece together subtle deviations from ‘self’ and connect the dots of a cyber-attack. This way, it can adapt and evolve at the same rate as threats, identifying unfamiliar and novel attacks.”
- Darktrace has grown significantly over the past year. It currently has over 2,300 employees spread across more than 110 countries. Annual recurring revenue in 2023 was $628.4 million.
- Darktrace offers a Cyber AI analyst for analyzing alerts from the customer’s SIEM. The AI analyst automatically triages new alerts and offers a suggested prioritization for a human analyst. Mitchell said their AI analyst is doing an initial run through of around 90% of alerts.
- One investment area for Darktrace is driving nuance for a compromised or threatened endpoint. While a common approach is to automatically take a compromised endpoint offline to isolate / quarantine it from other network elements, Darktrace is able to isolate the threats on the endpoint while allowing other connections to continue unhindered. This nuanced approach deals with the threat without stopping a user’s ability to work. See Darktrace/Endpoint for more- although what we call “nuanced” is called “surgical” by Darktrace. Same concept, different word.
For more, see Darktrace.
Leave a Reply