Get top-notch cyber protection with Darktrace security solutions and Safetech services
Cyber security requires a dynamic approach to keep pace with continually evolving threats in volume and complexity. Darktrace solutions deliver an advanced level of protection by automating prevention, detection and response measures and through a higher level of autonomy provided by proprietary self-learning AI technology.
In a recent event, Safetech Innovations, Darktrace Gold partner in Romania, presented how Darktrace solutions can detect new attack patterns and counter cyber threats in real-time.
Strengths of Darktrace Cyber AI Loop
At the beginning of the event, Maria Teja, Account Executive Eastern Europe Darktrace, exposed the competitive advantages of the Darktrace Cyber AI Loop suite – an interconnected set of cyber security solutions that strengthen the protection of companies continuously and autonomously.
Darktrace Cyber AI Loop includes four product families, covering the areas of prevention, detection, response and remediation. Each component of the suite is powered by Self-Learning AI, the proprietary technology that continuously learns the behavior of users, applications and equipment in on-premises infrastructure and hybrid environments.
“With the help of Darktrace solutions, we understand how each element of the infrastructure behaves normally – whether we are talking about network devices, terminal equipment, applications or end users -, how they communicate with each other, and by detecting anomalies and abnormal behaviors we can identify unknown attacks. Thus, we do not need to know in advance what an attack looks like, but we detect suspicious situations based on abnormal behavior and we can block them from the early stages. For this, the Darktrace Cyber AI Loop system uses multiple sources of information that feed the artificial intelligence engines and unsupervised machine learning that work individually, but collaborate with each other,” explained the Darktrace specialist.
The video recording of Maria Teja’s presentation is available below:
Thus, the four components of the Cyber AI Loop suite act complementary to ensure extensive protection in all phases of a possible security incident:
• Darktrace Prevent – acts in the pre-attack stage, highlighting the measures that can be taken to prevent the attack and reduce the attack surface, by identifying the existing risks and vulnerabilities, as well as by prioritizing the critical points in order to take the necessary preventive measures.
• Darktrace Detect and Darktrace Respond – act in the phase when the attacker tries to access the company’s infrastructure. Darktrace Detect identifies and detects ongoing network attacks and attackers that have already infiltrated based on learned/trained behavior patterns that facilitate rapid detection of abnormal situations. Darktrace Respond blocks any anomalous activity confirmed as a deviation from established behavior patterns. The extent of the autonomous response measures is proportional to the severity of the risks, in order to eliminate the risk of disrupting business processes.
• Darktrace Heal ensures recovery and restoration of optimal operating conditions by intelligently automating remediation and recovery action planning. The solution enables security teams to make quick and effective decisions by identifying assets affected by a cyber attack, their condition, and the most effective way to recover them during and after an attack.
To demonstrate how Darktrace solutions actually work and what the gains are, the company representative presented a case study conducted within an international retail chain with an extensive attack surface.
How can Safetech help you maximize the effectiveness of your Darktrace solutions?
Darktrace solutions act as an additional area of security and do not replace the investments already made by companies in this area, allowing them to be revalued. The solutions integrate both with established security systems, such as Splunk, Okta, QRadar, etc., and with common applications in the enterprise environment, such as Microsoft 365, DropBox, Slack, Box, Zoom, Salesforce, as well as with Google Cloud, AWS platforms or Azure. Thus, Darktrace solutions cover everything that means digital infrastructure, not only the network, but also email areas, endpoints, cloud services, applications, operational environments, etc.
In order to exemplify how Safetech can help companies maximize the efficiency of Darktrace solutions, Iulia Gheorghiu, senior analyst in the Level 3 team within the Safetech Computer Emergency Response Team (STI CERT), presented the adaptation of the solutions to the specifics of each client.
“For example, through the initial onboarding process we collect an extensive series of relevant information from the customer, such as end user rights, equipment types, etc., which allow us to optimize and fine-tune the alerts issued by the solutions Darktrace, by eliminating legitimate and authorized actions. At the same time, we also take care of the continuous optimization and tuning of the Darktrace models, respectively the sets of rules through which the system issues an alert when a certain type of event occurs,” explained the Safetech analyst, which presented how the STI-CERT team used the specific case of a ransomware attack and what are the advantages obtained by calling on the services of an outsourced SOC team.
More information on this topic is available in the video recording:
The presentation was completed by Mihai Răuță, Safetech Security Solutions Department Manager, who briefly exemplified the topologies and common use cases in which Darktrace solutions can be used.
“Safetech can realize an implementation of Darktrace solutions as close as possible to the customer’s need. Darktrace provides physical security equipment with various traffic processing capabilities, covering the entire palette of interconnection in the client’s network using various network interfaces. Darktrace offers but also the possibility of using virtual sensors, for virtual infrastructures, as well as dedicated sensors for multicloud environments, also allowing integration through APIs with Security-as-a-Service solutions delivered from the cloud”, explained the Safetech specialist.
For more information, watch the video below.