SlideShare a Scribd company logo

Automate Response to Cyber Threats with Darktrace Antigena

A
Austin Eppstein
1 of 8
Download to read offline
1 Darktrace Antigena Product Overview DATA SHEET
1 Introduction As cyber-attackers use increasingly sophisticated technologies to penetrate and propagate within networks, the need for automated response to combat these fast-moving adversaries has grown. Security teams cannot keep up with a threat landscape that is evolving 24/7, and which includes automated attacks, like ransomware, that can seriously jeopardize an organization’s infrastructure within as little as 20 minutes. Darktrace Antigena is an automated response capability, which allows organizations to ‘fight back’ against cyber-threats – without disruption to their day-to-day business activity. Working in conjunction with Darktrace’s core detection technology, Antigena replicates the functions of antibodies in the human immune system by intelligently locating and neutralizing threats. As a ‘digital antibody’, Antigena completes the end-to-end functionality of the Enterprise Immune System by automatically detecting and responding to threats that have been uniquely detected. Thanks to the nuanced understanding of ‘normal’ and ‘abnormal’ behaviors, it is capable of taking measured and targeted responses, disrupting threats without interrupting normal business processes, and allowing security teams time Benefits Respond to threats faster than any security team can Take automated, measured, and targeted action No rules, no signatures Does not disrupt day-to-day business Frees up resources and people Fully configurable “It is our belief that [Antigena’s] ability to drive security actions based on observed behavior is critical to protecting organizations against sophisticated threats. For businesses where alerting operations staff is too passive and slow, the Antigena API allows security teams to automate responses via firewalls, endpoint software and management consoles.” Eric Ogren, 451 Research Senior Analyst
2 Normal ‘Pattern of Life’ The normal ‘pattern of life’ of devices and users are known to Darktrace. The historical actions of a device or user, and those of its peers, are calculated and used to determine a level of normality for every connection made. Anomalous Activity Darktrace identifies highly anomalous activity associated with a rare file download from an unusual source and subsequent beaconing to an external machine. Unknown malware has been downloaded and is reporting back to a control center. Enforced Containment Antigena enforces the device’s ‘pattern of life’. All connections outside of its normal behavior are terminated. Normal activity from the machine is left unaffected and the user continues to work unaware that preventative action has been placed on their device. 90% 98% 90% 98%90% 98% 160% 146% 139% Illustrative Example of Antigena Response How Does Antigena Work? Antigena works in conjunction with Darktrace (Core), which lies at the heart of the Enterprise Immune System approach, and is powered by Darktrace’s proprietary mathematics and machine learning. As a result, organizations must have a core Darktrace appliance or appliances installed within the network before activating Antigena. When Darktrace has identified activity that has been deemed threatening or highly anomalous, Darktrace Antigena is triggered and generates a response to that activity in real time, which depends on the severity of the incident. Examples of actions taken by Antigena may include: • Stopping or slowing down activity related to a specific threat • Quarantining or semi-quarantining users, systems, and/or devices • Marking specific pieces of content, such as email, for further investigation or tracking The precision with which Antigena operates means that interruption to normal business processes is avoided. Instead, Antigena’s self-learning capability allows it to enforce the normal ‘pattern of life’ by slowing and mitigating threats, giving security teams time to investigate the evolving situation and take further action. Darktrace Antigena is fully configurable, allowing for varying degrees of automation, according to your organization’s appetite. For example, users may choose to ‘validate’ Antigena responses, before they are put into effect. This allows users to control and gain confidence in the judgements that Antigena makes, while saving time on the investigation and contextualization of the threat.
3 Darktrace Antigena Framework The Darktrace Antigena Framework provides a layer of intelligent decision-making and response, according to the known ‘pattern of life’ of the enterprise. Darktrace’s Enterprise Immune System upstreams the subtle changes in behavior witnessed in anomalous activity to the Framework, enabling it to make targeted decisions about the most appropriate way to respond to identified threats. Antigena is therefore capable of making precise decisions that will return an anomalous user or device back to its normal behavior profile. This methodology ensures that normal working activity is permitted, while potentially malicious actions are prevented, effectively eliminating false positives. Antigena creates a dynamic boundary, which is automatically personalized to each user and device on a network. The Antigena Framework interacts with your network via one or more modular elements that can communicate with aspects of your existing infrastructure. The Framework is self-aware, constructing its decision-making process around its existing capabilities. In this way, Antigena is fully modularized, and can be expanded with new abilities as your architecture develops. Dynamic Boundary Many traditional proactive security devices fail because they rely on static restrictions of behavior that apply to large groups of users and devices. Security professionals are forced into making these restrictions widely permissive to accommodate a few individual users within the group. The administrative overhead, cost, and time involved in tailoring policies means that it is often easier to open permissions to far more users than is required. Antigena solves this problem by providing a dynamic boundary to a user’s behavior. Just as no single user is alike, no behavior profile is alike either. Feedback Loop Antigena monitors the actions that it produces to better understand an organization’s threat surface area. Determined attackers or insider elements will not stop at the first attempt. Malicious software often has many fall back routines to run in the event that it is prevented from functioning. Antigena and its modules will send the results of failed attempts back into the Darktrace Enterprise Immune System, producing further insight into anomalous activity. It enables Darktrace to learn, not just from normal activity, but from activity that has already been prevented. In this way, undesirable behavior learned in one part of the network can better inform the choices made across the entirety of the network. Darktrace Antigena Modules The Antigena Framework interacts with your network via one or more modular elements that can communicate with aspects of your existing infrastructure. These modules are Antigena Network, Antigena Internet, and Antigena Email. Antigena Internet Antigena Email Antigena Network Regulates user and machine access to the internet and beyond Regulates machine and network connectivity and user access permissions Regulates inbound and outbound email behavior and content
4 Antigena Internet regulates and controls user and device internet connectivity in accordance with the Antigena Framework and Darktrace’s behavioral awareness of your network, users, and devices. The Antigena Internet module exists as one or more physical appliances that sits in-line with an internet egress gateway or an element in an existing web proxy infrastructure. Devices required to access the internet can have their internet-bound traffic transparently observed or be explicitly configured to browse via Antigena Internet. Darktrace will upstream detected anomalous behaviors to the Antigena Framework, which may instruct the Internet module to automatically provide intelligent preventative actions on internet-bound activity. The reactions can be produced based on an internal machine’s general behavior – not just its internet activity. Use Cases: • Stop malware from being accidentally or intentionally downloaded from the internet • Prevent the upload of sensitive data to the internet • Block users from visiting dangerous or suspicious websites e Benefits Dynamic boundary enforced for internet usage Enforces a user or device’s ‘pattern of life’ Optional SSL inspection provides increased insight Highly anomalous connections can be blocked before they reach the end user Can selectively operate in prompt mode to seek user acknowledgement before proceeding Antigena Internet
5 Antigena Network is a software component that permits interaction between the core Antigena Framework and elements within a protected network. It is available for installation on existing Darktrace devices and requires no additional hardware. From the main Darktrace appliance, the Antigena Network module provides the ability to connect to internal systems to perform defensive actions, designed to maintain a normal ‘pattern of life’ on devices with a high level of anomalous activity and protect the network at large. Darktrace’s unique understanding of ‘normal’ communication between machines is constantly evolving, so the more information it sees, the better understanding it has of what is anomalous. If a device within an organization is seen to be displaying sufficient levels of abnormality, Antigena may elect to emit signals to that device that terminate connections deemed to be highly unusual for the device and its peer group in that specific context. However, the immediate action is specific enough that, while the abnormal connection is slowed or terminated, other processes can continue, allowing business proceedings to continue uninterrupted. The actions that Antigena performs are all reported in Darktrace’s Threat Visualizer and can be revoked at any point by your security team or infrastructure. Use Cases: • Triggered by a suspicious connection to foreign IP address (detected by Darktrace) • Slow a known device downloading large amounts of data it does not normally access • Prevent a device from ' communicating' to an unknown location • Stop the transfer of secure files to an unauthorized user e Benefits Actions are performed by the administrative interface of an existing Darktrace appliance or optionally by a dedicated appliance Connections can be terminated from internal-to-internal and internal-to-external communications Creates Dynamic Boundary for inter- machine networking Network layer interactions frequently require no integration within an organization’s infrastructure Available for a four-week Proof of Value trial Antigena Network
6 Antigena Email is an appliance that sits at the border of your email infrastructure. As such, it is capable of interacting with inbound and outbound mail transit and message content. By progressive learning techniques, the Antigena Email module will work with Darktrace’s Enterprise Immune System to build up an understanding of patterns of email communication and develop a complex mesh of ‘likelihood of correspondence’ that identifies the fingerprints of legitimate email. Each inbound email is compared against known and frequent correspondence to establish a level of trust. The Antigena Framework has the ability to flag suspicious emails, as well as to sanitize attachments and links as they pass through the Antigena Email module, neutralizing any harmful content. Use Cases: • Prevent phishing or spear-phishing campaigns, by preventing harmful links from reaching the target • Stop confidential information from being intentionally shared to recipients without clearance • Block employees from sending sensitive information to a personal account e Benefits Dynamic boundary enforced for communications Stop phishing based on mathematical corre on en rofil ng Feedback loop provides Darktrace with a dynamic threat surface area unique to your organization Highly anomalous emails can be blocked before they reach the end user Sanitation of mail-borne content Works in conjunction with your existing mail server Antigena Email
About Darktrace Darktrace is a world-leading cyber-threat defense company. Its multi-award-winning Enterprise Immune System technology automatically detects and responds to emerging threats, powered by machine learning and mathematics developed by specialists from the University of Cambridge. Without using rules or signatures, Darktrace models the ‘pattern of life’ of every device, user and network within an organization, identifying and mitigating cyber-threats before damage is done. Darktrace’s self-learning technology has been deployed globally and across all sectors, including energy, retail, telecommunications, manufacturing, financial services and healthcare. The company is headquartered in San Francisco and Cambridge, UK, with over 20 global offices including London, New York, Milan, Mumbai, Paris, Singapore, Sydney, Tokyo and Toronto. Contact Us US: +1 (415) 243 3955 Europe: +44 (0) 1223 394 100 APAC: +65 6248 4516 info@darktrace.com www.darktrace.com Conclusion It is becoming impossible to manually keep up with this new era of computer-speed threats, irrespective of how large your security team is. Automated response is the next step in ensuring that cyber defense keeps pace with these new attackers, and take preventative actions as threats develop. By using unique machine learning and mathematics, Darktrace can detect in-progress threats without requiring rules and signatures, which are proven to fail when faced with machine-on-machine attacks and sophisticated hackers. Antigena represents the first automated, self-defending system that allows the Enterprise Immune System to take direct action against specific threats – without disrupting your organization. It reduces response time and enables better, more efficient risk mitigation, irrespective of the type of threat encountered. "We believe [Antigena] represents an important step in behavior analytics evolving to an active defense that traditional systems cannot match.” Eric Ogren, 451 Research Senior Analyst

Recommended

Enterprise Immune System
Enterprise Immune SystemEnterprise Immune System
Enterprise Immune SystemAustin Eppstein
 
Data Sheet_What Darktrace Finds
Data Sheet_What Darktrace FindsData Sheet_What Darktrace Finds
Data Sheet_What Darktrace FindsMelissa Lim
 
Darktrace_WhitePaper_Needle_final
Darktrace_WhitePaper_Needle_finalDarktrace_WhitePaper_Needle_final
Darktrace_WhitePaper_Needle_finalJerome Chapolard
 
Darktrace white paper_ics_final
Darktrace white paper_ics_finalDarktrace white paper_ics_final
Darktrace white paper_ics_finalCMR WORLD TECH
 
Darktrace enterprise immune system whitepaper_digital
Darktrace enterprise immune system whitepaper_digitalDarktrace enterprise immune system whitepaper_digital
Darktrace enterprise immune system whitepaper_digitalCMR WORLD TECH
 
The-Enterprise-Immune-System-Using-Machine-Learning-for-Next-Generation-Cyber...
The-Enterprise-Immune-System-Using-Machine-Learning-for-Next-Generation-Cyber...The-Enterprise-Immune-System-Using-Machine-Learning-for-Next-Generation-Cyber...
The-Enterprise-Immune-System-Using-Machine-Learning-for-Next-Generation-Cyber...Amazon Web Services
 
Darktrace Proof of Value
Darktrace Proof of ValueDarktrace Proof of Value
Darktrace Proof of ValueDarktrace
 
Enhanced method for intrusion detection over kdd cup 99 dataset
Enhanced method for intrusion detection over kdd cup 99 datasetEnhanced method for intrusion detection over kdd cup 99 dataset
Enhanced method for intrusion detection over kdd cup 99 datasetijctet
 

Recommended

Enterprise Immune System
Enterprise Immune SystemEnterprise Immune System
Enterprise Immune SystemAustin Eppstein
 
Data Sheet_What Darktrace Finds
Data Sheet_What Darktrace FindsData Sheet_What Darktrace Finds
Data Sheet_What Darktrace FindsMelissa Lim
 
Darktrace_WhitePaper_Needle_final
Darktrace_WhitePaper_Needle_finalDarktrace_WhitePaper_Needle_final
Darktrace_WhitePaper_Needle_finalJerome Chapolard
 
Darktrace white paper_ics_final
Darktrace white paper_ics_finalDarktrace white paper_ics_final
Darktrace white paper_ics_finalCMR WORLD TECH
 
Darktrace enterprise immune system whitepaper_digital
Darktrace enterprise immune system whitepaper_digitalDarktrace enterprise immune system whitepaper_digital
Darktrace enterprise immune system whitepaper_digitalCMR WORLD TECH
 
The-Enterprise-Immune-System-Using-Machine-Learning-for-Next-Generation-Cyber...
The-Enterprise-Immune-System-Using-Machine-Learning-for-Next-Generation-Cyber...The-Enterprise-Immune-System-Using-Machine-Learning-for-Next-Generation-Cyber...
The-Enterprise-Immune-System-Using-Machine-Learning-for-Next-Generation-Cyber...Amazon Web Services
 
Darktrace Proof of Value
Darktrace Proof of ValueDarktrace Proof of Value
Darktrace Proof of ValueDarktrace
 
Enhanced method for intrusion detection over kdd cup 99 dataset
Enhanced method for intrusion detection over kdd cup 99 datasetEnhanced method for intrusion detection over kdd cup 99 dataset
Enhanced method for intrusion detection over kdd cup 99 datasetijctet
 
The Top 20 Cyberattacks on Industrial Control Systems
The Top 20 Cyberattacks on Industrial Control SystemsThe Top 20 Cyberattacks on Industrial Control Systems
The Top 20 Cyberattacks on Industrial Control SystemsMuhammad FAHAD
 
Advanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the HaystackAdvanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the HaystackEMC
 
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of CompromiseInsight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise21CT Inc.
 
Industrial cyber threat landscape
Industrial cyber threat landscapeIndustrial cyber threat landscape
Industrial cyber threat landscapebayshorenet
 
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...Muhammad FAHAD
 
NetWitness Overview
NetWitness OverviewNetWitness Overview
NetWitness OverviewSilvioPappalardo
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationE.S.G. JR. Consulting, Inc.
 
SECURITY THREATS IN SENSOR NETWORK IN IOT: A SURVEY
SECURITY THREATS IN SENSOR NETWORK IN IOT: A SURVEYSECURITY THREATS IN SENSOR NETWORK IN IOT: A SURVEY
SECURITY THREATS IN SENSOR NETWORK IN IOT: A SURVEYJournal For Research
 
Case Study of RSA Data Breach
Case Study of RSA Data BreachCase Study of RSA Data Breach
Case Study of RSA Data BreachKunal Sharma
 
Solving the Asset Management Challenge for Cybersecurity (It’s About Time)
Solving the Asset Management Challenge for Cybersecurity (It’s About Time)Solving the Asset Management Challenge for Cybersecurity (It’s About Time)
Solving the Asset Management Challenge for Cybersecurity (It’s About Time)Enterprise Management Associates
 
Autonomic Anomaly Detection System in Computer Networks
Autonomic Anomaly Detection System in Computer NetworksAutonomic Anomaly Detection System in Computer Networks
Autonomic Anomaly Detection System in Computer Networksijsrd.com
 
A Hybrid Intrusion Detection System for Network Security: A New Proposed Min ...
A Hybrid Intrusion Detection System for Network Security: A New Proposed Min ...A Hybrid Intrusion Detection System for Network Security: A New Proposed Min ...
A Hybrid Intrusion Detection System for Network Security: A New Proposed Min ...IJCSIS Research Publications
 
Current Studies On Intrusion Detection System, Genetic Algorithm And Fuzzy Logic
Current Studies On Intrusion Detection System, Genetic Algorithm And Fuzzy LogicCurrent Studies On Intrusion Detection System, Genetic Algorithm And Fuzzy Logic
Current Studies On Intrusion Detection System, Genetic Algorithm And Fuzzy Logicijdpsjournal
 
Ijnsa050214
Ijnsa050214Ijnsa050214
Ijnsa050214IJNSA Journal
 
Panda Adaptive Defense 360 - Cyber Extortion Guide
Panda Adaptive Defense 360 - Cyber Extortion GuidePanda Adaptive Defense 360 - Cyber Extortion Guide
Panda Adaptive Defense 360 - Cyber Extortion GuidePanda Security
 
Achieving high-fidelity security
Achieving high-fidelity securityAchieving high-fidelity security
Achieving high-fidelity securitybalejandre
 
REAL-TIME INTRUSION DETECTION SYSTEM FOR BIG DATA
REAL-TIME INTRUSION DETECTION SYSTEM FOR BIG DATAREAL-TIME INTRUSION DETECTION SYSTEM FOR BIG DATA
REAL-TIME INTRUSION DETECTION SYSTEM FOR BIG DATAijp2p
 
IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...
IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...
IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...IRJET Journal
 
Data Safety And Security
Data Safety And SecurityData Safety And Security
Data Safety And SecurityConstantine Karbaliotis
 
APT Monitoring and Compliance
APT Monitoring and ComplianceAPT Monitoring and Compliance
APT Monitoring and ComplianceMarcus Clarke
 
Part 3 ApplicationEnd-User Security Recommendations.docx
Part 3 ApplicationEnd-User Security Recommendations.docxPart 3 ApplicationEnd-User Security Recommendations.docx
Part 3 ApplicationEnd-User Security Recommendations.docxdanhaley45372
 
Cylance Protect-Next-Generation Antivirus-Overview
Cylance Protect-Next-Generation Antivirus-OverviewCylance Protect-Next-Generation Antivirus-Overview
Cylance Protect-Next-Generation Antivirus-OverviewInnovation Network Technologies: InNet
 

More Related Content

What's hot

The Top 20 Cyberattacks on Industrial Control Systems
The Top 20 Cyberattacks on Industrial Control SystemsThe Top 20 Cyberattacks on Industrial Control Systems
The Top 20 Cyberattacks on Industrial Control SystemsMuhammad FAHAD
 
Advanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the HaystackAdvanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the HaystackEMC
 
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of CompromiseInsight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise21CT Inc.
 
Industrial cyber threat landscape
Industrial cyber threat landscapeIndustrial cyber threat landscape
Industrial cyber threat landscapebayshorenet
 
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...Muhammad FAHAD
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationE.S.G. JR. Consulting, Inc.
 
SECURITY THREATS IN SENSOR NETWORK IN IOT: A SURVEY
SECURITY THREATS IN SENSOR NETWORK IN IOT: A SURVEYSECURITY THREATS IN SENSOR NETWORK IN IOT: A SURVEY
SECURITY THREATS IN SENSOR NETWORK IN IOT: A SURVEYJournal For Research
 
Case Study of RSA Data Breach
Case Study of RSA Data BreachCase Study of RSA Data Breach
Case Study of RSA Data BreachKunal Sharma
 
Solving the Asset Management Challenge for Cybersecurity (It’s About Time)
Solving the Asset Management Challenge for Cybersecurity (It’s About Time)Solving the Asset Management Challenge for Cybersecurity (It’s About Time)
Solving the Asset Management Challenge for Cybersecurity (It’s About Time)Enterprise Management Associates
 
Autonomic Anomaly Detection System in Computer Networks
Autonomic Anomaly Detection System in Computer NetworksAutonomic Anomaly Detection System in Computer Networks
Autonomic Anomaly Detection System in Computer Networksijsrd.com
 
A Hybrid Intrusion Detection System for Network Security: A New Proposed Min ...
A Hybrid Intrusion Detection System for Network Security: A New Proposed Min ...A Hybrid Intrusion Detection System for Network Security: A New Proposed Min ...
A Hybrid Intrusion Detection System for Network Security: A New Proposed Min ...IJCSIS Research Publications
 
Current Studies On Intrusion Detection System, Genetic Algorithm And Fuzzy Logic
Current Studies On Intrusion Detection System, Genetic Algorithm And Fuzzy LogicCurrent Studies On Intrusion Detection System, Genetic Algorithm And Fuzzy Logic
Current Studies On Intrusion Detection System, Genetic Algorithm And Fuzzy Logicijdpsjournal
 
Panda Adaptive Defense 360 - Cyber Extortion Guide
Panda Adaptive Defense 360 - Cyber Extortion GuidePanda Adaptive Defense 360 - Cyber Extortion Guide
Panda Adaptive Defense 360 - Cyber Extortion GuidePanda Security
 
Achieving high-fidelity security
Achieving high-fidelity securityAchieving high-fidelity security
Achieving high-fidelity securitybalejandre
 
REAL-TIME INTRUSION DETECTION SYSTEM FOR BIG DATA
REAL-TIME INTRUSION DETECTION SYSTEM FOR BIG DATAREAL-TIME INTRUSION DETECTION SYSTEM FOR BIG DATA
REAL-TIME INTRUSION DETECTION SYSTEM FOR BIG DATAijp2p
 
IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...
IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...
IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...IRJET Journal
 
APT Monitoring and Compliance
APT Monitoring and ComplianceAPT Monitoring and Compliance
APT Monitoring and ComplianceMarcus Clarke
 

What's hot (20)

The Top 20 Cyberattacks on Industrial Control Systems
The Top 20 Cyberattacks on Industrial Control SystemsThe Top 20 Cyberattacks on Industrial Control Systems
The Top 20 Cyberattacks on Industrial Control Systems
 
Advanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the HaystackAdvanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the Haystack
 
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of CompromiseInsight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
 
Industrial cyber threat landscape
Industrial cyber threat landscapeIndustrial cyber threat landscape
Industrial cyber threat landscape
 
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...
 
NetWitness Overview
NetWitness OverviewNetWitness Overview
NetWitness Overview
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network Automation
 
SECURITY THREATS IN SENSOR NETWORK IN IOT: A SURVEY
SECURITY THREATS IN SENSOR NETWORK IN IOT: A SURVEYSECURITY THREATS IN SENSOR NETWORK IN IOT: A SURVEY
SECURITY THREATS IN SENSOR NETWORK IN IOT: A SURVEY
 
Case Study of RSA Data Breach
Case Study of RSA Data BreachCase Study of RSA Data Breach
Case Study of RSA Data Breach
 
Solving the Asset Management Challenge for Cybersecurity (It’s About Time)
Solving the Asset Management Challenge for Cybersecurity (It’s About Time)Solving the Asset Management Challenge for Cybersecurity (It’s About Time)
Solving the Asset Management Challenge for Cybersecurity (It’s About Time)
 
Autonomic Anomaly Detection System in Computer Networks
Autonomic Anomaly Detection System in Computer NetworksAutonomic Anomaly Detection System in Computer Networks
Autonomic Anomaly Detection System in Computer Networks
 
A Hybrid Intrusion Detection System for Network Security: A New Proposed Min ...
A Hybrid Intrusion Detection System for Network Security: A New Proposed Min ...A Hybrid Intrusion Detection System for Network Security: A New Proposed Min ...
A Hybrid Intrusion Detection System for Network Security: A New Proposed Min ...
 
Current Studies On Intrusion Detection System, Genetic Algorithm And Fuzzy Logic
Current Studies On Intrusion Detection System, Genetic Algorithm And Fuzzy LogicCurrent Studies On Intrusion Detection System, Genetic Algorithm And Fuzzy Logic
Current Studies On Intrusion Detection System, Genetic Algorithm And Fuzzy Logic
 
Ijnsa050214
Ijnsa050214Ijnsa050214
Ijnsa050214
 
Panda Adaptive Defense 360 - Cyber Extortion Guide
Panda Adaptive Defense 360 - Cyber Extortion GuidePanda Adaptive Defense 360 - Cyber Extortion Guide
Panda Adaptive Defense 360 - Cyber Extortion Guide
 
Achieving high-fidelity security
Achieving high-fidelity securityAchieving high-fidelity security
Achieving high-fidelity security
 
REAL-TIME INTRUSION DETECTION SYSTEM FOR BIG DATA
REAL-TIME INTRUSION DETECTION SYSTEM FOR BIG DATAREAL-TIME INTRUSION DETECTION SYSTEM FOR BIG DATA
REAL-TIME INTRUSION DETECTION SYSTEM FOR BIG DATA
 
IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...
IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...
IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...
 
Data Safety And Security
Data Safety And SecurityData Safety And Security
Data Safety And Security
 
APT Monitoring and Compliance
APT Monitoring and ComplianceAPT Monitoring and Compliance
APT Monitoring and Compliance
 

Similar to Automate Response to Cyber Threats with Darktrace Antigena

Part 3 ApplicationEnd-User Security Recommendations.docx
Part 3 ApplicationEnd-User Security Recommendations.docxPart 3 ApplicationEnd-User Security Recommendations.docx
Part 3 ApplicationEnd-User Security Recommendations.docxdanhaley45372
 
UNCONSTRAINED ENDPOINT SECURITY SYSTEM: UEPTSS
UNCONSTRAINED ENDPOINT SECURITY SYSTEM: UEPTSSUNCONSTRAINED ENDPOINT SECURITY SYSTEM: UEPTSS
UNCONSTRAINED ENDPOINT SECURITY SYSTEM: UEPTSSIJNSA Journal
 
UNCONSTRAINED ENDPOINT SECURITY SYSTEM: UEPTSS
UNCONSTRAINED ENDPOINT SECURITY SYSTEM: UEPTSSUNCONSTRAINED ENDPOINT SECURITY SYSTEM: UEPTSS
UNCONSTRAINED ENDPOINT SECURITY SYSTEM: UEPTSSIJNSA Journal
 
Cylance_Protect_Datasheet
Cylance_Protect_DatasheetCylance_Protect_Datasheet
Cylance_Protect_DatasheetTiana Henriks
 
Intrusion Detection System Project Report
Intrusion Detection System Project ReportIntrusion Detection System Project Report
Intrusion Detection System Project ReportRaghav Bisht
 
Self protecteion in clustered distributed system new
Self protecteion in clustered distributed system newSelf protecteion in clustered distributed system new
Self protecteion in clustered distributed system newSahithi Naraparaju
 
Wireless Networking
Wireless NetworkingWireless Networking
Wireless NetworkingGulshanAra14
 
Self protecteion in clustered distributed system new
Self protecteion in clustered distributed system newSelf protecteion in clustered distributed system new
Self protecteion in clustered distributed system newSahithi Naraparaju
 
Cryptography and system security
Cryptography and system securityCryptography and system security
Cryptography and system securityGary Mendonca
 
Global ransomware attacks_2017_final msw_g2_sg
Global ransomware attacks_2017_final msw_g2_sgGlobal ransomware attacks_2017_final msw_g2_sg
Global ransomware attacks_2017_final msw_g2_sgChristopher R. Ward
 
Global Ransomware Client Alert
Global Ransomware Client AlertGlobal Ransomware Client Alert
Global Ransomware Client AlertRobyn Melnyk
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
network_security.docx_2.pdf
network_security.docx_2.pdfnetwork_security.docx_2.pdf
network_security.docx_2.pdfahmed53254
 
Advanced Endpoint Protection
Advanced Endpoint ProtectionAdvanced Endpoint Protection
Advanced Endpoint ProtectionMustafa YÜKSEL
 
Cybersecurity Devices and Technologies.pptx
Cybersecurity Devices and Technologies.pptxCybersecurity Devices and Technologies.pptx
Cybersecurity Devices and Technologies.pptxAnanta Khare
 
Cybersecurity Devices and Technologies.pptx
Cybersecurity Devices and Technologies.pptxCybersecurity Devices and Technologies.pptx
Cybersecurity Devices and Technologies.pptxAnanta Khare
 

Similar to Automate Response to Cyber Threats with Darktrace Antigena (20)

Part 3 ApplicationEnd-User Security Recommendations.docx
Part 3 ApplicationEnd-User Security Recommendations.docxPart 3 ApplicationEnd-User Security Recommendations.docx
Part 3 ApplicationEnd-User Security Recommendations.docx
 
Cylance Protect-Next-Generation Antivirus-Overview
Cylance Protect-Next-Generation Antivirus-OverviewCylance Protect-Next-Generation Antivirus-Overview
Cylance Protect-Next-Generation Antivirus-Overview
 
UNCONSTRAINED ENDPOINT SECURITY SYSTEM: UEPTSS
UNCONSTRAINED ENDPOINT SECURITY SYSTEM: UEPTSSUNCONSTRAINED ENDPOINT SECURITY SYSTEM: UEPTSS
UNCONSTRAINED ENDPOINT SECURITY SYSTEM: UEPTSS
 
UNCONSTRAINED ENDPOINT SECURITY SYSTEM: UEPTSS
UNCONSTRAINED ENDPOINT SECURITY SYSTEM: UEPTSSUNCONSTRAINED ENDPOINT SECURITY SYSTEM: UEPTSS
UNCONSTRAINED ENDPOINT SECURITY SYSTEM: UEPTSS
 
Cylance_Protect_Datasheet
Cylance_Protect_DatasheetCylance_Protect_Datasheet
Cylance_Protect_Datasheet
 
Intrusion Detection System Project Report
Intrusion Detection System Project ReportIntrusion Detection System Project Report
Intrusion Detection System Project Report
 
Kx3419591964
Kx3419591964Kx3419591964
Kx3419591964
 
Self protecteion in clustered distributed system new
Self protecteion in clustered distributed system newSelf protecteion in clustered distributed system new
Self protecteion in clustered distributed system new
 
Wireless Networking
Wireless NetworkingWireless Networking
Wireless Networking
 
Self protecteion in clustered distributed system new
Self protecteion in clustered distributed system newSelf protecteion in clustered distributed system new
Self protecteion in clustered distributed system new
 
Fore scout nac-datasheet
Fore scout nac-datasheetFore scout nac-datasheet
Fore scout nac-datasheet
 
Cryptography and system security
Cryptography and system securityCryptography and system security
Cryptography and system security
 
Global ransomware attacks_2017_final msw_g2_sg
Global ransomware attacks_2017_final msw_g2_sgGlobal ransomware attacks_2017_final msw_g2_sg
Global ransomware attacks_2017_final msw_g2_sg
 
Global Ransomware Client Alert
Global Ransomware Client AlertGlobal Ransomware Client Alert
Global Ransomware Client Alert
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
 
network_security.docx_2.pdf
network_security.docx_2.pdfnetwork_security.docx_2.pdf
network_security.docx_2.pdf
 
Advanced Endpoint Protection
Advanced Endpoint ProtectionAdvanced Endpoint Protection
Advanced Endpoint Protection
 
Cybersecurity Devices and Technologies.pptx
Cybersecurity Devices and Technologies.pptxCybersecurity Devices and Technologies.pptx
Cybersecurity Devices and Technologies.pptx
 
Cybersecurity Devices and Technologies.pptx
Cybersecurity Devices and Technologies.pptxCybersecurity Devices and Technologies.pptx
Cybersecurity Devices and Technologies.pptx
 
UEBA
UEBAUEBA
UEBA
 

Automate Response to Cyber Threats with Darktrace Antigena

  • 2. 1 Introduction As cyber-attackers use increasingly sophisticated technologies to penetrate and propagate within networks, the need for automated response to combat these fast-moving adversaries has grown. Security teams cannot keep up with a threat landscape that is evolving 24/7, and which includes automated attacks, like ransomware, that can seriously jeopardize an organization’s infrastructure within as little as 20 minutes. Darktrace Antigena is an automated response capability, which allows organizations to ‘fight back’ against cyber-threats – without disruption to their day-to-day business activity. Working in conjunction with Darktrace’s core detection technology, Antigena replicates the functions of antibodies in the human immune system by intelligently locating and neutralizing threats. As a ‘digital antibody’, Antigena completes the end-to-end functionality of the Enterprise Immune System by automatically detecting and responding to threats that have been uniquely detected. Thanks to the nuanced understanding of ‘normal’ and ‘abnormal’ behaviors, it is capable of taking measured and targeted responses, disrupting threats without interrupting normal business processes, and allowing security teams time Benefits Respond to threats faster than any security team can Take automated, measured, and targeted action No rules, no signatures Does not disrupt day-to-day business Frees up resources and people Fully configurable “It is our belief that [Antigena’s] ability to drive security actions based on observed behavior is critical to protecting organizations against sophisticated threats. For businesses where alerting operations staff is too passive and slow, the Antigena API allows security teams to automate responses via firewalls, endpoint software and management consoles.” Eric Ogren, 451 Research Senior Analyst
  • 3. 2 Normal ‘Pattern of Life’ The normal ‘pattern of life’ of devices and users are known to Darktrace. The historical actions of a device or user, and those of its peers, are calculated and used to determine a level of normality for every connection made. Anomalous Activity Darktrace identifies highly anomalous activity associated with a rare file download from an unusual source and subsequent beaconing to an external machine. Unknown malware has been downloaded and is reporting back to a control center. Enforced Containment Antigena enforces the device’s ‘pattern of life’. All connections outside of its normal behavior are terminated. Normal activity from the machine is left unaffected and the user continues to work unaware that preventative action has been placed on their device. 90% 98% 90% 98%90% 98% 160% 146% 139% Illustrative Example of Antigena Response How Does Antigena Work? Antigena works in conjunction with Darktrace (Core), which lies at the heart of the Enterprise Immune System approach, and is powered by Darktrace’s proprietary mathematics and machine learning. As a result, organizations must have a core Darktrace appliance or appliances installed within the network before activating Antigena. When Darktrace has identified activity that has been deemed threatening or highly anomalous, Darktrace Antigena is triggered and generates a response to that activity in real time, which depends on the severity of the incident. Examples of actions taken by Antigena may include: • Stopping or slowing down activity related to a specific threat • Quarantining or semi-quarantining users, systems, and/or devices • Marking specific pieces of content, such as email, for further investigation or tracking The precision with which Antigena operates means that interruption to normal business processes is avoided. Instead, Antigena’s self-learning capability allows it to enforce the normal ‘pattern of life’ by slowing and mitigating threats, giving security teams time to investigate the evolving situation and take further action. Darktrace Antigena is fully configurable, allowing for varying degrees of automation, according to your organization’s appetite. For example, users may choose to ‘validate’ Antigena responses, before they are put into effect. This allows users to control and gain confidence in the judgements that Antigena makes, while saving time on the investigation and contextualization of the threat.
  • 4. 3 Darktrace Antigena Framework The Darktrace Antigena Framework provides a layer of intelligent decision-making and response, according to the known ‘pattern of life’ of the enterprise. Darktrace’s Enterprise Immune System upstreams the subtle changes in behavior witnessed in anomalous activity to the Framework, enabling it to make targeted decisions about the most appropriate way to respond to identified threats. Antigena is therefore capable of making precise decisions that will return an anomalous user or device back to its normal behavior profile. This methodology ensures that normal working activity is permitted, while potentially malicious actions are prevented, effectively eliminating false positives. Antigena creates a dynamic boundary, which is automatically personalized to each user and device on a network. The Antigena Framework interacts with your network via one or more modular elements that can communicate with aspects of your existing infrastructure. The Framework is self-aware, constructing its decision-making process around its existing capabilities. In this way, Antigena is fully modularized, and can be expanded with new abilities as your architecture develops. Dynamic Boundary Many traditional proactive security devices fail because they rely on static restrictions of behavior that apply to large groups of users and devices. Security professionals are forced into making these restrictions widely permissive to accommodate a few individual users within the group. The administrative overhead, cost, and time involved in tailoring policies means that it is often easier to open permissions to far more users than is required. Antigena solves this problem by providing a dynamic boundary to a user’s behavior. Just as no single user is alike, no behavior profile is alike either. Feedback Loop Antigena monitors the actions that it produces to better understand an organization’s threat surface area. Determined attackers or insider elements will not stop at the first attempt. Malicious software often has many fall back routines to run in the event that it is prevented from functioning. Antigena and its modules will send the results of failed attempts back into the Darktrace Enterprise Immune System, producing further insight into anomalous activity. It enables Darktrace to learn, not just from normal activity, but from activity that has already been prevented. In this way, undesirable behavior learned in one part of the network can better inform the choices made across the entirety of the network. Darktrace Antigena Modules The Antigena Framework interacts with your network via one or more modular elements that can communicate with aspects of your existing infrastructure. These modules are Antigena Network, Antigena Internet, and Antigena Email. Antigena Internet Antigena Email Antigena Network Regulates user and machine access to the internet and beyond Regulates machine and network connectivity and user access permissions Regulates inbound and outbound email behavior and content
  • 5. 4 Antigena Internet regulates and controls user and device internet connectivity in accordance with the Antigena Framework and Darktrace’s behavioral awareness of your network, users, and devices. The Antigena Internet module exists as one or more physical appliances that sits in-line with an internet egress gateway or an element in an existing web proxy infrastructure. Devices required to access the internet can have their internet-bound traffic transparently observed or be explicitly configured to browse via Antigena Internet. Darktrace will upstream detected anomalous behaviors to the Antigena Framework, which may instruct the Internet module to automatically provide intelligent preventative actions on internet-bound activity. The reactions can be produced based on an internal machine’s general behavior – not just its internet activity. Use Cases: • Stop malware from being accidentally or intentionally downloaded from the internet • Prevent the upload of sensitive data to the internet • Block users from visiting dangerous or suspicious websites e Benefits Dynamic boundary enforced for internet usage Enforces a user or device’s ‘pattern of life’ Optional SSL inspection provides increased insight Highly anomalous connections can be blocked before they reach the end user Can selectively operate in prompt mode to seek user acknowledgement before proceeding Antigena Internet
  • 6. 5 Antigena Network is a software component that permits interaction between the core Antigena Framework and elements within a protected network. It is available for installation on existing Darktrace devices and requires no additional hardware. From the main Darktrace appliance, the Antigena Network module provides the ability to connect to internal systems to perform defensive actions, designed to maintain a normal ‘pattern of life’ on devices with a high level of anomalous activity and protect the network at large. Darktrace’s unique understanding of ‘normal’ communication between machines is constantly evolving, so the more information it sees, the better understanding it has of what is anomalous. If a device within an organization is seen to be displaying sufficient levels of abnormality, Antigena may elect to emit signals to that device that terminate connections deemed to be highly unusual for the device and its peer group in that specific context. However, the immediate action is specific enough that, while the abnormal connection is slowed or terminated, other processes can continue, allowing business proceedings to continue uninterrupted. The actions that Antigena performs are all reported in Darktrace’s Threat Visualizer and can be revoked at any point by your security team or infrastructure. Use Cases: • Triggered by a suspicious connection to foreign IP address (detected by Darktrace) • Slow a known device downloading large amounts of data it does not normally access • Prevent a device from ' communicating' to an unknown location • Stop the transfer of secure files to an unauthorized user e Benefits Actions are performed by the administrative interface of an existing Darktrace appliance or optionally by a dedicated appliance Connections can be terminated from internal-to-internal and internal-to-external communications Creates Dynamic Boundary for inter- machine networking Network layer interactions frequently require no integration within an organization’s infrastructure Available for a four-week Proof of Value trial Antigena Network
  • 7. 6 Antigena Email is an appliance that sits at the border of your email infrastructure. As such, it is capable of interacting with inbound and outbound mail transit and message content. By progressive learning techniques, the Antigena Email module will work with Darktrace’s Enterprise Immune System to build up an understanding of patterns of email communication and develop a complex mesh of ‘likelihood of correspondence’ that identifies the fingerprints of legitimate email. Each inbound email is compared against known and frequent correspondence to establish a level of trust. The Antigena Framework has the ability to flag suspicious emails, as well as to sanitize attachments and links as they pass through the Antigena Email module, neutralizing any harmful content. Use Cases: • Prevent phishing or spear-phishing campaigns, by preventing harmful links from reaching the target • Stop confidential information from being intentionally shared to recipients without clearance • Block employees from sending sensitive information to a personal account e Benefits Dynamic boundary enforced for communications Stop phishing based on mathematical corre on en rofil ng Feedback loop provides Darktrace with a dynamic threat surface area unique to your organization Highly anomalous emails can be blocked before they reach the end user Sanitation of mail-borne content Works in conjunction with your existing mail server Antigena Email
  • 8. About Darktrace Darktrace is a world-leading cyber-threat defense company. Its multi-award-winning Enterprise Immune System technology automatically detects and responds to emerging threats, powered by machine learning and mathematics developed by specialists from the University of Cambridge. Without using rules or signatures, Darktrace models the ‘pattern of life’ of every device, user and network within an organization, identifying and mitigating cyber-threats before damage is done. Darktrace’s self-learning technology has been deployed globally and across all sectors, including energy, retail, telecommunications, manufacturing, financial services and healthcare. The company is headquartered in San Francisco and Cambridge, UK, with over 20 global offices including London, New York, Milan, Mumbai, Paris, Singapore, Sydney, Tokyo and Toronto. Contact Us US: +1 (415) 243 3955 Europe: +44 (0) 1223 394 100 APAC: +65 6248 4516 info@darktrace.com www.darktrace.com Conclusion It is becoming impossible to manually keep up with this new era of computer-speed threats, irrespective of how large your security team is. Automated response is the next step in ensuring that cyber defense keeps pace with these new attackers, and take preventative actions as threats develop. By using unique machine learning and mathematics, Darktrace can detect in-progress threats without requiring rules and signatures, which are proven to fail when faced with machine-on-machine attacks and sophisticated hackers. Antigena represents the first automated, self-defending system that allows the Enterprise Immune System to take direct action against specific threats – without disrupting your organization. It reduces response time and enables better, more efficient risk mitigation, irrespective of the type of threat encountered. "We believe [Antigena] represents an important step in behavior analytics evolving to an active defense that traditional systems cannot match.” Eric Ogren, 451 Research Senior Analyst