Darktrace Extends Autonomous Response to Enforce Normal Behavior on Endpoints
Darktrace, a global leader in cyber security AI, today announced that its Autonomous Response technology now takes action on the endpoint – rounding out the Darktrace Antigena product family, which already includes coverage for SaaS applications, cloud, email, network, and Operational Technology (OT).
Endpoints have moved farther outside traditional infrastructure and have started housing even more sensitive data. As a result, CISOs and security professionals have been left grappling with the complexities of protecting their organizations and dynamic workers in the wake of flexible work arrangements and the dawn of the ‘Great Resignation’.
A novel approach to this challenge could be to augment security teams with AI that learns on the job how this flexible, dynamic workforce is working. Irregularity of endpoint activity can be continuously re-evaluated, and subtle, indiscernible actions can be taken that allow productive work to continue while stopping only threatening activity.
Antigena Endpoint does just that. It detects anomalous activity and intelligently makes micro-decisions based on unusual activity, such as out-of-the-ordinary initial file downloads and data exfiltration attempts, command and control traffic or lateral movement that might represent a cyber-threat. It uses various techniques to interrupt attacks on Mac, Windows, and Linux devices, including data leaks, ransomware and insider threats.
Contextual awareness gained from other parts of the digital estate is also beneficial in stopping endpoint attacks. For example, in the case of Antigena Email and Antigena Endpoint deployed together, the precision of response is enhanced by the more nuanced understanding of new and expected senders across all endpoint and email activity. A brand-new sender soliciting an employee into making a bank transaction on its own might warrant action. But, with the added information that the website has no prior relevancy to the organization, the increased context would solidify the case and alter the system’s response.
“Antigena Endpoint is the evolution of Darktrace’s platform that I have anticipated and been excited about most. It truly is a game-changer and gets straight to the heart of what our customers need right now,” said Mike Beck, Darktrace’s Global Chief Information Security Officer. “The reassurance that Darktrace can not only detect the early signs of attacks but now also take action on all employee endpoints is more important than ever before.”