The pernicious threat bypassed the organization’s traditional security tools, but Darktrace’s AI technology foiled the attack before it could do damage.
Unbeknownst to the security team, the threat actor gained control of a key server that acted as a pivot point for network management. The attacker then attempted to connect to other computers and infiltrate them with malware, quite possibly with the goal of subduing the entire network and gaining unrestricted access to highly sensitive client data.
As soon as Darktrace’s self-learning technology was installed in the network, the AI algorithms detected a number of suspicious activities, including over 400,000 machine-speed login attempts to breach the key management console. Darktrace was able to immediately detect the attack as these anomalies marked a sharp departure from the normal ‘pattern of life’ on the network.
Because Darktrace’s machine learning technology does not rely on prior assumptions of what ‘bad’ looks like, but instead intelligently builds a sense of ‘self’ for the network, it understood that this server was behaving abnormally in comparison to other similar devices. The in-progress attack was detected and remediated swiftly, before it had inflicted damage.
“Time and again, we see attackers come up with new ways to bypass perimeter defenses,” said Dave Palmer, Director of Technology, Darktrace. “As old approaches to keeping threat actors off networks fail, artificial intelligence is increasingly recognized as a fundamental enabler for cyber defense. With a four-year head start in AI cyber, Darktrace is at the forefront of this shift, enabling organizations across all industry verticals to successfully detect and contain in-progress attacks in their nascent stages.”